Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Résolu] Malware Defense, le retour

chimay

Par chimay
dans Analyses et éradication malwares

 Partager

Messages recommandés

chimay Junior Member

chimay

Posté(e)
Posté(e) (modifié)

Bonjour à tous, et bonne année 2010 ! :P

 

Le titre de mon sujet est assez explicite : Malware Defense s'est installé, m'a viré AVG, et je n'arrive pas à m'en débarrasser... :P

 

Avant de vous embêter, j'ai bien essayé de nettoyer mon PC par moi-même en suivant les méthodes décrites dans le sujet "Malware Defense" de Gropaké :

J'ai fait un scan HijackThis, lancé l'outil rkill (de Grinler), j'ai pu ensuite télécharger Malwarebytes' Anti-Malware (MBAM) mais impossible de le lancer, ce qui est, selon Falkra, un symptôme.

 

Je m'en remets donc à vous : voici le rapport d'HijackThis. D'avance merci pour votre aide.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:47:11, on 01/01/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\DeezRip\DeezRipSvc.exe

C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Borland\IntrBase\BIN\ibserver.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\DOCUME~1\Frank\LOCALS~1\Temp\settdebugx.exe

C:\Program Files\Malware Defense\mdefense.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\devldr32.exe

C:\DOCUME~1\Frank\LOCALS~1\Temp\wscsvc32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Frank\Bureau\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v0.battle-arenas.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - *{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [interBase Server] "C:\Program Files\Borland\IntrBase\BIN\ibserver.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [settdebugx.exe] C:\DOCUME~1\Frank\LOCALS~1\Temp\settdebugx.exe

O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe

O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\MSInfo\MSINF16H.EXE

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://v0.battle-arenas.net

O15 - Trusted Zone: http://www.battle-arenas.net

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - https://ssl-tb.sitadelle.com/selfcare.ceget...FAutoConfig.ocx

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9597CD35-4BEE-4CF5-9960-4805B70D397B}: NameServer = 86.64.145.141 84.103.237.141

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: DeezRip service (DeezRipSvc) - Unknown owner - C:\Program Files\DeezRip\DeezRipSvc.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

 

--

End of file - 10906 bytes

Modifié par chimay

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonjour,

 

Télécharge load_tdsskiller de Loup Blanc sur ton Bureau en cliquant sur ce lien :

 

http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe

 

Cet outil est conçu pour automatiser différentes tâches proposées par TDSSKiller, un fix de Kaspersky.

  • Lance load_tdsskiller en double-cliquant dessus : l'outil va se connecter au Net pour télécharger une copie à jour de TDSSKiller, puis va lancer le scan
  • A la fin du scan, appuie sur une touche pour continuer, comme l'indique le message dans la fenêtre noire d'invite de commande
  • Le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (le fichier est également présent ici : C:\tdsskiller\report.txt)
  • Fais redémarrer ton PC

 

Réexécute Rkill si MBAM ne se lance pas, mais il devrait...

 

MBAM. ->

 

  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen complet"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

Si MBAM demande à redémarrer le pc, fais-le.

 

!!! Ne pas vider la quarantaine de MBAM sans avis !!! (en cas de faux-positifs toujours possibles.)

 

Poste également un nouveau log Hijackthis stp.

 

@++

chimay Junior Member

chimay

Posté(e)
  • Auteur
Posté(e)

Merci pour l'aide. :P

 

J'ai lancé load_tdsskiller dont le rapport est ci-dessous.

Après redémarrage, MBAM ne se lance toujours pas.

J'ai réexécuté Rkill.

 

 

 

14:49:24:015 4064 TDSSKiller 2.1.1 Dec 20 2009 02:40:02

14:49:24:015 4064 ================================================================================

14:49:24:015 4064 SystemInfo:

 

14:49:24:015 4064 OS Version: 5.1.2600 ServicePack: 3.0

14:49:24:015 4064 Product type: Workstation

14:49:24:015 4064 ComputerName: ATHLON

14:49:24:015 4064 UserName: Frank

14:49:24:015 4064 Windows directory: C:\WINDOWS

14:49:24:015 4064 Processor architecture: Intel x86

14:49:24:015 4064 Number of processors: 1

14:49:24:015 4064 Page size: 0x1000

14:49:24:015 4064 Boot type: Normal boot

14:49:24:015 4064 ================================================================================

14:49:24:015 4064 ForceUnloadDriver: NtUnloadDriver error 2

14:49:24:015 4064 ForceUnloadDriver: NtUnloadDriver error 2

14:49:24:015 4064 ForceUnloadDriver: NtUnloadDriver error 2

14:49:24:015 4064 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0

14:49:24:015 4064 main: Driver KLMD successfully dropped

14:49:24:015 4064 main: Driver KLMD successfully loaded

14:49:24:015 4064

Scanning Registry ...

14:49:24:015 4064 ScanServices: Searching service UACd.sys

14:49:24:015 4064 ScanServices: Open/Create key error 2

14:49:24:015 4064 ScanServices: Searching service TDSSserv.sys

14:49:24:015 4064 ScanServices: Open/Create key error 2

14:49:24:015 4064 ScanServices: Searching service gaopdxserv.sys

14:49:24:015 4064 ScanServices: Open/Create key error 2

14:49:24:015 4064 ScanServices: Searching service gxvxcserv.sys

14:49:24:015 4064 ScanServices: Open/Create key error 2

14:49:24:015 4064 ScanServices: Searching service MSIVXserv.sys

14:49:24:015 4064 ScanServices: Open/Create key error 2

14:49:24:015 4064 UnhookRegistry: Kernel module file name: C:\windows\system32\ntoskrnl.exe, base addr: 804D7000

14:49:24:015 4064 UnhookRegistry: Kernel local addr: B80000

14:49:24:015 4064 UnhookRegistry: KeServiceDescriptorTable addr: C03220

14:49:24:015 4064 UnhookRegistry: KiServiceTable addr: B8B6A8

14:49:24:015 4064 UnhookRegistry: NtEnumerateKey service number (local): 47

14:49:24:015 4064 UnhookRegistry: NtEnumerateKey local addr: C1C5A4

14:49:24:031 4064 KLMD_OpenDevice: Trying to open KLMD device

14:49:24:031 4064 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey

14:49:24:031 4064 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey

14:49:24:031 4064 KLMD_ReadMem: Trying to ReadMemory 0x804DCC49[0x4]

14:49:24:031 4064 UnhookRegistry: NtEnumerateKey service number (kernel): 47

14:49:24:031 4064 KLMD_ReadMem: Trying to ReadMemory 0x804E27C4[0x4]

14:49:24:031 4064 UnhookRegistry: NtEnumerateKey real addr: 805735A4

14:49:24:031 4064 UnhookRegistry: NtEnumerateKey calc addr: 805735A4

14:49:24:031 4064 UnhookRegistry: No SDT hooks found on NtEnumerateKey

14:49:24:031 4064 KLMD_ReadMem: Trying to ReadMemory 0x805735A4[0xA]

14:49:24:031 4064 UnhookRegistry: No splicing found on NtEnumerateKey

14:49:24:031 4064

Scanning Kernel memory ...

14:49:24:031 4064 KLMD_OpenDevice: Trying to open KLMD device

14:49:24:031 4064 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk

14:49:24:031 4064 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk

14:49:24:031 4064 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 842B6A08

14:49:24:031 4064 DetectCureTDL3: KLMD_GetDeviceObjectList returned 4 DevObjects

14:49:24:031 4064 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 830CB9F0

14:49:24:031 4064 KLMD_GetLowerDeviceObject: Trying to get lower device object for 830CB9F0

14:49:24:031 4064 KLMD_ReadMem: Trying to ReadMemory 0x830CB9F0[0x38]

14:49:24:031 4064 DetectCureTDL3: DRIVER_OBJECT addr: 842B6A08

14:49:24:031 4064 KLMD_ReadMem: Trying to ReadMemory 0x842B6A08[0xA8]

14:49:24:031 4064 KLMD_ReadMem: Trying to ReadMemory 0xE10100C0[0x208]

14:49:24:031 4064 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

14:49:24:031 4064 DetectCureTDL3: IrpHandler (0) addr: BA10EBB0

14:49:24:031 4064 DetectCureTDL3: IrpHandler (1) addr: 804FA87E

14:49:24:031 4064 DetectCureTDL3: IrpHandler (2) addr: BA10EBB0

14:49:24:031 4064 DetectCureTDL3: IrpHandler (3) addr: BA108D1F

14:49:24:031 4064 DetectCureTDL3: IrpHandler (4) addr: BA108D1F

14:49:24:031 4064 DetectCureTDL3: IrpHandler (5) addr: 804FA87E

14:49:24:031 4064 DetectCureTDL3: IrpHandler (6) addr: 804FA87E

14:49:24:031 4064 DetectCureTDL3: IrpHandler (7) addr: 804FA87E

14:49:24:031 4064 DetectCureTDL3: IrpHandler (:P addr: 804FA87E

14:49:24:031 4064 DetectCureTDL3: IrpHandler (9) addr: BA1092E2

14:49:24:031 4064 DetectCureTDL3: IrpHandler (10) addr: 804FA87E

14:49:24:031 4064 DetectCureTDL3: IrpHandler (11) addr: 804FA87E

14:49:24:031 4064 DetectCureTDL3: IrpHandler (12) addr: 804FA87E

14:49:24:031 4064 DetectCureTDL3: IrpHandler (13) addr: 804FA87E

14:49:24:031 4064 DetectCureTDL3: IrpHandler (14) addr: BA1093BB

14:49:24:031 4064 DetectCureTDL3: IrpHandler (15) addr: BA10CF28

14:49:24:031 4064 DetectCureTDL3: IrpHandler (16) addr: BA1092E2

14:49:24:031 4064 DetectCureTDL3: IrpHandler (17) addr: 804FA87E

14:49:24:031 4064 DetectCureTDL3: IrpHandler (18) addr: 804FA87E

14:49:24:031 4064 DetectCureTDL3: IrpHandler (19) addr: 804FA87E

14:49:24:031 4064 DetectCureTDL3: IrpHandler (20) addr: 804FA87E

14:49:24:031 4064 DetectCureTDL3: IrpHandler (21) addr: 804FA87E

14:49:24:031 4064 DetectCureTDL3: IrpHandler (22) addr: BA10AC82

14:49:24:031 4064 DetectCureTDL3: IrpHandler (23) addr: BA10F99E

14:49:24:031 4064 DetectCureTDL3: IrpHandler (24) addr: 804FA87E

14:49:24:031 4064 DetectCureTDL3: IrpHandler (25) addr: 804FA87E

14:49:24:031 4064 DetectCureTDL3: IrpHandler (26) addr: 804FA87E

14:49:24:031 4064 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]

14:49:24:031 4064 KLMD_ReadMem: DeviceIoControl error 1

14:49:24:031 4064 TDL3_StartIoHookDetect: Unable to get StartIo handler code

14:49:24:031 4064 TDL3_FileDetect: Processing driver: Disk

14:49:24:031 4064 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk

14:49:24:031 4064 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys

14:49:24:031 4064 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys

14:49:24:062 4064 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 8431CC68

14:49:24:062 4064 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8431CC68

14:49:24:062 4064 KLMD_ReadMem: Trying to ReadMemory 0x8431CC68[0x38]

14:49:24:062 4064 DetectCureTDL3: DRIVER_OBJECT addr: 842B6A08

14:49:24:062 4064 KLMD_ReadMem: Trying to ReadMemory 0x842B6A08[0xA8]

14:49:24:062 4064 KLMD_ReadMem: Trying to ReadMemory 0xE10100C0[0x208]

14:49:24:062 4064 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

14:49:24:062 4064 DetectCureTDL3: IrpHandler (0) addr: BA10EBB0

14:49:24:062 4064 DetectCureTDL3: IrpHandler (1) addr: 804FA87E

14:49:24:062 4064 DetectCureTDL3: IrpHandler (2) addr: BA10EBB0

14:49:24:062 4064 DetectCureTDL3: IrpHandler (3) addr: BA108D1F

14:49:24:062 4064 DetectCureTDL3: IrpHandler (4) addr: BA108D1F

14:49:24:062 4064 DetectCureTDL3: IrpHandler (5) addr: 804FA87E

14:49:24:062 4064 DetectCureTDL3: IrpHandler (6) addr: 804FA87E

14:49:24:062 4064 DetectCureTDL3: IrpHandler (7) addr: 804FA87E

14:49:24:062 4064 DetectCureTDL3: IrpHandler (:P addr: 804FA87E

14:49:24:062 4064 DetectCureTDL3: IrpHandler (9) addr: BA1092E2

14:49:24:062 4064 DetectCureTDL3: IrpHandler (10) addr: 804FA87E

14:49:24:062 4064 DetectCureTDL3: IrpHandler (11) addr: 804FA87E

14:49:24:062 4064 DetectCureTDL3: IrpHandler (12) addr: 804FA87E

14:49:24:062 4064 DetectCureTDL3: IrpHandler (13) addr: 804FA87E

14:49:24:062 4064 DetectCureTDL3: IrpHandler (14) addr: BA1093BB

14:49:24:062 4064 DetectCureTDL3: IrpHandler (15) addr: BA10CF28

14:49:24:062 4064 DetectCureTDL3: IrpHandler (16) addr: BA1092E2

14:49:24:062 4064 DetectCureTDL3: IrpHandler (17) addr: 804FA87E

14:49:24:062 4064 DetectCureTDL3: IrpHandler (18) addr: 804FA87E

14:49:24:062 4064 DetectCureTDL3: IrpHandler (19) addr: 804FA87E

14:49:24:062 4064 DetectCureTDL3: IrpHandler (20) addr: 804FA87E

14:49:24:062 4064 DetectCureTDL3: IrpHandler (21) addr: 804FA87E

14:49:24:062 4064 DetectCureTDL3: IrpHandler (22) addr: BA10AC82

14:49:24:062 4064 DetectCureTDL3: IrpHandler (23) addr: BA10F99E

14:49:24:062 4064 DetectCureTDL3: IrpHandler (24) addr: 804FA87E

14:49:24:062 4064 DetectCureTDL3: IrpHandler (25) addr: 804FA87E

14:49:24:062 4064 DetectCureTDL3: IrpHandler (26) addr: 804FA87E

14:49:24:062 4064 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]

14:49:24:062 4064 KLMD_ReadMem: DeviceIoControl error 1

14:49:24:062 4064 TDL3_StartIoHookDetect: Unable to get StartIo handler code

14:49:24:062 4064 TDL3_FileDetect: Processing driver: Disk

14:49:24:062 4064 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk

14:49:24:062 4064 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys

14:49:24:062 4064 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys

14:49:24:062 4064 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8431EAB8

14:49:24:062 4064 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8431EAB8

14:49:24:062 4064 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 843C19E8

14:49:24:062 4064 KLMD_GetLowerDeviceObject: Trying to get lower device object for 843C19E8

14:49:24:062 4064 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 842B8B00

14:49:24:062 4064 KLMD_GetLowerDeviceObject: Trying to get lower device object for 842B8B00

14:49:24:062 4064 KLMD_ReadMem: Trying to ReadMemory 0x842B8B00[0x38]

14:49:24:062 4064 DetectCureTDL3: DRIVER_OBJECT addr: 842B9918

14:49:24:062 4064 KLMD_ReadMem: Trying to ReadMemory 0x842B9918[0xA8]

14:49:24:062 4064 KLMD_ReadMem: Trying to ReadMemory 0xE1010F20[0x208]

14:49:24:062 4064 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi

14:49:24:062 4064 DetectCureTDL3: IrpHandler (0) addr: B9F0EB40

14:49:24:062 4064 DetectCureTDL3: IrpHandler (1) addr: 804FA87E

14:49:24:062 4064 DetectCureTDL3: IrpHandler (2) addr: B9F0EB40

14:49:24:062 4064 DetectCureTDL3: IrpHandler (3) addr: 804FA87E

14:49:24:078 4064 DetectCureTDL3: IrpHandler (4) addr: 804FA87E

14:49:24:078 4064 DetectCureTDL3: IrpHandler (5) addr: 804FA87E

14:49:24:078 4064 DetectCureTDL3: IrpHandler (6) addr: 804FA87E

14:49:24:078 4064 DetectCureTDL3: IrpHandler (7) addr: 804FA87E

14:49:24:078 4064 DetectCureTDL3: IrpHandler (:P addr: 804FA87E

14:49:24:078 4064 DetectCureTDL3: IrpHandler (9) addr: 804FA87E

14:49:24:078 4064 DetectCureTDL3: IrpHandler (10) addr: 804FA87E

14:49:24:078 4064 DetectCureTDL3: IrpHandler (11) addr: 804FA87E

14:49:24:078 4064 DetectCureTDL3: IrpHandler (12) addr: 804FA87E

14:49:24:078 4064 DetectCureTDL3: IrpHandler (13) addr: 804FA87E

14:49:24:078 4064 DetectCureTDL3: IrpHandler (14) addr: B9F0EB40

14:49:24:078 4064 DetectCureTDL3: IrpHandler (15) addr: B9F0EB40

14:49:24:078 4064 DetectCureTDL3: IrpHandler (16) addr: 804FA87E

14:49:24:078 4064 DetectCureTDL3: IrpHandler (17) addr: 804FA87E

14:49:24:078 4064 DetectCureTDL3: IrpHandler (18) addr: 804FA87E

14:49:24:078 4064 DetectCureTDL3: IrpHandler (19) addr: 804FA87E

14:49:24:078 4064 DetectCureTDL3: IrpHandler (20) addr: 804FA87E

14:49:24:078 4064 DetectCureTDL3: IrpHandler (21) addr: 804FA87E

14:49:24:078 4064 DetectCureTDL3: IrpHandler (22) addr: B9F0EB40

14:49:24:078 4064 DetectCureTDL3: IrpHandler (23) addr: B9F0EB40

14:49:24:078 4064 DetectCureTDL3: IrpHandler (24) addr: 804FA87E

14:49:24:078 4064 DetectCureTDL3: IrpHandler (25) addr: 804FA87E

14:49:24:078 4064 DetectCureTDL3: IrpHandler (26) addr: 804FA87E

14:49:24:078 4064 KLMD_ReadMem: Trying to ReadMemory 0xB9F0C864[0x400]

14:49:24:078 4064 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0

14:49:24:078 4064 TDL3_FileDetect: Processing driver: atapi

14:49:24:078 4064 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk

14:49:24:078 4064 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys

14:49:24:078 4064 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys

14:49:24:093 4064 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8431E030

14:49:24:093 4064 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8431E030

14:49:24:093 4064 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 843C3F18

14:49:24:093 4064 KLMD_GetLowerDeviceObject: Trying to get lower device object for 843C3F18

14:49:24:093 4064 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 843C0940

14:49:24:093 4064 KLMD_GetLowerDeviceObject: Trying to get lower device object for 843C0940

14:49:24:093 4064 KLMD_ReadMem: Trying to ReadMemory 0x843C0940[0x38]

14:49:24:093 4064 DetectCureTDL3: DRIVER_OBJECT addr: 842B9918

14:49:24:093 4064 KLMD_ReadMem: Trying to ReadMemory 0x842B9918[0xA8]

14:49:24:093 4064 KLMD_ReadMem: Trying to ReadMemory 0xE1010F20[0x208]

14:49:24:093 4064 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi

14:49:24:093 4064 DetectCureTDL3: IrpHandler (0) addr: B9F0EB40

14:49:24:093 4064 DetectCureTDL3: IrpHandler (1) addr: 804FA87E

14:49:24:093 4064 DetectCureTDL3: IrpHandler (2) addr: B9F0EB40

14:49:24:093 4064 DetectCureTDL3: IrpHandler (3) addr: 804FA87E

14:49:24:093 4064 DetectCureTDL3: IrpHandler (4) addr: 804FA87E

14:49:24:093 4064 DetectCureTDL3: IrpHandler (5) addr: 804FA87E

14:49:24:093 4064 DetectCureTDL3: IrpHandler (6) addr: 804FA87E

14:49:24:093 4064 DetectCureTDL3: IrpHandler (7) addr: 804FA87E

14:49:24:093 4064 DetectCureTDL3: IrpHandler (:) addr: 804FA87E

14:49:24:093 4064 DetectCureTDL3: IrpHandler (9) addr: 804FA87E

14:49:24:093 4064 DetectCureTDL3: IrpHandler (10) addr: 804FA87E

14:49:24:093 4064 DetectCureTDL3: IrpHandler (11) addr: 804FA87E

14:49:24:093 4064 DetectCureTDL3: IrpHandler (12) addr: 804FA87E

14:49:24:093 4064 DetectCureTDL3: IrpHandler (13) addr: 804FA87E

14:49:24:093 4064 DetectCureTDL3: IrpHandler (14) addr: B9F0EB40

14:49:24:093 4064 DetectCureTDL3: IrpHandler (15) addr: B9F0EB40

14:49:24:093 4064 DetectCureTDL3: IrpHandler (16) addr: 804FA87E

14:49:24:093 4064 DetectCureTDL3: IrpHandler (17) addr: 804FA87E

14:49:24:093 4064 DetectCureTDL3: IrpHandler (18) addr: 804FA87E

14:49:24:093 4064 DetectCureTDL3: IrpHandler (19) addr: 804FA87E

14:49:24:093 4064 DetectCureTDL3: IrpHandler (20) addr: 804FA87E

14:49:24:093 4064 DetectCureTDL3: IrpHandler (21) addr: 804FA87E

14:49:24:093 4064 DetectCureTDL3: IrpHandler (22) addr: B9F0EB40

14:49:24:093 4064 DetectCureTDL3: IrpHandler (23) addr: B9F0EB40

14:49:24:093 4064 DetectCureTDL3: IrpHandler (24) addr: 804FA87E

14:49:24:093 4064 DetectCureTDL3: IrpHandler (25) addr: 804FA87E

14:49:24:093 4064 DetectCureTDL3: IrpHandler (26) addr: 804FA87E

14:49:24:093 4064 KLMD_ReadMem: Trying to ReadMemory 0xB9F0C864[0x400]

14:49:24:093 4064 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0

14:49:24:093 4064 TDL3_FileDetect: Processing driver: atapi

14:49:24:093 4064 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk

14:49:24:093 4064 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys

14:49:24:093 4064 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys

14:49:24:093 4064

Completed

 

Results:

14:49:24:093 4064 Infected objects in memory: 0

14:49:24:093 4064 Cured objects in memory: 0

14:49:24:093 4064 Infected objects on disk: 0

14:49:24:093 4064 Objects on disk cured on reboot: 0

14:49:24:093 4064 Objects on disk deleted on reboot: 0

14:49:24:093 4064 Registry nodes deleted on reboot: 0

14:49:24:093 4064

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Re,

 

Si MBAM ne se lançait toujours pas après ComboFix renommé, désinstalle celui que tu as et réinstalle un nouveau; mais pas de suite.

 

Malwarebytes' Anti-Malware (MBAM)

 

ComboFix ne doit pas être utilisé comme un outil de diagnostic, il ne doit être employé que sur demande expresse d'un conseiller formé à cet outil et sous son contrôle. Cet outil peut être dangereux!

 

Désactiver les protections (antivirus, firewall, antispyware).

 

Connecter les supports amovibles (clé usb et autres) avant de procéder.

 

TUTO Officiel

 

Fais un clic droit ICI

  • Dans le menu qui se déroule, choisis "Enregistrer la cible du lien sous" (si tu utilises Firefox) et "Enregistrer la cible sous" (si tu utilises Internet Explorer)
  • Une fenêtre va s'ouvrir: dans le champs Nom du fichier (en bas ), tape ceci > grossbaf
  • On va enregistrer ce fichier sur le Bureau: pour cela, sur le panneau de gauche, clique sur le Bureau.
     
  • Clique enfin sur le bouton Enregistrer en bas de page à droite.
  • Assure toi que tous les programmes sont fermés avant de lancer le fix!
  • Fait un double clique sur grossbaf.
  • Si la console de récupération n'est pas installée sur un XP, ComboFix va proposer de l'installer: Accepte!
  • Clique sur Oui au message de Limitation de Garantie qui s'affiche.
  • Il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sure: accepte!
  • Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !
  • Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message.

 

Si tu perds la connexion après le passage de ComboFix, voici comment la réparer ICI.

 

NB: Si malgré tout, tu ne parviens pas à réparer la connexion, lis ce sujet stp.

 

sshot-1-9.jpg

 

@++

wxa Junior Member

wxa

Posté(e)
Posté(e)

Salut à tous je suis également une victime de Malware défence j'ai pas mal de souci pour démarrer mon pc qui se traduise quand il arrive à se lancer par des écrans figés qui m'oblige à le relancer manuellement plusieurs fois d'affiler jusqu'à son bon fonctionnement!!! En outre j'ai l'icône dans ma barre des tâche sans cesse (petit rond rouge avec une croix blanche ainsi que l'icône windows security alerts!!!)

 

j'ai fait un scan avec tdskiller en voici le résultat:

 

14:29:54:609 0256 TDSSKiller 2.1.1 Dec 20 2009 02:40:02

14:29:54:609 0256 ================================================================================

14:29:54:609 0256 SystemInfo:

 

14:29:54:609 0256 OS Version: 5.1.2600 ServicePack: 3.0

14:29:54:609 0256 Product type: Workstation

14:29:54:609 0256 ComputerName: SYLVESTE-B1C792

14:29:54:609 0256 UserName: Administrateur

14:29:54:609 0256 Windows directory: C:\WINDOWS

14:29:54:609 0256 Processor architecture: Intel x86

14:29:54:609 0256 Number of processors: 4

14:29:54:609 0256 Page size: 0x1000

14:29:54:609 0256 Boot type: Normal boot

14:29:54:609 0256 ================================================================================

14:29:54:609 0256 ForceUnloadDriver: NtUnloadDriver error 2

14:29:54:609 0256 ForceUnloadDriver: NtUnloadDriver error 2

14:29:54:609 0256 ForceUnloadDriver: NtUnloadDriver error 2

14:29:54:640 0256 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0

14:29:54:640 0256 main: Driver KLMD successfully dropped

14:29:54:640 0256 main: Driver KLMD successfully loaded

14:29:54:640 0256

Scanning Registry ...

14:29:54:640 0256 ScanServices: Searching service UACd.sys

14:29:54:640 0256 ScanServices: Open/Create key error 2

14:29:54:640 0256 ScanServices: Searching service TDSSserv.sys

14:29:54:640 0256 ScanServices: Open/Create key error 2

14:29:54:640 0256 ScanServices: Searching service gaopdxserv.sys

14:29:54:640 0256 ScanServices: Open/Create key error 2

14:29:54:640 0256 ScanServices: Searching service gxvxcserv.sys

14:29:54:640 0256 ScanServices: Open/Create key error 2

14:29:54:640 0256 ScanServices: Searching service MSIVXserv.sys

14:29:54:640 0256 ScanServices: Open/Create key error 2

14:29:54:640 0256 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000

14:29:54:640 0256 UnhookRegistry: Kernel local addr: A40000

14:29:54:640 0256 UnhookRegistry: KeServiceDescriptorTable addr: AC5700

14:29:54:640 0256 UnhookRegistry: KiServiceTable addr: A6D460

14:29:54:640 0256 UnhookRegistry: NtEnumerateKey service number (local): 47

14:29:54:640 0256 UnhookRegistry: NtEnumerateKey local addr: B8CFF2

14:29:54:640 0256 KLMD_OpenDevice: Trying to open KLMD device

14:29:54:640 0256 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey

14:29:54:640 0256 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey

14:29:54:640 0256 KLMD_ReadMem: Trying to ReadMemory 0x805002C9[0x4]

14:29:54:640 0256 UnhookRegistry: NtEnumerateKey service number (kernel): 47

14:29:54:640 0256 KLMD_ReadMem: Trying to ReadMemory 0x8050457C[0x4]

14:29:54:640 0256 UnhookRegistry: NtEnumerateKey real addr: 80623FF2

14:29:54:640 0256 UnhookRegistry: NtEnumerateKey calc addr: 80623FF2

14:29:54:640 0256 UnhookRegistry: No SDT hooks found on NtEnumerateKey

14:29:54:640 0256 KLMD_ReadMem: Trying to ReadMemory 0x80623FF2[0xA]

14:29:54:640 0256 UnhookRegistry: Splicing found on NtEnumerateKey

14:29:54:640 0256 KLMD_WriteMem: Trying to WriteMemory 0x80623FF2[0xA]

14:29:54:640 0256 UnhookRegistry: NtEnumerateKey (Splicing) unhooked successfully

14:29:54:640 0256

Hidden service detected: H8SRTd.sys

Type "delete" (without quotes) to delete it: 14:30:08:000 0256

14:30:08:000 0256

Scanning Kernel memory ...

14:30:08:000 0256 KLMD_OpenDevice: Trying to open KLMD device

14:30:08:000 0256 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk

14:30:08:000 0256 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk

14:30:08:000 0256 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A3D5890

14:30:08:000 0256 DetectCureTDL3: KLMD_GetDeviceObjectList returned 4 DevObjects

14:30:08:000 0256 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 8A2B3448

14:30:08:000 0256 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A2B3448

14:30:08:000 0256 KLMD_ReadMem: Trying to ReadMemory 0x8A2B3448[0x38]

14:30:08:000 0256 DetectCureTDL3: DRIVER_OBJECT addr: 8A3D5890

14:30:08:000 0256 KLMD_ReadMem: Trying to ReadMemory 0x8A3D5890[0xA8]

14:30:08:000 0256 KLMD_ReadMem: Trying to ReadMemory 0xE14FF6A8[0x208]

14:30:08:000 0256 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

14:30:08:000 0256 DetectCureTDL3: IrpHandler (0) addr: BA91EBB0

14:30:08:000 0256 DetectCureTDL3: IrpHandler (1) addr: 804F4562

14:30:08:000 0256 DetectCureTDL3: IrpHandler (2) addr: BA91EBB0

14:30:08:000 0256 DetectCureTDL3: IrpHandler (3) addr: BA918D1F

14:30:08:000 0256 DetectCureTDL3: IrpHandler (4) addr: BA918D1F

14:30:08:000 0256 DetectCureTDL3: IrpHandler (5) addr: 804F4562

14:30:08:000 0256 DetectCureTDL3: IrpHandler (6) addr: 804F4562

14:30:08:000 0256 DetectCureTDL3: IrpHandler (7) addr: 804F4562

14:30:08:000 0256 DetectCureTDL3: IrpHandler (:P addr: 804F4562

14:30:08:000 0256 DetectCureTDL3: IrpHandler (9) addr: BA9192E2

14:30:08:000 0256 DetectCureTDL3: IrpHandler (10) addr: 804F4562

14:30:08:000 0256 DetectCureTDL3: IrpHandler (11) addr: 804F4562

14:30:08:000 0256 DetectCureTDL3: IrpHandler (12) addr: 804F4562

14:30:08:000 0256 DetectCureTDL3: IrpHandler (13) addr: 804F4562

14:30:08:000 0256 DetectCureTDL3: IrpHandler (14) addr: BA9193BB

14:30:08:000 0256 DetectCureTDL3: IrpHandler (15) addr: BA91CF28

14:30:08:000 0256 DetectCureTDL3: IrpHandler (16) addr: BA9192E2

14:30:08:000 0256 DetectCureTDL3: IrpHandler (17) addr: 804F4562

14:30:08:000 0256 DetectCureTDL3: IrpHandler (18) addr: 804F4562

14:30:08:000 0256 DetectCureTDL3: IrpHandler (19) addr: 804F4562

14:30:08:000 0256 DetectCureTDL3: IrpHandler (20) addr: 804F4562

14:30:08:000 0256 DetectCureTDL3: IrpHandler (21) addr: 804F4562

14:30:08:000 0256 DetectCureTDL3: IrpHandler (22) addr: BA91AC82

14:30:08:000 0256 DetectCureTDL3: IrpHandler (23) addr: BA91F99E

14:30:08:000 0256 DetectCureTDL3: IrpHandler (24) addr: 804F4562

14:30:08:000 0256 DetectCureTDL3: IrpHandler (25) addr: 804F4562

14:30:08:000 0256 DetectCureTDL3: IrpHandler (26) addr: 804F4562

14:30:08:000 0256 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]

14:30:08:000 0256 KLMD_ReadMem: DeviceIoControl error 1

14:30:08:000 0256 TDL3_StartIoHookDetect: Unable to get StartIo handler code

14:30:08:000 0256 TDL3_FileDetect: Processing driver: Disk

14:30:08:000 0256 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk

14:30:08:000 0256 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys

14:30:08:000 0256 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys

14:30:08:046 0256 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 89D5BAB8

14:30:08:046 0256 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D5BAB8

14:30:08:046 0256 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 89ED9C10

14:30:08:046 0256 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89ED9C10

14:30:08:046 0256 KLMD_ReadMem: Trying to ReadMemory 0x89ED9C10[0x38]

14:30:08:046 0256 DetectCureTDL3: DRIVER_OBJECT addr: 89E2BA20

14:30:08:046 0256 KLMD_ReadMem: Trying to ReadMemory 0x89E2BA20[0xA8]

14:30:08:046 0256 KLMD_ReadMem: Trying to ReadMemory 0xE1521428[0x208]

14:30:08:046 0256 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

14:30:08:046 0256 DetectCureTDL3: IrpHandler (0) addr: 89B021F8

14:30:08:046 0256 DetectCureTDL3: IrpHandler (1) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (2) addr: 89B021F8

14:30:08:046 0256 DetectCureTDL3: IrpHandler (3) addr: 89B021F8

14:30:08:046 0256 DetectCureTDL3: IrpHandler (4) addr: 89B021F8

14:30:08:046 0256 DetectCureTDL3: IrpHandler (5) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (6) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (7) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (:P addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (9) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (10) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (11) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (12) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (13) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (14) addr: 89B021F8

14:30:08:046 0256 DetectCureTDL3: IrpHandler (15) addr: 89B021F8

14:30:08:046 0256 DetectCureTDL3: IrpHandler (16) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (17) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (18) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (19) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (20) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (21) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (22) addr: 89B021F8

14:30:08:046 0256 DetectCureTDL3: IrpHandler (23) addr: 89B021F8

14:30:08:046 0256 DetectCureTDL3: IrpHandler (24) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (25) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (26) addr: 804F4562

14:30:08:046 0256 KLMD_ReadMem: Trying to ReadMemory 0xB5F1CF26[0x400]

14:30:08:046 0256 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0

14:30:08:046 0256 TDL3_FileDetect: Processing driver: USBSTOR

14:30:08:046 0256 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk

14:30:08:046 0256 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys

14:30:08:046 0256 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys

14:30:08:046 0256 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8A3D8738

14:30:08:046 0256 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3D8738

14:30:08:046 0256 KLMD_ReadMem: Trying to ReadMemory 0x8A3D8738[0x38]

14:30:08:046 0256 DetectCureTDL3: DRIVER_OBJECT addr: 8A3D5890

14:30:08:046 0256 KLMD_ReadMem: Trying to ReadMemory 0x8A3D5890[0xA8]

14:30:08:046 0256 KLMD_ReadMem: Trying to ReadMemory 0xE14FF6A8[0x208]

14:30:08:046 0256 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

14:30:08:046 0256 DetectCureTDL3: IrpHandler (0) addr: BA91EBB0

14:30:08:046 0256 DetectCureTDL3: IrpHandler (1) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (2) addr: BA91EBB0

14:30:08:046 0256 DetectCureTDL3: IrpHandler (3) addr: BA918D1F

14:30:08:046 0256 DetectCureTDL3: IrpHandler (4) addr: BA918D1F

14:30:08:046 0256 DetectCureTDL3: IrpHandler (5) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (6) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (7) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (:P addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (9) addr: BA9192E2

14:30:08:046 0256 DetectCureTDL3: IrpHandler (10) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (11) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (12) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (13) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (14) addr: BA9193BB

14:30:08:046 0256 DetectCureTDL3: IrpHandler (15) addr: BA91CF28

14:30:08:046 0256 DetectCureTDL3: IrpHandler (16) addr: BA9192E2

14:30:08:046 0256 DetectCureTDL3: IrpHandler (17) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (18) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (19) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (20) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (21) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (22) addr: BA91AC82

14:30:08:046 0256 DetectCureTDL3: IrpHandler (23) addr: BA91F99E

14:30:08:046 0256 DetectCureTDL3: IrpHandler (24) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (25) addr: 804F4562

14:30:08:046 0256 DetectCureTDL3: IrpHandler (26) addr: 804F4562

14:30:08:046 0256 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]

14:30:08:046 0256 KLMD_ReadMem: DeviceIoControl error 1

14:30:08:046 0256 TDL3_StartIoHookDetect: Unable to get StartIo handler code

14:30:08:046 0256 TDL3_FileDetect: Processing driver: Disk

14:30:08:046 0256 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk

14:30:08:046 0256 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys

14:30:08:046 0256 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys

14:30:08:062 0256 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8A55B8E8

14:30:08:062 0256 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A55B8E8

14:30:08:062 0256 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8A4A0BF8

14:30:08:062 0256 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A4A0BF8

14:30:08:062 0256 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8A48DD98

14:30:08:062 0256 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A48DD98

14:30:08:062 0256 KLMD_ReadMem: Trying to ReadMemory 0x8A48DD98[0x38]

14:30:08:062 0256 DetectCureTDL3: DRIVER_OBJECT addr: 8A49A968

14:30:08:062 0256 KLMD_ReadMem: Trying to ReadMemory 0x8A49A968[0xA8]

14:30:08:062 0256 KLMD_ReadMem: Trying to ReadMemory 0xE1017A50[0x208]

14:30:08:062 0256 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi

14:30:08:062 0256 DetectCureTDL3: IrpHandler (0) addr: BA5FBB40

14:30:08:062 0256 DetectCureTDL3: IrpHandler (1) addr: 804F4562

14:30:08:062 0256 DetectCureTDL3: IrpHandler (2) addr: BA5FBB40

14:30:08:062 0256 DetectCureTDL3: IrpHandler (3) addr: 804F4562

14:30:08:062 0256 DetectCureTDL3: IrpHandler (4) addr: 804F4562

14:30:08:062 0256 DetectCureTDL3: IrpHandler (5) addr: 804F4562

14:30:08:062 0256 DetectCureTDL3: IrpHandler (6) addr: 804F4562

14:30:08:062 0256 DetectCureTDL3: IrpHandler (7) addr: 804F4562

14:30:08:062 0256 DetectCureTDL3: IrpHandler (:P addr: 804F4562

14:30:08:062 0256 DetectCureTDL3: IrpHandler (9) addr: 804F4562

14:30:08:062 0256 DetectCureTDL3: IrpHandler (10) addr: 804F4562

14:30:08:062 0256 DetectCureTDL3: IrpHandler (11) addr: 804F4562

14:30:08:062 0256 DetectCureTDL3: IrpHandler (12) addr: 804F4562

14:30:08:062 0256 DetectCureTDL3: IrpHandler (13) addr: 804F4562

14:30:08:062 0256 DetectCureTDL3: IrpHandler (14) addr: BA5FBB40

14:30:08:062 0256 DetectCureTDL3: IrpHandler (15) addr: BA5FBB40

14:30:08:062 0256 DetectCureTDL3: IrpHandler (16) addr: 804F4562

14:30:08:062 0256 DetectCureTDL3: IrpHandler (17) addr: 804F4562

14:30:08:062 0256 DetectCureTDL3: IrpHandler (18) addr: 804F4562

14:30:08:062 0256 DetectCureTDL3: IrpHandler (19) addr: 804F4562

14:30:08:062 0256 DetectCureTDL3: IrpHandler (20) addr: 804F4562

14:30:08:062 0256 DetectCureTDL3: IrpHandler (21) addr: 804F4562

14:30:08:062 0256 DetectCureTDL3: IrpHandler (22) addr: BA5FBB40

14:30:08:062 0256 DetectCureTDL3: IrpHandler (23) addr: BA5FBB40

14:30:08:062 0256 DetectCureTDL3: IrpHandler (24) addr: 804F4562

14:30:08:062 0256 DetectCureTDL3: IrpHandler (25) addr: 804F4562

14:30:08:062 0256 DetectCureTDL3: IrpHandler (26) addr: 804F4562

14:30:08:062 0256 KLMD_ReadMem: Trying to ReadMemory 0xBA5F9864[0x400]

14:30:08:062 0256 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0

14:30:08:062 0256 TDL3_FileDetect: Processing driver: atapi

14:30:08:062 0256 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk

14:30:08:062 0256 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys

14:30:08:062 0256 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys

14:30:08:062 0256

Completed

 

Results:

14:30:08:062 0256 Infected objects in memory: 0

14:30:08:062 0256 Cured objects in memory: 0

14:30:08:062 0256 Infected objects on disk: 0

14:30:08:062 0256 Objects on disk cured on reboot: 0

14:30:08:062 0256 Objects on disk deleted on reboot: 0

14:30:08:062 0256 Registry nodes deleted on reboot: 0

14:30:08:062 0256

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonjour wxa,,

Crée ton propre sujet en cliquant sur le bouton Nouveau et tu sera pris en charge par un conseiller/sécu.

 

Sur Zebulon, on ne poste pas dans le sujet d'un autre membre stp.

Ceci pour des raisons de saine organisation.

 

Merci.

 

@++

chimay Junior Member

chimay

Posté(e)
  • Auteur
Posté(e)

Ca y est, j'ai réussi à installer et lancer MBAM, dont voici le rapport (je n'ai pas vidé la quarantaine) :

 

Malwarebytes' Anti-Malware 1.43

Version de la base de données: 3468

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

 

02/01/2010 01:58:11

mbam-log-2010-01-02 (01-58-11).txt

 

Type de recherche: Examen complet (C:\|F:\|G:\|)

Eléments examinés: 284402

Temps écoulé: 2 hour(s), 21 minute(s), 19 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 16

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Trojan.Agent) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Program Files\Steinberg\WaveLab\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.

C:\Program Files\Cycling '74\MaxMSP 4.5\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\Malware Defense\mdefense.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\Malware Defense\mdext.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Program Files\Malware Defense\uninstall.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTipjlcounqm.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTnoeqkexlsr.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\H8SRTswaipsoddj.sys.vir (Malware.Packer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{78E24CB3-7343-475B-86CB-990C20720B42}\RP1399\A0259261.sys (Malware.Packer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{78E24CB3-7343-475B-86CB-990C20720B42}\RP1399\A0259262.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{78E24CB3-7343-475B-86CB-990C20720B42}\RP1399\A0259263.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{78E24CB3-7343-475B-86CB-990C20720B42}\RP1399\A0259330.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{78E24CB3-7343-475B-86CB-990C20720B42}\RP1399\A0259331.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{78E24CB3-7343-475B-86CB-990C20720B42}\RP1399\A0259332.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\Documents and Settings\Frank\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

 

 

 

Celui d'HijackThis lancé ensuite :

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:25:00, on 02/01/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\DeezRip\DeezRipSvc.exe

C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\devldr32.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Borland\IntrBase\BIN\ibserver.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Frank\Bureau\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v0.battle-arenas.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - *{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [interBase Server] "C:\Program Files\Borland\IntrBase\BIN\ibserver.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-21-1844237615-113007714-725345543-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'FRANCK')

O4 - HKUS\S-1-5-21-1844237615-113007714-725345543-1004\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe (User 'FRANCK')

O4 - HKUS\S-1-5-21-1844237615-113007714-725345543-1004\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'FRANCK')

O4 - HKUS\S-1-5-21-1844237615-113007714-725345543-1004\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (User 'FRANCK')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-21-1844237615-113007714-725345543-1004 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'FRANCK')

O4 - S-1-5-21-1844237615-113007714-725345543-1004 User Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'FRANCK')

O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe

O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\MSInfo\MSINF16H.EXE

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://v0.battle-arenas.net

O15 - Trusted Zone: http://www.battle-arenas.net

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - https://ssl-tb.sitadelle.com/selfcare.ceget...FAutoConfig.ocx

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9597CD35-4BEE-4CF5-9960-4805B70D397B}: NameServer = 86.64.145.147 84.103.237.147

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: DeezRip service (DeezRipSvc) - Unknown owner - C:\Program Files\DeezRip\DeezRipSvc.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

 

--

End of file - 11802 bytes

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonjour,

 

Comment se comporte la machine? J'imagine qu'elle doit respirer un peu mieux.

 

Désactive puis réactive la restauration système.

Démarrer/Tous les programmes/Accessoires/Outils Système/

 

Cliquer sur Restauration Système.

 

Cliquer sur "Paramètres de la restauration du système; cocher la case: "Désactiver la Restauration du système sur tous les lecteurs"

Appliquer/OK.

 

Pour réactiver la Restauration système, suivre le même chemin et décocher la case. Appliquer/OK.

 

Fais ces quelques vérifications de sécurité stp.

 

@++

chimay Junior Member

chimay

Posté(e)
  • Auteur
Posté(e)

Bonsoir.

 

Effectivement, ça va mieux !

 

Après la manip' "restauration système", j'ai vérifié les mises à jour ; java en avait besoin. Je saurai dorénavant qu'il est souhaitable de le faire régulièrement :P

 

Question : dois-je (ou puis-je) vider la quarantaine de MBAM ?

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonsoir,

 

Dans ce cas précis, tu peux purger la quarantaine de MBAM.

 

Les autres fois que tu feras une analyse, en cas de doute, laisse toujours une sauvegarde dans cette quarantaine car il peut arriver de faux-positifs, rapidement corrigés en général.

 

Bonne fin de soirée.

 

  • Pense à éditer ton premier post pour rajouter "Résolu" dans le titre. Pour cela clique sur "Editer dans ton premier post. Tu pourras alors changer le titre.

 

:P

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...