[Résolu] Rapport comboFix

[Apollo]

Tant qu'à faire...

 

Oui essaie Gmer en mode sans échec et en le lançant en temps qu'administrateur.

 

Tu peux aussi désactiver l'UAC. (il ne faudra pas oublier de le réactiver plus tard).

 

@++

[lataupe123]

Re,

 

ça a refreezé en mode "normal" et voilà le rapport en mode sans echec :

 

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-01-14 22:32:58

Windows 6.0.6001 Service Pack 1

Running: gmer.exe; Driver: C:\Users\Taupi\AppData\Local\Temp\ugrdqkob.sys

 

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

 

Device -> \Driver\atapi \Device\Harddisk0\DR0 85B28618

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x50 0x6D 0x90 0x02 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x52 0x51 0x7F 0x3F ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA5 0xE3 0x5B 0xCB ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x26 0xFE 0xB2 0x58 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x00 0xD4 0x6A ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFD 0x03 0xC5 0xE0 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCD 0xE5 0x1F 0xB5 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x50 0x6D 0x90 0x02 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x52 0x51 0x7F 0x3F ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA5 0xE3 0x5B 0xCB ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x26 0xFE 0xB2 0x58 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x00 0xD4 0x6A ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFD 0x03 0xC5 0xE0 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCD 0xE5 0x1F 0xB5 ...

 

---- Files - GMER 1.0.15 ----

 

File C:\Users\Taupi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\27TMBMX2\localhost.\amfphp-1.9.beta.20080120 0 bytes

File C:\Users\Taupi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\27TMBMX2\localhost.\amfphp-1.9.beta.20080120\amfphp 0 bytes

File C:\Users\Taupi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\27TMBMX2\localhost.\amfphp-1.9.beta.20080120\amfphp\browser 0 bytes

File C:\Users\Taupi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\27TMBMX2\localhost.\amfphp-1.9.beta.20080120\amfphp\browser\servicebrowser.swf 0 bytes

File C:\Users\Taupi\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#localhost.\settings.sol 80 bytes

File C:\Windows\system32\drivers\atapi.sys suspicious modification

 

---- EOF - GMER 1.0.15 ----

 

et depuis hier soir, le pc rame dur de dur, process windows à 50% et bien sur la somme des process visible est < 10%

 

Voilou

Modifié le 14 janvier 2010 par lataupe123

[Apollo]

Il y a suspicion de modification du driver atapi.sys , on va contrôler ça.

 

Télécharge TDSSKiller.exe et enregistre le sur le bureau et pas ailleurs.

 

http://senduit.com/88c2df

 

Va dans Démarrer/exécuter (ou touches Windows et R) et copie/colle le contenu du cadre ci-dessous:

 

"%userprofile%\bureau\TDSSKiller.exe" -l TDSSlog.txt -v

 

A la fin de l'exécution, appuie sur une touche comme demandé pour fermer la fenêtre.

Un fichier TDSSlog.txt va apparaitre sur ton bureau.

Ouvre le et poste l'intégralité de son contenu dans ta prochaine réponse.

 

@++

[lataupe123]

Chui trop heureux

 

je vois enfin une lueur d'espoir !!!!!

il m'a demandé de rebooter car il avait trouvé un truc, donc j'ai fais yes et apres le reboot, voici le log :

 

22:56:06:626 1608 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25

22:56:06:626 1608 ================================================================================

22:56:06:626 1608 SystemInfo:

 

22:56:06:626 1608 OS Version: 6.0.6001 ServicePack: 1.0

22:56:06:626 1608 Product type: Workstation

22:56:06:626 1608 ComputerName: PC-DE-TAUPI

22:56:06:626 1608 UserName: Taupi

22:56:06:626 1608 Windows directory: C:\Windows

22:56:06:626 1608 Processor architecture: Intel x86

22:56:06:626 1608 Number of processors: 2

22:56:06:626 1608 Page size: 0x1000

22:56:06:626 1608 Boot type: Normal boot

22:56:06:626 1608 ================================================================================

22:56:06:626 1608 UnloadDriverW: NtUnloadDriver error 2

22:56:06:626 1608 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

22:56:06:641 1608 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000

22:56:06:891 1608 UtilityInit: KLMD drop and load success

22:56:06:891 1608 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)

22:56:06:891 1608 UtilityInit: KLMD open success

22:56:06:891 1608 UtilityInit: Initialize success

22:56:06:891 1608

22:56:06:891 1608 Scanning Services ...

22:56:06:891 1608 CreateRegParser: Registry parser init started

22:56:06:891 1608 CreateRegParser: DisableWow64Redirection error

22:56:06:891 1608 wfopen_ex: Trying to open file C:\Windows\system32\config\system

22:56:06:891 1608 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043

22:56:06:891 1608 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

22:56:06:891 1608 wfopen_ex: Trying to KLMD file open

22:56:06:891 1608 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system

22:56:06:891 1608 wfopen_ex: File opened ok (Flags 2)

22:56:06:891 1608 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 1651290

22:56:06:891 1608 wfopen_ex: Trying to open file C:\Windows\system32\config\software

22:56:06:891 1608 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043

22:56:06:891 1608 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

22:56:06:891 1608 wfopen_ex: Trying to KLMD file open

22:56:06:891 1608 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software

22:56:06:891 1608 wfopen_ex: File opened ok (Flags 2)

22:56:06:891 1608 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 16512B8

22:56:06:891 1608 CreateRegParser: EnableWow64Redirection error

22:56:06:891 1608 CreateRegParser: RegParser init completed

22:56:08:467 1608 GetAdvancedServicesInfo: Raw services enum returned 461 services

22:56:08:467 1608 fclose_ex: Trying to close file C:\Windows\system32\config\system

22:56:08:467 1608 fclose_ex: Trying to close file C:\Windows\system32\config\software

22:56:08:467 1608

22:56:08:467 1608 Scanning Kernel memory ...

22:56:08:467 1608 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk

22:56:08:467 1608 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 861FA528

22:56:08:467 1608 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects

22:56:08:467 1608

22:56:08:467 1608 DetectCureTDL3: DEVICE_OBJECT: 86400AC8

22:56:08:467 1608 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86400AC8

22:56:08:467 1608 DetectCureTDL3: DEVICE_OBJECT: 85B47A78

22:56:08:467 1608 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85B47A78

22:56:08:467 1608 DetectCureTDL3: DEVICE_OBJECT: 85B47BA0

22:56:08:467 1608 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85B47BA0

22:56:08:467 1608 KLMD_ReadMem: Trying to ReadMemory 0x85B47BA0[0x38]

22:56:08:467 1608 DetectCureTDL3: DRIVER_OBJECT: 85AF9558

22:56:08:467 1608 KLMD_ReadMem: Trying to ReadMemory 0x85AF9558[0xA8]

22:56:08:467 1608 KLMD_ReadMem: Trying to ReadMemory 0x85AF9508[0x1A]

22:56:08:467 1608 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi

22:56:08:467 1608 DetectCureTDL3: IrpHandler (0) addr: 805BF0FC

22:56:08:467 1608 DetectCureTDL3: IrpHandler (1) addr: 82062FEF

22:56:08:467 1608 DetectCureTDL3: IrpHandler (2) addr: 805BF0FC

22:56:08:467 1608 DetectCureTDL3: IrpHandler (3) addr: 82062FEF

22:56:08:467 1608 DetectCureTDL3: IrpHandler (4) addr: 82062FEF

22:56:08:467 1608 DetectCureTDL3: IrpHandler (5) addr: 82062FEF

22:56:08:467 1608 DetectCureTDL3: IrpHandler (6) addr: 82062FEF

22:56:08:467 1608 DetectCureTDL3: IrpHandler (7) addr: 82062FEF

22:56:08:467 1608 DetectCureTDL3: IrpHandler ( addr: 82062FEF

22:56:08:467 1608 DetectCureTDL3: IrpHandler (9) addr: 82062FEF

22:56:08:467 1608 DetectCureTDL3: IrpHandler (10) addr: 82062FEF

22:56:08:467 1608 DetectCureTDL3: IrpHandler (11) addr: 82062FEF

22:56:08:467 1608 DetectCureTDL3: IrpHandler (12) addr: 82062FEF

22:56:08:467 1608 DetectCureTDL3: IrpHandler (13) addr: 82062FEF

22:56:08:467 1608 DetectCureTDL3: IrpHandler (14) addr: 805AD9D6

22:56:08:467 1608 DetectCureTDL3: IrpHandler (15) addr: 805AD9A8

22:56:08:467 1608 DetectCureTDL3: IrpHandler (16) addr: 82062FEF

22:56:08:467 1608 DetectCureTDL3: IrpHandler (17) addr: 82062FEF

22:56:08:467 1608 DetectCureTDL3: IrpHandler (18) addr: 82062FEF

22:56:08:467 1608 DetectCureTDL3: IrpHandler (19) addr: 82062FEF

22:56:08:467 1608 DetectCureTDL3: IrpHandler (20) addr: 82062FEF

22:56:08:467 1608 DetectCureTDL3: IrpHandler (21) addr: 82062FEF

22:56:08:467 1608 DetectCureTDL3: IrpHandler (22) addr: 805ADA04

22:56:08:467 1608 DetectCureTDL3: IrpHandler (23) addr: 805BAB70

22:56:08:467 1608 DetectCureTDL3: IrpHandler (24) addr: 82062FEF

22:56:08:467 1608 DetectCureTDL3: IrpHandler (25) addr: 82062FEF

22:56:08:467 1608 DetectCureTDL3: IrpHandler (26) addr: 82062FEF

22:56:08:467 1608 KLMD_ReadMem: Trying to ReadMemory 0x85B1F4BF[0x400]

22:56:08:467 1608 TDL3_StartIoHookDetect: CheckParameters: 9, FFDF0308, 1

22:56:08:467 1608 Driver "atapi" StartIo handler infected by TDSS rootkit ... 22:56:08:467 1608 TDL3_StartIoHookCure: Number of patches 1

22:56:08:467 1608 KLMD_WriteMem: Trying to WriteMemory 0x85B1F5B6[0x6]

22:56:08:467 1608 cured

22:56:08:467 1608 TDL3_FileDetect: Processing driver: atapi

22:56:08:467 1608 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys

22:56:08:467 1608 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys

22:56:08:467 1608 TDL3_FileDetect: C:\Windows\system32\drivers\atapi.sys - Verdict: Clean

22:56:08:467 1608

22:56:08:467 1608 DetectCureTDL3: DEVICE_OBJECT: 862FD968

22:56:08:467 1608 KLMD_GetLowerDeviceObject: Trying to get lower device object for 862FD968

22:56:08:467 1608 DetectCureTDL3: DEVICE_OBJECT: 85AB48A8

22:56:08:467 1608 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85AB48A8

22:56:08:467 1608 KLMD_ReadMem: Trying to ReadMemory 0x85AB48A8[0x38]

22:56:08:467 1608 DetectCureTDL3: DRIVER_OBJECT: 84D59D58

22:56:08:467 1608 KLMD_ReadMem: Trying to ReadMemory 0x84D59D58[0xA8]

22:56:08:467 1608 KLMD_ReadMem: Trying to ReadMemory 0x85158028[0x38]

22:56:08:467 1608 KLMD_ReadMem: Trying to ReadMemory 0x85AF9558[0xA8]

22:56:08:467 1608 KLMD_ReadMem: Trying to ReadMemory 0x85AF9508[0x1A]

22:56:08:467 1608 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi

22:56:08:467 1608 DetectCureTDL3: IrpHandler (0) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (1) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (2) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (3) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (4) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (5) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (6) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (7) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler ( addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (9) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (10) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (11) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (12) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (13) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (14) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (15) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (16) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (17) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (18) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (19) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (20) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (21) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (22) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (23) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (24) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (25) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: IrpHandler (26) addr: 85B1F618

22:56:08:467 1608 DetectCureTDL3: All IRP handlers pointed to one addr: 85B1F618

22:56:08:467 1608 KLMD_ReadMem: Trying to ReadMemory 0x85B1F618[0x400]

22:56:08:467 1608 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 313, 101, 3, 89

22:56:08:467 1608 Driver "atapi" Irp handler infected by TDSS rootkit ... 22:56:08:467 1608 KLMD_WriteMem: Trying to WriteMemory 0x85B1F67D[0xD]

22:56:08:467 1608 cured

22:56:08:467 1608 KLMD_ReadMem: Trying to ReadMemory 0x85B1F4BF[0x400]

22:56:08:467 1608 TDL3_StartIoHookDetect: CheckParameters: 9, FFDF0308, 0

22:56:08:467 1608 TDL3_FileDetect: Processing driver: atapi

22:56:08:467 1608 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys

22:56:08:467 1608 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys

22:56:08:482 1608 TDL3_FileDetect: C:\Windows\system32\drivers\atapi.sys - Verdict: Infected

22:56:08:482 1608 File C:\Windows\system32\drivers\atapi.sys infected by TDSS rootkit ... 22:56:08:498 1608 TDL3_FileCure: Processing driver file: C:\Windows\system32\drivers\atapi.sys

22:56:09:855 1608 FileCallback: Backup candidate found: C:\Windows\system32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys:21560, checking..

22:56:10:198 1608 ValidateDriverFile: Stage 1 passed

22:56:10:198 1608 ValidateDriverFile: Stage 2 passed

22:56:10:307 1608 DigitalSignVerifyByHandle: Embedded DS result: 00000000

22:56:10:307 1608 ValidateDriverFile: Stage 3 passed

22:56:10:307 1608 FileCallback: File validated successfully, restore information prepared

22:56:11:493 1608 FindDriverFileBackup: Backup copy found in DriverStore

22:56:11:493 1608 TDL3_FileCure: Backup copy found, using it..

22:56:11:493 1608 TDL3_FileCure: Dumping cured buffer to file C:\Windows\system32\drivers\tsk623B.tmp

22:56:11:540 1608 TDL3_FileCure: New / Old Image paths: (system32\drivers\tsk623B.tmp, system32\drivers\atapi.sys)

22:56:11:649 1608 TDL3_FileCure: KLMD jobs schedule success

22:56:11:649 1608 will be cured on next reboot

22:56:11:649 1608 UtilityBootReinit: Reboot required for cure complete..

22:56:11:649 1608 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmdb.sys) returned status 00000000

22:56:11:774 1608 UtilityBootReinit: KLMD drop success

22:56:11:774 1608 KLMD_ApplyPendList: Pending buffer(39E0_504A, 616) dropped successfully

22:56:11:774 1608 UtilityBootReinit: Cure on reboot scheduled successfully

22:56:11:774 1608

22:56:11:774 1608 Completed

22:56:11:774 1608

22:56:11:774 1608 Results:

22:56:11:774 1608 Memory objects infected / cured / cured on reboot: 2 / 2 / 0

22:56:11:774 1608 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

22:56:11:774 1608 File objects infected / cured / cured on reboot: 1 / 0 / 1

22:56:11:774 1608

22:56:11:774 1608 UnloadDriverW: NtUnloadDriver error 1

22:56:11:774 1608 KLMD_Unload: UnloadDriverW(klmd21) error 1

22:56:11:867 1608 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000

22:56:11:867 1608 UtilityDeinit: KLMD(ARK) unloaded successfully

 

 

Voilou, alors docteur ?

[Apollo]

En tous cas, Kaspersky a trouvé ce que ComboFix et MBAM n'avaient pas vu (pas encore car ils évoluent).

 

Gmer est aussi précieux.

 

Si tu veux des renseignements sur ce tool: C'est par ici

 

Qu'en dit le pc? Il y a amélioration?

 

Je te suggère de relancer MBAM après mise à jour en analyse rapide.

 

Fixe ce qu'il trouve et prends le rapport stp.

 

@++

[lataupe123]

La navigation marche nikel sous ie, sous ff j'ai eu un redirect mais j'ai ouvert tellement de fenêtre pour testé que je pense que ce n'était rien de grave car ensuite plus rien.

 

 

voici le rapport malwarebytes

 

 

Malwarebytes' Anti-Malware 1.44

Version de la base de données: 3565

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

 

14/01/2010 23:36:06

mbam-log-2010-01-14 (23-36-06).txt

 

Type de recherche: Examen rapide

Eléments examinés: 101646

Temps écoulé: 5 minute(s), 54 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

 

J'ai aussi réinstallé antivir v9 avec ce tuto http://www.vista-xp.fr/forum/topic4162.html et cette vidéo http://www.malekal.com/fichiers/antivir/Co...onAntivirV9.avi

 

demain je virerais norton qui n'a servi strictement à rien...

 

En tout cas UN GRAND GRAND MERCI A TOI /clap

Vraiment super sympa

 

Si tu veux que je fasse d'autres tests je serais dispo demain.

Là je vais me coucher.

 

Bonne nuit et merci encore

 

Léo

[Apollo]

Antivir est très bon pour un gratuit (c'est le meilleur).

 

Pour virer Norton, tu as cet outil: Remover Symantec/Norton

 

Pour Firefox, je pense que tu devrais repartir sur des bases saines, c'est à dire le désinstaller, virer son dossier en Program Files et ailleurs s'ils existent, et le réinstaller.

 

Opera est également un bon navigateur.

 

Et si un jour, tu veux investir dans une solution de sécurité vraiment complète:

 

http://www.kaspersky.com/fr/internet_security_trial

 

Je dis investir, car ça l'est vraiment; je n'ai aucune infection depuis 4 ans qu'Eugène est sur ma machine...

 

J'en ai qu'une alors j'y tiens...

 

@++