Aller au contenu

heavyshred666

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    2

  • Inscription

  • Dernière visite

heavyshred666's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. heavyshred666
    Merci!! Alors voici le rapport de TDSSKiller : 14:41:12:430 4308 TDSS rootkit removing tool 2.2.3 Feb 4 2010 14:34:00 14:41:12:430 4308 ================================================================================ 14:41:12:430 4308 SystemInfo: 14:41:12:430 4308 OS Version: 6.0.6002 ServicePack: 2.0 14:41:12:430 4308 Product type: Workstation 14:41:12:430 4308 ComputerName: PC-DE-ALBERNY 14:41:12:430 4308 UserName: ALBERNY 14:41:12:430 4308 Windows directory: C:\Windows 14:41:12:430 4308 Processor architecture: Intel x86 14:41:12:430 4308 Number of processors: 2 14:41:12:430 4308 Page size: 0x1000 14:41:12:430 4308 Boot type: Normal boot 14:41:12:430 4308 ================================================================================ 14:41:12:430 4308 UnloadDriverW: NtUnloadDriver error 2 14:41:12:430 4308 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 14:41:12:445 4308 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000 14:41:12:601 4308 UtilityInit: KLMD drop and load success 14:41:12:601 4308 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010) 14:41:12:601 4308 UtilityInit: KLMD open success 14:41:12:601 4308 UtilityInit: Initialize success 14:41:12:601 4308 14:41:12:601 4308 Scanning Services ... 14:41:12:601 4308 CreateRegParser: Registry parser init started 14:41:12:601 4308 CreateRegParser: DisableWow64Redirection error 14:41:12:601 4308 wfopen_ex: Trying to open file C:\Windows\system32\config\system 14:41:12:601 4308 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043 14:41:12:601 4308 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 14:41:12:601 4308 wfopen_ex: Trying to KLMD file open 14:41:12:601 4308 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system 14:41:12:601 4308 wfopen_ex: File opened ok (Flags 2) 14:41:12:617 4308 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 18F6A90 14:41:12:617 4308 wfopen_ex: Trying to open file C:\Windows\system32\config\software 14:41:12:617 4308 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043 14:41:12:617 4308 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 14:41:12:617 4308 wfopen_ex: Trying to KLMD file open 14:41:12:617 4308 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software 14:41:12:617 4308 wfopen_ex: File opened ok (Flags 2) 14:41:12:617 4308 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 18F6AB8 14:41:12:617 4308 CreateRegParser: EnableWow64Redirection error 14:41:12:617 4308 CreateRegParser: RegParser init completed 14:41:13:194 4308 GetAdvancedServicesInfo: Raw services enum returned 412 services 14:41:13:210 4308 fclose_ex: Trying to close file C:\Windows\system32\config\system 14:41:13:210 4308 fclose_ex: Trying to close file C:\Windows\system32\config\software 14:41:13:210 4308 14:41:13:210 4308 Scanning Kernel memory ... 14:41:13:210 4308 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 14:41:13:210 4308 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 84A17688 14:41:13:210 4308 DetectCureTDL3: KLMD_GetDeviceObjectList returned 6 DevObjects 14:41:13:210 4308 14:41:13:210 4308 DetectCureTDL3: DEVICE_OBJECT: 843512C0 14:41:13:210 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 843512C0 14:41:13:210 4308 DetectCureTDL3: DEVICE_OBJECT: 84441B58 14:41:13:210 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84441B58 14:41:13:210 4308 KLMD_ReadMem: Trying to ReadMemory 0x84441B58[0x38] 14:41:13:210 4308 DetectCureTDL3: DRIVER_OBJECT: 8588B170 14:41:13:210 4308 KLMD_ReadMem: Trying to ReadMemory 0x8588B170[0xA8] 14:41:13:210 4308 KLMD_ReadMem: Trying to ReadMemory 0x8588B120[0x1E] 14:41:13:210 4308 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 14:41:13:210 4308 DetectCureTDL3: IrpHandler (0) addr: 8CA53FC8 14:41:13:210 4308 DetectCureTDL3: IrpHandler (1) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (2) addr: 8CA54040 14:41:13:210 4308 DetectCureTDL3: IrpHandler (3) addr: 8CA540B8 14:41:13:210 4308 DetectCureTDL3: IrpHandler (4) addr: 8CA540B8 14:41:13:210 4308 DetectCureTDL3: IrpHandler (5) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (6) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (7) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler ( addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (9) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (10) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (11) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (12) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (13) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (14) addr: 8CA53BC4 14:41:13:210 4308 DetectCureTDL3: IrpHandler (15) addr: 8CA477E4 14:41:13:210 4308 DetectCureTDL3: IrpHandler (16) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (17) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (18) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (19) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (20) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (21) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (22) addr: 8CA5259C 14:41:13:210 4308 DetectCureTDL3: IrpHandler (23) addr: 8CA4F7A2 14:41:13:210 4308 DetectCureTDL3: IrpHandler (24) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (25) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (26) addr: 81C44A22 14:41:13:210 4308 KLMD_ReadMem: Trying to ReadMemory 0x8CA49F26[0x400] 14:41:13:210 4308 TDL3_StartIoHookDetect: CheckParameters: 4, 8CA4E000, 0 14:41:13:210 4308 TDL3_FileDetect: Processing driver: USBSTOR 14:41:13:210 4308 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:41:13:210 4308 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:41:13:210 4308 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 14:41:13:210 4308 14:41:13:210 4308 DetectCureTDL3: DEVICE_OBJECT: 85EC3030 14:41:13:210 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85EC3030 14:41:13:210 4308 DetectCureTDL3: DEVICE_OBJECT: 85F47CB8 14:41:13:210 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85F47CB8 14:41:13:210 4308 KLMD_ReadMem: Trying to ReadMemory 0x85F47CB8[0x38] 14:41:13:210 4308 DetectCureTDL3: DRIVER_OBJECT: 8588B170 14:41:13:210 4308 KLMD_ReadMem: Trying to ReadMemory 0x8588B170[0xA8] 14:41:13:210 4308 KLMD_ReadMem: Trying to ReadMemory 0x8588B120[0x1E] 14:41:13:210 4308 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 14:41:13:210 4308 DetectCureTDL3: IrpHandler (0) addr: 8CA53FC8 14:41:13:210 4308 DetectCureTDL3: IrpHandler (1) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (2) addr: 8CA54040 14:41:13:210 4308 DetectCureTDL3: IrpHandler (3) addr: 8CA540B8 14:41:13:210 4308 DetectCureTDL3: IrpHandler (4) addr: 8CA540B8 14:41:13:210 4308 DetectCureTDL3: IrpHandler (5) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (6) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (7) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler ( addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (9) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (10) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (11) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (12) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (13) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (14) addr: 8CA53BC4 14:41:13:210 4308 DetectCureTDL3: IrpHandler (15) addr: 8CA477E4 14:41:13:210 4308 DetectCureTDL3: IrpHandler (16) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (17) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (18) addr: 81C44A22 14:41:13:210 4308 DetectCureTDL3: IrpHandler (19) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (20) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (21) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (22) addr: 8CA5259C 14:41:13:225 4308 DetectCureTDL3: IrpHandler (23) addr: 8CA4F7A2 14:41:13:225 4308 DetectCureTDL3: IrpHandler (24) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (25) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (26) addr: 81C44A22 14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x8CA49F26[0x400] 14:41:13:225 4308 TDL3_StartIoHookDetect: CheckParameters: 4, 8CA4E000, 0 14:41:13:225 4308 TDL3_FileDetect: Processing driver: USBSTOR 14:41:13:225 4308 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:41:13:225 4308 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:41:13:225 4308 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 14:41:13:225 4308 14:41:13:225 4308 DetectCureTDL3: DEVICE_OBJECT: 85F03030 14:41:13:225 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85F03030 14:41:13:225 4308 DetectCureTDL3: DEVICE_OBJECT: 85E9C9A0 14:41:13:225 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85E9C9A0 14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x85E9C9A0[0x38] 14:41:13:225 4308 DetectCureTDL3: DRIVER_OBJECT: 8588B170 14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x8588B170[0xA8] 14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x8588B120[0x1E] 14:41:13:225 4308 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 14:41:13:225 4308 DetectCureTDL3: IrpHandler (0) addr: 8CA53FC8 14:41:13:225 4308 DetectCureTDL3: IrpHandler (1) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (2) addr: 8CA54040 14:41:13:225 4308 DetectCureTDL3: IrpHandler (3) addr: 8CA540B8 14:41:13:225 4308 DetectCureTDL3: IrpHandler (4) addr: 8CA540B8 14:41:13:225 4308 DetectCureTDL3: IrpHandler (5) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (6) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (7) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler ( addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (9) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (10) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (11) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (12) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (13) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (14) addr: 8CA53BC4 14:41:13:225 4308 DetectCureTDL3: IrpHandler (15) addr: 8CA477E4 14:41:13:225 4308 DetectCureTDL3: IrpHandler (16) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (17) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (18) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (19) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (20) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (21) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (22) addr: 8CA5259C 14:41:13:225 4308 DetectCureTDL3: IrpHandler (23) addr: 8CA4F7A2 14:41:13:225 4308 DetectCureTDL3: IrpHandler (24) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (25) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (26) addr: 81C44A22 14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x8CA49F26[0x400] 14:41:13:225 4308 TDL3_StartIoHookDetect: CheckParameters: 4, 8CA4E000, 0 14:41:13:225 4308 TDL3_FileDetect: Processing driver: USBSTOR 14:41:13:225 4308 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:41:13:225 4308 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:41:13:225 4308 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 14:41:13:225 4308 14:41:13:225 4308 DetectCureTDL3: DEVICE_OBJECT: 85F4FAC8 14:41:13:225 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85F4FAC8 14:41:13:225 4308 DetectCureTDL3: DEVICE_OBJECT: 85F1A338 14:41:13:225 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85F1A338 14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x85F1A338[0x38] 14:41:13:225 4308 DetectCureTDL3: DRIVER_OBJECT: 8588B170 14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x8588B170[0xA8] 14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x8588B120[0x1E] 14:41:13:225 4308 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 14:41:13:225 4308 DetectCureTDL3: IrpHandler (0) addr: 8CA53FC8 14:41:13:225 4308 DetectCureTDL3: IrpHandler (1) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (2) addr: 8CA54040 14:41:13:225 4308 DetectCureTDL3: IrpHandler (3) addr: 8CA540B8 14:41:13:225 4308 DetectCureTDL3: IrpHandler (4) addr: 8CA540B8 14:41:13:225 4308 DetectCureTDL3: IrpHandler (5) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (6) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (7) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler ( addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (9) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (10) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (11) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (12) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (13) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (14) addr: 8CA53BC4 14:41:13:225 4308 DetectCureTDL3: IrpHandler (15) addr: 8CA477E4 14:41:13:225 4308 DetectCureTDL3: IrpHandler (16) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (17) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (18) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (19) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (20) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (21) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (22) addr: 8CA5259C 14:41:13:225 4308 DetectCureTDL3: IrpHandler (23) addr: 8CA4F7A2 14:41:13:225 4308 DetectCureTDL3: IrpHandler (24) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (25) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (26) addr: 81C44A22 14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x8CA49F26[0x400] 14:41:13:225 4308 TDL3_StartIoHookDetect: CheckParameters: 4, 8CA4E000, 0 14:41:13:225 4308 TDL3_FileDetect: Processing driver: USBSTOR 14:41:13:225 4308 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:41:13:225 4308 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:41:13:225 4308 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 14:41:13:225 4308 14:41:13:225 4308 DetectCureTDL3: DEVICE_OBJECT: 85F40030 14:41:13:225 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85F40030 14:41:13:225 4308 DetectCureTDL3: DEVICE_OBJECT: 857B24A8 14:41:13:225 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 857B24A8 14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x857B24A8[0x38] 14:41:13:225 4308 DetectCureTDL3: DRIVER_OBJECT: 8588B170 14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x8588B170[0xA8] 14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x8588B120[0x1E] 14:41:13:225 4308 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 14:41:13:225 4308 DetectCureTDL3: IrpHandler (0) addr: 8CA53FC8 14:41:13:225 4308 DetectCureTDL3: IrpHandler (1) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (2) addr: 8CA54040 14:41:13:225 4308 DetectCureTDL3: IrpHandler (3) addr: 8CA540B8 14:41:13:225 4308 DetectCureTDL3: IrpHandler (4) addr: 8CA540B8 14:41:13:225 4308 DetectCureTDL3: IrpHandler (5) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (6) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (7) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler ( addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (9) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (10) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (11) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (12) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (13) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (14) addr: 8CA53BC4 14:41:13:225 4308 DetectCureTDL3: IrpHandler (15) addr: 8CA477E4 14:41:13:225 4308 DetectCureTDL3: IrpHandler (16) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (17) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (18) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (19) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (20) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (21) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (22) addr: 8CA5259C 14:41:13:225 4308 DetectCureTDL3: IrpHandler (23) addr: 8CA4F7A2 14:41:13:225 4308 DetectCureTDL3: IrpHandler (24) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (25) addr: 81C44A22 14:41:13:225 4308 DetectCureTDL3: IrpHandler (26) addr: 81C44A22 14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x8CA49F26[0x400] 14:41:13:225 4308 TDL3_StartIoHookDetect: CheckParameters: 4, 8CA4E000, 0 14:41:13:225 4308 TDL3_FileDetect: Processing driver: USBSTOR 14:41:13:225 4308 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:41:13:225 4308 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:41:13:241 4308 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 14:41:13:241 4308 14:41:13:241 4308 DetectCureTDL3: DEVICE_OBJECT: 84FC5AC8 14:41:13:241 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84FC5AC8 14:41:13:241 4308 DetectCureTDL3: DEVICE_OBJECT: 84800898 14:41:13:241 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84800898 14:41:13:241 4308 DetectCureTDL3: DEVICE_OBJECT: 847FEB98 14:41:13:241 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 847FEB98 14:41:13:241 4308 KLMD_ReadMem: Trying to ReadMemory 0x847FEB98[0x38] 14:41:13:241 4308 DetectCureTDL3: DRIVER_OBJECT: 847DF350 14:41:13:241 4308 KLMD_ReadMem: Trying to ReadMemory 0x847DF350[0xA8] 14:41:13:241 4308 KLMD_ReadMem: Trying to ReadMemory 0x847DF618[0x1A] 14:41:13:241 4308 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 14:41:13:241 4308 DetectCureTDL3: IrpHandler (0) addr: 807B8140 14:41:13:241 4308 DetectCureTDL3: IrpHandler (1) addr: 81C44A22 14:41:13:241 4308 DetectCureTDL3: IrpHandler (2) addr: 807B8140 14:41:13:241 4308 DetectCureTDL3: IrpHandler (3) addr: 81C44A22 14:41:13:241 4308 DetectCureTDL3: IrpHandler (4) addr: 81C44A22 14:41:13:241 4308 DetectCureTDL3: IrpHandler (5) addr: 81C44A22 14:41:13:241 4308 DetectCureTDL3: IrpHandler (6) addr: 81C44A22 14:41:13:241 4308 DetectCureTDL3: IrpHandler (7) addr: 81C44A22 14:41:13:241 4308 DetectCureTDL3: IrpHandler ( addr: 81C44A22 14:41:13:241 4308 DetectCureTDL3: IrpHandler (9) addr: 81C44A22 14:41:13:241 4308 DetectCureTDL3: IrpHandler (10) addr: 81C44A22 14:41:13:241 4308 DetectCureTDL3: IrpHandler (11) addr: 81C44A22 14:41:13:241 4308 DetectCureTDL3: IrpHandler (12) addr: 81C44A22 14:41:13:241 4308 DetectCureTDL3: IrpHandler (13) addr: 81C44A22 14:41:13:241 4308 DetectCureTDL3: IrpHandler (14) addr: 807A6A5A 14:41:13:241 4308 DetectCureTDL3: IrpHandler (15) addr: 807A6A2C 14:41:13:241 4308 DetectCureTDL3: IrpHandler (16) addr: 81C44A22 14:41:13:241 4308 DetectCureTDL3: IrpHandler (17) addr: 81C44A22 14:41:13:241 4308 DetectCureTDL3: IrpHandler (18) addr: 81C44A22 14:41:13:241 4308 DetectCureTDL3: IrpHandler (19) addr: 81C44A22 14:41:13:241 4308 DetectCureTDL3: IrpHandler (20) addr: 81C44A22 14:41:13:241 4308 DetectCureTDL3: IrpHandler (21) addr: 81C44A22 14:41:13:241 4308 DetectCureTDL3: IrpHandler (22) addr: 807A6A88 14:41:13:241 4308 DetectCureTDL3: IrpHandler (23) addr: 807B3B70 14:41:13:241 4308 DetectCureTDL3: IrpHandler (24) addr: 81C44A22 14:41:13:241 4308 DetectCureTDL3: IrpHandler (25) addr: 81C44A22 14:41:13:241 4308 DetectCureTDL3: IrpHandler (26) addr: 81C44A22 14:41:13:241 4308 TDL3_FileDetect: Processing driver: atapi 14:41:13:241 4308 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys 14:41:13:241 4308 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys 14:41:13:241 4308 TDL3_FileDetect: C:\Windows\system32\drivers\atapi.sys - Verdict: Clean 14:41:13:241 4308 14:41:13:241 4308 Completed 14:41:13:241 4308 14:41:13:241 4308 Results: 14:41:13:241 4308 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 14:41:13:256 4308 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 14:41:13:256 4308 File objects infected / cured / cured on reboot: 0 / 0 / 0 14:41:13:256 4308 14:41:13:256 4308 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000 14:41:13:256 4308 UtilityDeinit: KLMD(ARK) unloaded successfully Et celui de MBAM : Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3741 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 15/02/2010 15:58:40 mbam-log-2010-02-15 (15-58-40).txt Type de recherche: Examen complet (C:\|I:\|) Eléments examinés: 259981 Temps écoulé: 58 minute(s), 58 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\secfile (Trojan.Fakealert) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\Winsudate (Adware.édité) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\Winsudate\gibcom.dll (Adware.édité) -> Quarantined and deleted successfully. C:\Program Files\Winsudate\gibidl.dll (Adware.édité) -> Quarantined and deleted successfully. C:\Program Files\Winsudate\gibupt.exe (Adware.édité) -> Quarantined and deleted successfully. C:\Users\ALBERNY\AppData\Local\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Users\ALBERNY\Local Settings\Application Data\av.exe (ROGUE.Win7Antispyware2010) -> Quarantined and deleted successfully.
  2. heavyshred666
    Bonjour à tous! Voilà depuis hier après midi, j'ai sur le pc de ma mère ce "virus" qui m'empêche d'aller sur le net, et qui se manifeste sans arrêt, enfin pas besoin de vous faire une description, apparement le problème est récurent en ce moment... Pour pouvoir aller sur internet, j'ouvre le géstionnaire des taches, et j'arrête le processus "av.exe", il apparait à chaque fois que j'ouvre une page ou un onglet, même une recherche sur google. Ce qui est bizarre, c'est qu'il ne m'empêche pas d'aller sur msn. Bref. Je poste donc mon rapport Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:56:50, on 15/02/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Windows\system32\wuauclt.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\Taskmgr.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe C:\Users\ALBERNY\Documents\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O13 - Gopher Prefix: O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_1_1_0.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe -- End of file - 6499 bytes Si je m'y suis mal pris, quand au bon fonctionnement du forum, je m'excuse d'avance. Nicolas.
×
×
  • Créer...