Contenu de Djezon - Page 2

Infection Smart HDD

Djezon a répondu à un(e) sujet de Djezon dans Analyses et éradication malwares

RogueKiller V7.3.2 [20/03/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/49) Blog: tigzy-RK Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: LABO [Droits d'admin] Mode: Suppression -- Date: 16/04/2012 14:06:33 ¤¤¤ Processus malicieux: 3 ¤¤¤ [WINDOW : SMART HDD] uLrD79VUsWljW3.exe -- C:\Documents and Settings\All Users\Application Data\uLrD79VUsWljW3.exe -> KILLED [TermProc] [sUSP PATH] NaDwLaiRnW.exe -- C:\Documents and Settings\All Users\Application Data\NaDwLaiRnW.exe -> KILLED [TermProc] [sUSP PATH] UpdateTuto4PCHP.exe -- C:\Documents and Settings\LABO\Application Data\Tuto4pc\Tuto4pc\UpdateTuto4PCHP.exe -> KILLED [TermProc] ¤¤¤ Entrees de registre: 23 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : GRIMAUDIO (C:\DOCUME~1\LABO\APPLIC~1\SAFEIN~1\Pureshim.exe) -> DELETED [sUSP PATH] HKLM\[...]\Run : 1 mags 16 more (C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\dash two.exe) -> DELETED [sUSP PATH] HKLM\[...]\Run : NaDwLaiRnW.exe (C:\Documents and Settings\All Users\Application Data\NaDwLaiRnW.exe) -> DELETED [sUSP PATH] HKLM\[...]\Run : UpdateTuto4PCHP (C:\Documents and Settings\LABO\Application Data\Tuto4pc\Tuto4pc\UpdateTuto4PCHP.exe) -> DELETED [sUSP PATH] HKUS\.DEFAULT[...]\Run : RegistryWm (C:\Documents and Settings\NetworkService\Application Data\qtwm.exe) -> DELETED [HJPOL] HKCU\[...]\Explorer : NoDesktop (1) -> DELETED [HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0) [HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0) [HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0) [HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [CHARGE] ¤¤¤ SSDT[25] : NtClose @ 0x805BC530 -> HOOKED (Unknown @ 0xF7C1710C) SSDT[41] : NtCreateKey @ 0x806240F0 -> HOOKED (Unknown @ 0xF7C170C6) SSDT[50] : NtCreateSection @ 0x805AB3C8 -> HOOKED (Unknown @ 0xF7C17116) SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (Unknown @ 0xF7C170BC) SSDT[63] : NtDeleteKey @ 0x8062458C -> HOOKED (Unknown @ 0xF7C170CB) SSDT[65] : NtDeleteValueKey @ 0x8062475C -> HOOKED (Unknown @ 0xF7C170D5) SSDT[68] : NtDuplicateObject @ 0x805BE008 -> HOOKED (Unknown @ 0xF7C17107) SSDT[98] : NtLoadKey @ 0x80626314 -> HOOKED (Unknown @ 0xF7C170DA) SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (Unknown @ 0xF7C170A8) SSDT[128] : NtOpenThread @ 0x805CB6CC -> HOOKED (Unknown @ 0xF7C170AD) SSDT[193] : NtReplaceKey @ 0x806261C4 -> HOOKED (Unknown @ 0xF7C170E4) SSDT[204] : NtRestoreKey @ 0x80625AD0 -> HOOKED (Unknown @ 0xF7C170DF) SSDT[213] : NtSetContextThread @ 0x805D173A -> HOOKED (Unknown @ 0xF7C1711B) SSDT[247] : NtSetValueKey @ 0x80622662 -> HOOKED (Unknown @ 0xF7C170D0) SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (Unknown @ 0xF7C170B7) S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xF7C17120) S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xF7C17125) IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([MAJOR] sfsync04.sys @ 0xF746CA7C) ¤¤¤ Infection : Rogue.FakeHDD|ZeroAccess ¤¤¤ [ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present! ¤¤¤ Fichier HOSTS: ¤¤¤ ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS541680J9SA00 +++++ --- User --- [MBR] 34e5661739a1e7ca918e02363d02b99c [bSP] c89215e5ddd5a6a58fb1f12c1ca4a0bd : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

le 17 avril 2012
22 réponses

Infection Smart HDD

Djezon a répondu à un(e) sujet de Djezon dans Analyses et éradication malwares

2012/04/16 02:18:28.0359 1332 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29 2012/04/16 02:18:30.0343 1332 ================================================================================ 2012/04/16 02:18:30.0343 1332 SystemInfo: 2012/04/16 02:18:30.0343 1332 2012/04/16 02:18:30.0343 1332 OS Version: 5.1.2600 ServicePack: 3.0 2012/04/16 02:18:30.0343 1332 Product type: Workstation 2012/04/16 02:18:30.0343 1332 ComputerName: NBLABO 2012/04/16 02:18:30.0343 1332 UserName: LABO 2012/04/16 02:18:30.0343 1332 Windows directory: C:\WINDOWS 2012/04/16 02:18:30.0343 1332 System windows directory: C:\WINDOWS 2012/04/16 02:18:30.0343 1332 Processor architecture: Intel x86 2012/04/16 02:18:30.0343 1332 Number of processors: 2 2012/04/16 02:18:30.0343 1332 Page size: 0x1000 2012/04/16 02:18:30.0343 1332 Boot type: Normal boot 2012/04/16 02:18:30.0343 1332 ================================================================================ 2012/04/16 02:18:30.0984 1332 Initialize success 2012/04/16 02:18:33.0687 2504 ================================================================================ 2012/04/16 02:18:33.0687 2504 Scan started 2012/04/16 02:18:33.0687 2504 Mode: Manual; 2012/04/16 02:18:33.0687 2504 ================================================================================ 2012/04/16 02:18:34.0828 2504 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2012/04/16 02:18:34.0875 2504 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2012/04/16 02:18:34.0921 2504 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2012/04/16 02:18:34.0984 2504 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 2012/04/16 02:18:35.0125 2504 akshasp (3f9f42085ab5b6a55498a539c54575ab) C:\WINDOWS\system32\DRIVERS\akshasp.sys 2012/04/16 02:18:35.0156 2504 aksusb (d2b95315cc47f9230006fdbcba394d8d) C:\WINDOWS\system32\DRIVERS\aksusb.sys 2012/04/16 02:18:35.0359 2504 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2012/04/16 02:18:35.0406 2504 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2012/04/16 02:18:35.0437 2504 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2012/04/16 02:18:35.0515 2504 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2012/04/16 02:18:35.0609 2504 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2012/04/16 02:18:35.0671 2504 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2012/04/16 02:18:35.0703 2504 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2012/04/16 02:18:35.0765 2504 AX88178 (fc97fbc53968cba21b7bd125a9e9e454) C:\WINDOWS\system32\DRIVERS\ax88178.sys 2012/04/16 02:18:35.0796 2504 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 2012/04/16 02:18:35.0828 2504 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2012/04/16 02:18:36.0078 2504 btaudio (f73d41fd3653fe64cc79610f7b240472) C:\WINDOWS\system32\drivers\btaudio.sys 2012/04/16 02:18:36.0281 2504 BTDriver (4854ed2ee57769b9527680978a9dd5b4) C:\WINDOWS\system32\DRIVERS\btport.sys 2012/04/16 02:18:36.0453 2504 BTKRNL (4ebd4ebff01617fbda6ce7963f150918) C:\WINDOWS\system32\DRIVERS\btkrnl.sys 2012/04/16 02:18:36.0531 2504 BTSERIAL (6d9f1d03d4eba886e1626d856762b4f0) C:\WINDOWS\system32\drivers\btserial.sys 2012/04/16 02:18:36.0578 2504 BTWDNDIS (96708d343264abaf8ad93c464b2fc9ca) C:\WINDOWS\system32\DRIVERS\btwdndis.sys 2012/04/16 02:18:36.0625 2504 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2012/04/16 02:18:36.0671 2504 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2012/04/16 02:18:36.0718 2504 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2012/04/16 02:18:36.0765 2504 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2012/04/16 02:18:36.0828 2504 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2012/04/16 02:18:36.0875 2504 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2012/04/16 02:18:36.0953 2504 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2012/04/16 02:18:37.0000 2504 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys 2012/04/16 02:18:37.0062 2504 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys 2012/04/16 02:18:37.0156 2504 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys 2012/04/16 02:18:37.0187 2504 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2012/04/16 02:18:37.0218 2504 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2012/04/16 02:18:37.0265 2504 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2012/04/16 02:18:37.0312 2504 EMSCR (5aee9eedcfbf2b0f9dec53c27ee722a3) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys 2012/04/16 02:18:37.0375 2504 ESDCR (8e56ab21d10c368029cea57de47d79c2) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys 2012/04/16 02:18:37.0406 2504 ESMCR (0a58fade5e12d3a611427292073362cb) C:\WINDOWS\system32\DRIVERS\ESM7SK.sys 2012/04/16 02:18:37.0453 2504 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2012/04/16 02:18:37.0468 2504 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2012/04/16 02:18:37.0500 2504 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys 2012/04/16 02:18:37.0500 2504 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2012/04/16 02:18:37.0531 2504 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2012/04/16 02:18:37.0625 2504 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2012/04/16 02:18:37.0656 2504 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2012/04/16 02:18:37.0734 2504 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2012/04/16 02:18:37.0781 2504 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2012/04/16 02:18:37.0859 2504 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys 2012/04/16 02:18:37.0937 2504 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys 2012/04/16 02:18:37.0984 2504 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2012/04/16 02:18:38.0031 2504 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2012/04/16 02:18:38.0109 2504 HSFHWAZL (a902a7e76c245210eee9ef5185158e9c) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 2012/04/16 02:18:38.0218 2504 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 2012/04/16 02:18:38.0328 2504 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2012/04/16 02:18:38.0421 2504 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2012/04/16 02:18:38.0484 2504 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2012/04/16 02:18:38.0562 2504 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2012/04/16 02:18:38.0781 2504 IntcAzAudAddService (909d03b3b7fb7c830b74f74f4d0ea7ce) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2012/04/16 02:18:38.0906 2504 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2012/04/16 02:18:38.0953 2504 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2012/04/16 02:18:39.0000 2504 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2012/04/16 02:18:39.0046 2504 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2012/04/16 02:18:39.0062 2504 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2012/04/16 02:18:39.0140 2504 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2012/04/16 02:18:39.0187 2504 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2012/04/16 02:18:39.0218 2504 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2012/04/16 02:18:39.0234 2504 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2012/04/16 02:18:39.0265 2504 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2012/04/16 02:18:39.0296 2504 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2012/04/16 02:18:39.0406 2504 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2012/04/16 02:18:39.0453 2504 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2012/04/16 02:18:39.0500 2504 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys 2012/04/16 02:18:39.0515 2504 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2012/04/16 02:18:39.0593 2504 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2012/04/16 02:18:39.0671 2504 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2012/04/16 02:18:39.0703 2504 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2012/04/16 02:18:39.0765 2504 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2012/04/16 02:18:39.0843 2504 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2012/04/16 02:18:39.0890 2504 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2012/04/16 02:18:39.0937 2504 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2012/04/16 02:18:39.0953 2504 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2012/04/16 02:18:39.0984 2504 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2012/04/16 02:18:40.0031 2504 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2012/04/16 02:18:40.0046 2504 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2012/04/16 02:18:40.0125 2504 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2012/04/16 02:18:40.0171 2504 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2012/04/16 02:18:40.0187 2504 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2012/04/16 02:18:40.0234 2504 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2012/04/16 02:18:40.0265 2504 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2012/04/16 02:18:40.0296 2504 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2012/04/16 02:18:40.0375 2504 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2012/04/16 02:18:40.0421 2504 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2012/04/16 02:18:40.0515 2504 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys 2012/04/16 02:18:40.0562 2504 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2012/04/16 02:18:40.0593 2504 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2012/04/16 02:18:40.0625 2504 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2012/04/16 02:18:40.0671 2504 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys 2012/04/16 02:18:40.0734 2504 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2012/04/16 02:18:40.0781 2504 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys 2012/04/16 02:18:40.0796 2504 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys 2012/04/16 02:18:40.0843 2504 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys 2012/04/16 02:18:40.0875 2504 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2012/04/16 02:18:41.0031 2504 Point32 (d0be72557de73acabbab536496d23115) C:\WINDOWS\system32\DRIVERS\point32.sys 2012/04/16 02:18:41.0078 2504 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2012/04/16 02:18:41.0109 2504 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2012/04/16 02:18:41.0156 2504 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2012/04/16 02:18:41.0203 2504 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2012/04/16 02:18:41.0296 2504 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2012/04/16 02:18:41.0343 2504 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2012/04/16 02:18:41.0375 2504 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2012/04/16 02:18:41.0421 2504 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2012/04/16 02:18:41.0484 2504 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2012/04/16 02:18:41.0500 2504 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2012/04/16 02:18:41.0531 2504 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2012/04/16 02:18:41.0593 2504 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 2012/04/16 02:18:41.0703 2504 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2012/04/16 02:18:41.0750 2504 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2012/04/16 02:18:41.0781 2504 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys 2012/04/16 02:18:41.0843 2504 sfdrv01 (9e7dee11fd5a4355941a45f13c0ed59a) C:\WINDOWS\system32\drivers\sfdrv01.sys 2012/04/16 02:18:41.0890 2504 sfhlp02 (ecefb59d2206d281e6d317af0ea0d8bd) C:\WINDOWS\system32\drivers\sfhlp02.sys 2012/04/16 02:18:41.0937 2504 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2012/04/16 02:18:41.0953 2504 sfsync04 (05e3038180cd846b0bca0e915163606a) C:\WINDOWS\system32\drivers\sfsync04.sys 2012/04/16 02:18:41.0968 2504 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys 2012/04/16 02:18:42.0031 2504 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2012/04/16 02:18:42.0046 2504 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys 2012/04/16 02:18:42.0109 2504 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2012/04/16 02:18:42.0187 2504 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2012/04/16 02:18:42.0218 2504 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2012/04/16 02:18:42.0250 2504 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2012/04/16 02:18:42.0390 2504 SynTP (66f680409fc3bddf62741e3e920a8454) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2012/04/16 02:18:42.0421 2504 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2012/04/16 02:18:42.0484 2504 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2012/04/16 02:18:42.0515 2504 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2012/04/16 02:18:42.0593 2504 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2012/04/16 02:18:42.0656 2504 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2012/04/16 02:18:42.0734 2504 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys 2012/04/16 02:18:42.0765 2504 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2012/04/16 02:18:42.0843 2504 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2012/04/16 02:18:43.0171 2504 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys 2012/04/16 02:18:43.0328 2504 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2012/04/16 02:18:43.0375 2504 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2012/04/16 02:18:43.0406 2504 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2012/04/16 02:18:43.0453 2504 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2012/04/16 02:18:43.0468 2504 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2012/04/16 02:18:43.0484 2504 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2012/04/16 02:18:43.0515 2504 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2012/04/16 02:18:43.0578 2504 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2012/04/16 02:18:43.0640 2504 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys 2012/04/16 02:18:43.0734 2504 w39n51 (c79918a5bd269035f3a34d157401b9df) C:\WINDOWS\system32\DRIVERS\w39n51.sys 2012/04/16 02:18:43.0828 2504 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2012/04/16 02:18:43.0875 2504 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2012/04/16 02:18:43.0953 2504 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2012/04/16 02:18:44.0062 2504 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2012/04/16 02:18:44.0125 2504 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2012/04/16 02:18:44.0140 2504 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2012/04/16 02:18:44.0343 2504 ================================================================================ 2012/04/16 02:18:44.0343 2504 Scan finished 2012/04/16 02:18:44.0343 2504 ================================================================================

le 16 avril 2012
22 réponses

Infection Smart HDD

Djezon a répondu à un(e) sujet de Djezon dans Analyses et éradication malwares

RogueKiller V7.3.2 [20/03/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/49) Blog: tigzy-RK Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: LABO [Droits d'admin] Mode: Recherche -- Date: 16/04/2012 02:13:30 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 25 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : GRIMAUDIO (C:\DOCUME~1\LABO\APPLIC~1\SAFEIN~1\Pureshim.exe) -> FOUND [sUSP PATH] HKLM\[...]\Run : 1 mags 16 more (C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\dash two.exe) -> FOUND [sUSP PATH] HKLM\[...]\Run : NaDwLaiRnW.exe (C:\Documents and Settings\All Users\Application Data\NaDwLaiRnW.exe) -> FOUND [sUSP PATH] HKLM\[...]\Run : UpdateTuto4PCHP (C:\Documents and Settings\LABO\Application Data\Tuto4pc\Tuto4pc\UpdateTuto4PCHP.exe) -> FOUND [sUSP PATH] HKUS\.DEFAULT[...]\Run : RegistryWm (C:\Documents and Settings\NetworkService\Application Data\qtwm.exe) -> FOUND [sUSP PATH] HKUS\S-1-5-21-1960408961-796845957-725345543-1003[...]\Run : GRIMAUDIO (C:\DOCUME~1\LABO\APPLIC~1\SAFEIN~1\Pureshim.exe) -> FOUND [sUSP PATH] HKUS\S-1-5-18[...]\Run : RegistryWm (C:\Documents and Settings\NetworkService\Application Data\qtwm.exe) -> FOUND [HJPOL] HKCU\[...]\Explorer : NoDesktop (1) -> FOUND [HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND [HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND [HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [CHARGE] ¤¤¤ SSDT[25] : NtClose @ 0x805BC530 -> HOOKED (Unknown @ 0xF7BD5FDC) SSDT[41] : NtCreateKey @ 0x806240F0 -> HOOKED (Unknown @ 0xF7BD5F96) SSDT[50] : NtCreateSection @ 0x805AB3C8 -> HOOKED (Unknown @ 0xF7BD5FE6) SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (Unknown @ 0xF7BD5F8C) SSDT[63] : NtDeleteKey @ 0x8062458C -> HOOKED (Unknown @ 0xF7BD5F9B) SSDT[65] : NtDeleteValueKey @ 0x8062475C -> HOOKED (Unknown @ 0xF7BD5FA5) SSDT[68] : NtDuplicateObject @ 0x805BE008 -> HOOKED (Unknown @ 0xF7BD5FD7) SSDT[98] : NtLoadKey @ 0x80626314 -> HOOKED (Unknown @ 0xF7BD5FAA) SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (Unknown @ 0xF7BD5F78) SSDT[128] : NtOpenThread @ 0x805CB6CC -> HOOKED (Unknown @ 0xF7BD5F7D) SSDT[193] : NtReplaceKey @ 0x806261C4 -> HOOKED (Unknown @ 0xF7BD5FB4) SSDT[204] : NtRestoreKey @ 0x80625AD0 -> HOOKED (Unknown @ 0xF7BD5FAF) SSDT[213] : NtSetContextThread @ 0x805D173A -> HOOKED (Unknown @ 0xF7BD5FEB) SSDT[247] : NtSetValueKey @ 0x80622662 -> HOOKED (Unknown @ 0xF7BD5FA0) SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (Unknown @ 0xF7BD5F87) S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xF7BD5FF0) S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xF7BD5FF5) IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([MAJOR] sfsync04.sys @ 0xF746CA7C) ¤¤¤ Infection : ZeroAccess ¤¤¤ [ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present! ¤¤¤ Fichier HOSTS: ¤¤¤ ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS541680J9SA00 +++++ --- User --- [MBR] 34e5661739a1e7ca918e02363d02b99c [bSP] c89215e5ddd5a6a58fb1f12c1ca4a0bd : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[1].txt >> RKreport[1].txt

le 16 avril 2012
22 réponses

Infection Smart HDD

Djezon a répondu à un(e) sujet de Djezon dans Analyses et éradication malwares

Ah si, pardon, j'ai Internet. Je tente la manip. Merci

le 16 avril 2012
22 réponses

Infection Smart HDD

Djezon a répondu à un(e) sujet de Djezon dans Analyses et éradication malwares

Merci pour la réponse!J'ai fait la restauration, l'ordi redémarre, et là... une vingtaine de fenêtres "System message - Write Fault Error" avec comme choix: "Cancel", 3Try Again", et "Continue". Plus une fenêtre Smart HDD avec SMART Repair. Et toujours pas d' Internet Explorer.

le 16 avril 2012
22 réponses

Infection Smart HDD

Djezon a répondu à un(e) sujet de Djezon dans Analyses et éradication malwares

J'ai fait la connerie de tenter de réparer tout seul, en lisant des forums sur des cas ressemblants, mais je suis maintenant bloqué, sans navigateur internet sur l'ordi concerné... Help!!!

le 16 avril 2012
22 réponses

Infection Smart HDD

Djezon a posté un sujet dans Analyses et éradication malwares

Bonsoir, j'ai été infecté par Smart HDD. J'ai lancé RogueKiller. Puis essayé en vain d'utiliser UnHide.J'ai fermé puis rallumé le PC. Et là, je n'ai même plus Internet Explorer!!! Je ne sais donc pas comment faire pour régler le problème, sachant que je ne peux plus aller sur internet. Si vous savez comment m'aider, n'hésitez pas à me faire signe. Merci.

le 15 avril 2012
22 réponses

Connexion

Djezon

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par Djezon

Infection Smart HDD

Infection Smart HDD

Infection Smart HDD

Infection Smart HDD

Infection Smart HDD

Infection Smart HDD

Infection Smart HDD

Zebulon

Outils en ligne

Naviguer