Alex37

Membres

Afficher le profil Afficher son activité

Compteur de contenus
2
Inscription
le 16 février 2010
Dernière visite
le 18 février 2010

Alex37's Achievements

Junior Member (3/12)

Réputation sur la communauté

problème avec vista antispyware 2010

Alex37 a répondu à un(e) sujet de Alex37 dans Analyses et éradication malwares

Voila le rapport TDSSKiller : 14:59:19:092 2456 TDSS rootkit removing tool 2.2.4 Feb 15 2010 19:38:31 14:59:19:092 2456 ================================================================================ 14:59:19:092 2456 SystemInfo: 14:59:19:092 2456 OS Version: 6.0.6002 ServicePack: 2.0 14:59:19:092 2456 Product type: Workstation 14:59:19:093 2456 ComputerName: PC-DE-UTILISATE 14:59:19:094 2456 UserName: utilisateur 14:59:19:095 2456 Windows directory: C:\Windows 14:59:19:095 2456 Processor architecture: Intel x86 14:59:19:095 2456 Number of processors: 1 14:59:19:095 2456 Page size: 0x1000 14:59:19:129 2456 Boot type: Normal boot 14:59:19:130 2456 ================================================================================ 14:59:19:138 2456 UnloadDriverW: NtUnloadDriver error 2 14:59:19:138 2456 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 14:59:19:139 2456 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000 14:59:19:589 2456 UtilityInit: KLMD drop and load success 14:59:19:589 2456 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010) 14:59:19:589 2456 UtilityInit: KLMD open success 14:59:19:589 2456 UtilityInit: Initialize success 14:59:19:589 2456 14:59:19:589 2456 Scanning Services ... 14:59:19:590 2456 CreateRegParser: Registry parser init started 14:59:19:590 2456 CreateRegParser: DisableWow64Redirection error 14:59:19:590 2456 wfopen_ex: Trying to open file C:\Windows\system32\config\system 14:59:19:590 2456 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043 14:59:19:590 2456 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 14:59:19:590 2456 wfopen_ex: Trying to KLMD file open 14:59:19:590 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system 14:59:19:590 2456 wfopen_ex: File opened ok (Flags 2) 14:59:19:606 2456 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 21BD600 14:59:19:606 2456 wfopen_ex: Trying to open file C:\Windows\system32\config\software 14:59:19:607 2456 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043 14:59:19:607 2456 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 14:59:19:607 2456 wfopen_ex: Trying to KLMD file open 14:59:19:607 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software 14:59:19:607 2456 wfopen_ex: File opened ok (Flags 2) 14:59:19:607 2456 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 21B12A0 14:59:19:607 2456 CreateRegParser: EnableWow64Redirection error 14:59:19:607 2456 CreateRegParser: RegParser init completed 14:59:20:277 2456 GetAdvancedServicesInfo: Raw services enum returned 435 services 14:59:20:294 2456 fclose_ex: Trying to close file C:\Windows\system32\config\system 14:59:20:295 2456 fclose_ex: Trying to close file C:\Windows\system32\config\software 14:59:20:295 2456 14:59:20:304 2456 Scanning Kernel memory ... 14:59:20:304 2456 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 14:59:20:304 2456 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 867930E8 14:59:20:304 2456 DetectCureTDL3: KLMD_GetDeviceObjectList returned 5 DevObjects 14:59:20:304 2456 14:59:20:304 2456 DetectCureTDL3: DEVICE_OBJECT: 87A52560 14:59:20:304 2456 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87A52560 14:59:20:304 2456 DetectCureTDL3: DEVICE_OBJECT: 87A14CB8 14:59:20:304 2456 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87A14CB8 14:59:20:304 2456 KLMD_ReadMem: Trying to ReadMemory 0x87A14CB8[0x38] 14:59:20:304 2456 DetectCureTDL3: DRIVER_OBJECT: 87985C08 14:59:20:304 2456 KLMD_ReadMem: Trying to ReadMemory 0x87985C08[0xA8] 14:59:20:305 2456 KLMD_ReadMem: Trying to ReadMemory 0x87987A18[0x1E] 14:59:20:305 2456 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 14:59:20:305 2456 DetectCureTDL3: IRP_MJ_CREATE : 8F382FC8 14:59:20:305 2456 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 84268A22 14:59:20:305 2456 DetectCureTDL3: IRP_MJ_CLOSE : 8F383040 14:59:20:305 2456 DetectCureTDL3: IRP_MJ_READ : 8F3830B8 14:59:20:305 2456 DetectCureTDL3: IRP_MJ_WRITE : 8F3830B8 14:59:20:305 2456 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 84268A22 14:59:20:305 2456 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 84268A22 14:59:20:305 2456 DetectCureTDL3: IRP_MJ_QUERY_EA : 84268A22 14:59:20:305 2456 DetectCureTDL3: IRP_MJ_SET_EA : 84268A22 14:59:20:305 2456 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 84268A22 14:59:20:305 2456 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 84268A22 14:59:20:305 2456 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 84268A22 14:59:20:305 2456 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 84268A22 14:59:20:305 2456 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 84268A22 14:59:20:305 2456 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : 8F382BC4 14:59:20:305 2456 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : 8F3767E4 14:59:20:306 2456 DetectCureTDL3: IRP_MJ_SHUTDOWN : 84268A22 14:59:20:306 2456 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 84268A22 14:59:20:306 2456 DetectCureTDL3: IRP_MJ_CLEANUP : 84268A22 14:59:20:306 2456 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 84268A22 14:59:20:306 2456 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 84268A22 14:59:20:306 2456 DetectCureTDL3: IRP_MJ_SET_SECURITY : 84268A22 14:59:20:306 2456 DetectCureTDL3: IRP_MJ_POWER : 8F38159C 14:59:20:306 2456 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : 8F37E7A2 14:59:20:306 2456 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 84268A22 14:59:20:306 2456 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 84268A22 14:59:20:306 2456 DetectCureTDL3: IRP_MJ_SET_QUOTA : 84268A22 14:59:20:306 2456 TDL3_FileDetect: Processing driver: USBSTOR 14:59:20:306 2456 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:59:20:306 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:59:20:328 2456 KLMD_ReadMem: Trying to ReadMemory 0x8F378F26[0x400] 14:59:20:328 2456 TDL3_StartIoHookDetect: CheckParameters: 4, 8F37D000, 0 14:59:20:328 2456 TDL3_FileDetect: Processing driver: USBSTOR 14:59:20:328 2456 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:59:20:328 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:59:20:332 2456 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 14:59:20:332 2456 14:59:20:332 2456 DetectCureTDL3: DEVICE_OBJECT: 87A52AC8 14:59:20:332 2456 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87A52AC8 14:59:20:332 2456 DetectCureTDL3: DEVICE_OBJECT: 87B3ACB8 14:59:20:332 2456 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87B3ACB8 14:59:20:332 2456 KLMD_ReadMem: Trying to ReadMemory 0x87B3ACB8[0x38] 14:59:20:332 2456 DetectCureTDL3: DRIVER_OBJECT: 87985C08 14:59:20:332 2456 KLMD_ReadMem: Trying to ReadMemory 0x87985C08[0xA8] 14:59:20:332 2456 KLMD_ReadMem: Trying to ReadMemory 0x87987A18[0x1E] 14:59:20:332 2456 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 14:59:20:332 2456 DetectCureTDL3: IRP_MJ_CREATE : 8F382FC8 14:59:20:332 2456 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 84268A22 14:59:20:332 2456 DetectCureTDL3: IRP_MJ_CLOSE : 8F383040 14:59:20:332 2456 DetectCureTDL3: IRP_MJ_READ : 8F3830B8 14:59:20:332 2456 DetectCureTDL3: IRP_MJ_WRITE : 8F3830B8 14:59:20:332 2456 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 84268A22 14:59:20:332 2456 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 84268A22 14:59:20:333 2456 DetectCureTDL3: IRP_MJ_QUERY_EA : 84268A22 14:59:20:333 2456 DetectCureTDL3: IRP_MJ_SET_EA : 84268A22 14:59:20:333 2456 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 84268A22 14:59:20:333 2456 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 84268A22 14:59:20:333 2456 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 84268A22 14:59:20:333 2456 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 84268A22 14:59:20:333 2456 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 84268A22 14:59:20:333 2456 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : 8F382BC4 14:59:20:333 2456 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : 8F3767E4 14:59:20:333 2456 DetectCureTDL3: IRP_MJ_SHUTDOWN : 84268A22 14:59:20:333 2456 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 84268A22 14:59:20:333 2456 DetectCureTDL3: IRP_MJ_CLEANUP : 84268A22 14:59:20:333 2456 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 84268A22 14:59:20:333 2456 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 84268A22 14:59:20:333 2456 DetectCureTDL3: IRP_MJ_SET_SECURITY : 84268A22 14:59:20:333 2456 DetectCureTDL3: IRP_MJ_POWER : 8F38159C 14:59:20:333 2456 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : 8F37E7A2 14:59:20:333 2456 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 84268A22 14:59:20:333 2456 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 84268A22 14:59:20:333 2456 DetectCureTDL3: IRP_MJ_SET_QUOTA : 84268A22 14:59:20:333 2456 TDL3_FileDetect: Processing driver: USBSTOR 14:59:20:334 2456 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:59:20:334 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:59:20:336 2456 KLMD_ReadMem: Trying to ReadMemory 0x8F378F26[0x400] 14:59:20:336 2456 TDL3_StartIoHookDetect: CheckParameters: 4, 8F37D000, 0 14:59:20:336 2456 TDL3_FileDetect: Processing driver: USBSTOR 14:59:20:336 2456 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:59:20:336 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:59:20:339 2456 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 14:59:20:339 2456 14:59:20:340 2456 DetectCureTDL3: DEVICE_OBJECT: 87A577C8 14:59:20:340 2456 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87A577C8 14:59:20:340 2456 DetectCureTDL3: DEVICE_OBJECT: 87539700 14:59:20:340 2456 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87539700 14:59:20:340 2456 KLMD_ReadMem: Trying to ReadMemory 0x87539700[0x38] 14:59:20:340 2456 DetectCureTDL3: DRIVER_OBJECT: 87985C08 14:59:20:340 2456 KLMD_ReadMem: Trying to ReadMemory 0x87985C08[0xA8] 14:59:20:340 2456 KLMD_ReadMem: Trying to ReadMemory 0x87987A18[0x1E] 14:59:20:340 2456 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 14:59:20:340 2456 DetectCureTDL3: IRP_MJ_CREATE : 8F382FC8 14:59:20:340 2456 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 84268A22 14:59:20:340 2456 DetectCureTDL3: IRP_MJ_CLOSE : 8F383040 14:59:20:340 2456 DetectCureTDL3: IRP_MJ_READ : 8F3830B8 14:59:20:340 2456 DetectCureTDL3: IRP_MJ_WRITE : 8F3830B8 14:59:20:340 2456 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 84268A22 14:59:20:340 2456 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 84268A22 14:59:20:340 2456 DetectCureTDL3: IRP_MJ_QUERY_EA : 84268A22 14:59:20:340 2456 DetectCureTDL3: IRP_MJ_SET_EA : 84268A22 14:59:20:340 2456 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 84268A22 14:59:20:340 2456 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 84268A22 14:59:20:340 2456 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 84268A22 14:59:20:340 2456 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 84268A22 14:59:20:341 2456 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 84268A22 14:59:20:341 2456 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : 8F382BC4 14:59:20:341 2456 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : 8F3767E4 14:59:20:341 2456 DetectCureTDL3: IRP_MJ_SHUTDOWN : 84268A22 14:59:20:341 2456 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 84268A22 14:59:20:341 2456 DetectCureTDL3: IRP_MJ_CLEANUP : 84268A22 14:59:20:341 2456 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 84268A22 14:59:20:341 2456 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 84268A22 14:59:20:341 2456 DetectCureTDL3: IRP_MJ_SET_SECURITY : 84268A22 14:59:20:341 2456 DetectCureTDL3: IRP_MJ_POWER : 8F38159C 14:59:20:341 2456 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : 8F37E7A2 14:59:20:341 2456 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 84268A22 14:59:20:341 2456 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 84268A22 14:59:20:341 2456 DetectCureTDL3: IRP_MJ_SET_QUOTA : 84268A22 14:59:20:341 2456 TDL3_FileDetect: Processing driver: USBSTOR 14:59:20:341 2456 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:59:20:341 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:59:20:344 2456 KLMD_ReadMem: Trying to ReadMemory 0x8F378F26[0x400] 14:59:20:344 2456 TDL3_StartIoHookDetect: CheckParameters: 4, 8F37D000, 0 14:59:20:344 2456 TDL3_FileDetect: Processing driver: USBSTOR 14:59:20:344 2456 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:59:20:344 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:59:20:347 2456 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 14:59:20:347 2456 14:59:20:347 2456 DetectCureTDL3: DEVICE_OBJECT: 87A57030 14:59:20:347 2456 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87A57030 14:59:20:347 2456 DetectCureTDL3: DEVICE_OBJECT: 875377D0 14:59:20:347 2456 KLMD_GetLowerDeviceObject: Trying to get lower device object for 875377D0 14:59:20:347 2456 KLMD_ReadMem: Trying to ReadMemory 0x875377D0[0x38] 14:59:20:348 2456 DetectCureTDL3: DRIVER_OBJECT: 87985C08 14:59:20:348 2456 KLMD_ReadMem: Trying to ReadMemory 0x87985C08[0xA8] 14:59:20:348 2456 KLMD_ReadMem: Trying to ReadMemory 0x87987A18[0x1E] 14:59:20:348 2456 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 14:59:20:348 2456 DetectCureTDL3: IRP_MJ_CREATE : 8F382FC8 14:59:20:348 2456 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 84268A22 14:59:20:348 2456 DetectCureTDL3: IRP_MJ_CLOSE : 8F383040 14:59:20:348 2456 DetectCureTDL3: IRP_MJ_READ : 8F3830B8 14:59:20:348 2456 DetectCureTDL3: IRP_MJ_WRITE : 8F3830B8 14:59:20:348 2456 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 84268A22 14:59:20:348 2456 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 84268A22 14:59:20:348 2456 DetectCureTDL3: IRP_MJ_QUERY_EA : 84268A22 14:59:20:348 2456 DetectCureTDL3: IRP_MJ_SET_EA : 84268A22 14:59:20:348 2456 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 84268A22 14:59:20:348 2456 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 84268A22 14:59:20:348 2456 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 84268A22 14:59:20:348 2456 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 84268A22 14:59:20:348 2456 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 84268A22 14:59:20:348 2456 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : 8F382BC4 14:59:20:348 2456 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : 8F3767E4 14:59:20:348 2456 DetectCureTDL3: IRP_MJ_SHUTDOWN : 84268A22 14:59:20:348 2456 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 84268A22 14:59:20:349 2456 DetectCureTDL3: IRP_MJ_CLEANUP : 84268A22 14:59:20:349 2456 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 84268A22 14:59:20:349 2456 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 84268A22 14:59:20:349 2456 DetectCureTDL3: IRP_MJ_SET_SECURITY : 84268A22 14:59:20:349 2456 DetectCureTDL3: IRP_MJ_POWER : 8F38159C 14:59:20:349 2456 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : 8F37E7A2 14:59:20:349 2456 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 84268A22 14:59:20:349 2456 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 84268A22 14:59:20:349 2456 DetectCureTDL3: IRP_MJ_SET_QUOTA : 84268A22 14:59:20:349 2456 TDL3_FileDetect: Processing driver: USBSTOR 14:59:20:349 2456 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:59:20:349 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:59:20:352 2456 KLMD_ReadMem: Trying to ReadMemory 0x8F378F26[0x400] 14:59:20:352 2456 TDL3_StartIoHookDetect: CheckParameters: 4, 8F37D000, 0 14:59:20:352 2456 TDL3_FileDetect: Processing driver: USBSTOR 14:59:20:352 2456 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:59:20:352 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:59:20:355 2456 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 14:59:20:355 2456 14:59:20:355 2456 DetectCureTDL3: DEVICE_OBJECT: 867A78B0 14:59:20:355 2456 KLMD_GetLowerDeviceObject: Trying to get lower device object for 867A78B0 14:59:20:355 2456 DetectCureTDL3: DEVICE_OBJECT: 8679E908 14:59:20:355 2456 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8679E908 14:59:20:355 2456 DetectCureTDL3: DEVICE_OBJECT: 8677D5E8 14:59:20:355 2456 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8677D5E8 14:59:20:355 2456 KLMD_ReadMem: Trying to ReadMemory 0x8677D5E8[0x38] 14:59:20:355 2456 DetectCureTDL3: DRIVER_OBJECT: 859AE5D0 14:59:20:356 2456 KLMD_ReadMem: Trying to ReadMemory 0x859AE5D0[0xA8] 14:59:20:356 2456 KLMD_ReadMem: Trying to ReadMemory 0x866F11B0[0x1A] 14:59:20:356 2456 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 14:59:20:356 2456 DetectCureTDL3: IRP_MJ_CREATE : 84D37140 14:59:20:356 2456 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 84268A22 14:59:20:356 2456 DetectCureTDL3: IRP_MJ_CLOSE : 84D37140 14:59:20:356 2456 DetectCureTDL3: IRP_MJ_READ : 84268A22 14:59:20:356 2456 DetectCureTDL3: IRP_MJ_WRITE : 84268A22 14:59:20:356 2456 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 84268A22 14:59:20:356 2456 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 84268A22 14:59:20:356 2456 DetectCureTDL3: IRP_MJ_QUERY_EA : 84268A22 14:59:20:356 2456 DetectCureTDL3: IRP_MJ_SET_EA : 84268A22 14:59:20:356 2456 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 84268A22 14:59:20:356 2456 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 84268A22 14:59:20:356 2456 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 84268A22 14:59:20:356 2456 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 84268A22 14:59:20:356 2456 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 84268A22 14:59:20:356 2456 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : 84D25A5A 14:59:20:356 2456 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : 84D25A2C 14:59:20:356 2456 DetectCureTDL3: IRP_MJ_SHUTDOWN : 84268A22 14:59:20:356 2456 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 84268A22 14:59:20:356 2456 DetectCureTDL3: IRP_MJ_CLEANUP : 84268A22 14:59:20:357 2456 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 84268A22 14:59:20:357 2456 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 84268A22 14:59:20:357 2456 DetectCureTDL3: IRP_MJ_SET_SECURITY : 84268A22 14:59:20:357 2456 DetectCureTDL3: IRP_MJ_POWER : 84D25A88 14:59:20:357 2456 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : 84D32B70 14:59:20:357 2456 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 84268A22 14:59:20:357 2456 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 84268A22 14:59:20:357 2456 DetectCureTDL3: IRP_MJ_SET_QUOTA : 84268A22 14:59:20:357 2456 TDL3_FileDetect: Processing driver: atapi 14:59:20:357 2456 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys 14:59:20:357 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys 14:59:20:376 2456 TDL3_FileDetect: Processing driver: atapi 14:59:20:376 2456 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys 14:59:20:376 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys 14:59:20:378 2456 TDL3_FileDetect: C:\Windows\system32\drivers\atapi.sys - Verdict: Clean 14:59:20:378 2456 14:59:20:379 2456 Completed 14:59:20:379 2456 14:59:20:379 2456 Results: 14:59:20:380 2456 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 14:59:20:381 2456 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 14:59:20:382 2456 File objects infected / cured / cured on reboot: 0 / 0 / 0 14:59:20:382 2456 14:59:20:384 2456 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000 14:59:20:384 2456 UtilityDeinit: KLMD(ARK) unloaded successfully Voila ce qu'a mis rkill : This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as utilisateur on 18/02/2010 at 15:57:20. Processes terminated by Rkill or while it was running: C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe Rkill completed on 18/02/2010 at 15:57:27. Le rapport mbam : Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3741 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 18/02/2010 17:49:56 mbam-log-2010-02-18 (17-49-56).txt Type de recherche: Examen complet (C:\|D:\|E:\|) Eléments examinés: 323690 Temps écoulé: 1 hour(s), 43 minute(s), 35 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Et le rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:51:03, on 18/02/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Users\ALEXANDRE\AppData\Local\MSASCui.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Acer\Empowering Technology\SysMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\OrangeHSS\Systray\SystrayApp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\RtHDVCpl.exe C:\Windows\system32\conime.exe C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe C:\Windows\explorer.exe C:\Users\ALEXANDRE\AppData\Local\Temp\7zS63E2.tmp\firefox.exe C:\Users\ALEXANDRE\Desktop\HousecallLauncher.exe C:\Users\UTILIS~1\AppData\Local\Temp\7zS8406.tmp\setup.exe C:\Users\ALEXANDRE\Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [TMWebProtectTray] "C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe" O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [LESS CITY AMEN SETUP] "C:\ProgramData\Stop Admin Blue.n67s7" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Error mail] "C:\ProgramData\Upload Bags Bags.1lq2cck" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-3859654755-1398547588-4027240970-1001\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (User 'ALEXANDRE') O4 - HKUS\S-1-5-21-3859654755-1398547588-4027240970-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'ALEXANDRE') O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Startup: YesMessenger.lnk = C:\Program Files\Prodix\YesMessenger.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: McAfee Security Scan.lnk = ? O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O13 - Gopher Prefix: O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe O23 - Service: Trend Micro Web Protection Add-On Service (TMWebProtect) - Trend Micro Inc. - C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe -- End of file - 11145 bytes
- le 18 février 2010
- 3 réponses
problème avec vista antispyware 2010

Alex37 a posté un sujet dans Analyses et éradication malwares

Bonjour à tous, mon problème comme l'indique le titre est que depuis dimanche soir j'ai ce maudit logiciel qui s'est installé et de plus il n'est présent que sur ma session et pas sur celle de mon père la session administrateur. Voila le rapport d'Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:29:54, on 16/02/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\OrangeHSS\Systray\SystrayApp.exe C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Acer\Empowering Technology\SysMonitor.exe C:\Users\ALEXANDRE\AppData\Local\Temp\7zS63E2.tmp\firefox.exe C:\Users\ALEXANDRE\AppData\Local\MSASCui.exe C:\Users\ALEXANDRE\Downloads\HiJackThis.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: McAfee Security Scan.lnk = ? O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O13 - Gopher Prefix: O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 10077 bytes J'espère que vous pourrez m'aider.
- le 16 février 2010
- 3 réponses

Connexion

Alex37

Compteur de contenus

Inscription

Dernière visite

Alex37's Achievements

Junior Member (3/12)

Réputation sur la communauté

problème avec vista antispyware 2010

problème avec vista antispyware 2010

Zebulon

Outils en ligne

Naviguer