Services.exe : 100% CPU dans tous les modes

laidet · le 1 février 2010

Merci d'avance pour votre aide.....

Falkra · le 2 février 2010

Bonsoir, j'ai été absent un moment, actuellement, je suis à nouveau présent.

Il y a une sale bestiole.

Télécharge load_tdsskiller de Loup Blanc sur ton Bureau en cliquant sur ce lien :

http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe

Cet outil est conçu pour automatiser différentes tâches proposées par TDSSKiller, un fix de Kaspersky.

Lance load_tdsskiller en double-cliquant dessus : l'outil va se connecter au Net pour télécharger une copie à jour de TDSSKiller, puis va lancer le scan
A la fin du scan, appuie sur une touche pour continuer, comme l'indique le message dans la fenêtre noire d'invite de commande
Le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (le fichier est également présent ici : C:\tdsskiller\report.txt)
Fais redémarrer ton PC

laidet · le 3 février 2010

Bonjour, merci pour le retour

Ci dessous le rapport :

08:58:59:640 1428 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25

08:58:59:640 1428 ================================================================================

08:58:59:640 1428 SystemInfo:

08:58:59:640 1428 OS Version: 5.1.2600 ServicePack: 2.0

08:58:59:640 1428 Product type: Workstation

08:58:59:640 1428 ComputerName: AURÉLIEN

08:58:59:640 1428 UserName: install

08:58:59:640 1428 Windows directory: C:\WINDOWS

08:58:59:640 1428 Processor architecture: Intel x86

08:58:59:640 1428 Number of processors: 1

08:58:59:640 1428 Page size: 0x1000

08:58:59:734 1428 Boot type: Normal boot

08:58:59:734 1428 ================================================================================

08:58:59:796 1428 UnloadDriverW: NtUnloadDriver error 2

08:58:59:796 1428 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

08:58:59:796 1428 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000

08:58:59:796 1428 UtilityInit: KLMD drop and load success

08:58:59:796 1428 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)

08:58:59:796 1428 UtilityInit: KLMD open success

08:58:59:796 1428 UtilityInit: Initialize success

08:58:59:796 1428

08:58:59:796 1428 Scanning Services ...

08:58:59:796 1428 CreateRegParser: Registry parser init started

08:58:59:796 1428 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127

08:58:59:796 1428 CreateRegParser: DisableWow64Redirection error

08:58:59:796 1428 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system

08:58:59:796 1428 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043

08:58:59:796 1428 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

08:58:59:796 1428 wfopen_ex: Trying to KLMD file open

08:58:59:796 1428 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system

08:58:59:796 1428 wfopen_ex: File opened ok (Flags 2)

08:58:59:796 1428 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: AD49B0

08:58:59:796 1428 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software

08:58:59:796 1428 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043

08:58:59:796 1428 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

08:58:59:796 1428 wfopen_ex: Trying to KLMD file open

08:58:59:796 1428 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software

08:58:59:796 1428 wfopen_ex: File opened ok (Flags 2)

08:58:59:796 1428 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: AD4A18

08:58:59:796 1428 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127

08:58:59:796 1428 CreateRegParser: EnableWow64Redirection error

08:58:59:796 1428 CreateRegParser: RegParser init completed

08:59:00:250 1428 GetAdvancedServicesInfo: Raw services enum returned 378 services

08:59:00:265 1428 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system

08:59:00:265 1428 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software

08:59:00:265 1428

08:59:00:296 1428 Scanning Kernel memory ...

08:59:00:296 1428 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk

08:59:00:296 1428 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 86F53E18

08:59:00:296 1428 DetectCureTDL3: KLMD_GetDeviceObjectList returned 8 DevObjects

08:59:00:296 1428

08:59:00:296 1428 DetectCureTDL3: DEVICE_OBJECT: 857B68B8

08:59:00:296 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 857B68B8

08:59:00:296 1428 KLMD_ReadMem: Trying to ReadMemory 0x857B68B8[0x38]

08:59:00:296 1428 DetectCureTDL3: DRIVER_OBJECT: 86F53E18

08:59:00:296 1428 KLMD_ReadMem: Trying to ReadMemory 0x86F53E18[0xA8]

08:59:00:296 1428 KLMD_ReadMem: Trying to ReadMemory 0xE1C20A28[0x18]

08:59:00:296 1428 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

08:59:00:296 1428 DetectCureTDL3: IrpHandler (0) addr: F750DC30

08:59:00:296 1428 DetectCureTDL3: IrpHandler (1) addr: 804FB8DE

08:59:00:296 1428 DetectCureTDL3: IrpHandler (2) addr: F750DC30

08:59:00:296 1428 DetectCureTDL3: IrpHandler (3) addr: F7507D9B

08:59:00:296 1428 DetectCureTDL3: IrpHandler (4) addr: F7507D9B

08:59:00:296 1428 DetectCureTDL3: IrpHandler (5) addr: 804FB8DE

08:59:00:296 1428 DetectCureTDL3: IrpHandler (6) addr: 804FB8DE

08:59:00:296 1428 DetectCureTDL3: IrpHandler (7) addr: 804FB8DE

08:59:00:296 1428 DetectCureTDL3: IrpHandler ( addr: 804FB8DE

08:59:00:296 1428 DetectCureTDL3: IrpHandler (9) addr: F7508366

08:59:00:296 1428 DetectCureTDL3: IrpHandler (10) addr: 804FB8DE

08:59:00:296 1428 DetectCureTDL3: IrpHandler (11) addr: 804FB8DE

08:59:00:296 1428 DetectCureTDL3: IrpHandler (12) addr: 804FB8DE

08:59:00:296 1428 DetectCureTDL3: IrpHandler (13) addr: 804FB8DE

08:59:00:296 1428 DetectCureTDL3: IrpHandler (14) addr: F750844D

08:59:00:296 1428 DetectCureTDL3: IrpHandler (15) addr: F750BFC3

08:59:00:296 1428 DetectCureTDL3: IrpHandler (16) addr: F7508366

08:59:00:296 1428 DetectCureTDL3: IrpHandler (17) addr: 804FB8DE

08:59:00:296 1428 DetectCureTDL3: IrpHandler (18) addr: 804FB8DE

08:59:00:296 1428 DetectCureTDL3: IrpHandler (19) addr: 804FB8DE

08:59:00:296 1428 DetectCureTDL3: IrpHandler (20) addr: 804FB8DE

08:59:00:296 1428 DetectCureTDL3: IrpHandler (21) addr: 804FB8DE

08:59:00:296 1428 DetectCureTDL3: IrpHandler (22) addr: F7509EF3

08:59:00:296 1428 DetectCureTDL3: IrpHandler (23) addr: F750EA24

08:59:00:296 1428 DetectCureTDL3: IrpHandler (24) addr: 804FB8DE

08:59:00:296 1428 DetectCureTDL3: IrpHandler (25) addr: 804FB8DE

08:59:00:296 1428 DetectCureTDL3: IrpHandler (26) addr: 804FB8DE

08:59:00:296 1428 TDL3_FileDetect: Processing driver: Disk

08:59:00:296 1428 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

08:59:00:296 1428 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

08:59:00:328 1428 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

08:59:00:328 1428

08:59:00:328 1428 DetectCureTDL3: DEVICE_OBJECT: 856C7AB8

08:59:00:328 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 856C7AB8

08:59:00:328 1428 DetectCureTDL3: DEVICE_OBJECT: 860A97E0

08:59:00:328 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 860A97E0

08:59:00:328 1428 KLMD_ReadMem: Trying to ReadMemory 0x860A97E0[0x38]

08:59:00:328 1428 DetectCureTDL3: DRIVER_OBJECT: 86A069E0

08:59:00:328 1428 KLMD_ReadMem: Trying to ReadMemory 0x86A069E0[0xA8]

08:59:00:328 1428 KLMD_ReadMem: Trying to ReadMemory 0xE1FC68C8[0x1E]

08:59:00:328 1428 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

08:59:00:328 1428 DetectCureTDL3: IrpHandler (0) addr: F7764218

08:59:00:328 1428 DetectCureTDL3: IrpHandler (1) addr: 804FB8DE

08:59:00:328 1428 DetectCureTDL3: IrpHandler (2) addr: F7764218

08:59:00:328 1428 DetectCureTDL3: IrpHandler (3) addr: F776423C

08:59:00:328 1428 DetectCureTDL3: IrpHandler (4) addr: F776423C

08:59:00:328 1428 DetectCureTDL3: IrpHandler (5) addr: 804FB8DE

08:59:00:328 1428 DetectCureTDL3: IrpHandler (6) addr: 804FB8DE

08:59:00:328 1428 DetectCureTDL3: IrpHandler (7) addr: 804FB8DE

08:59:00:328 1428 DetectCureTDL3: IrpHandler ( addr: 804FB8DE

08:59:00:328 1428 DetectCureTDL3: IrpHandler (9) addr: 804FB8DE

08:59:00:328 1428 DetectCureTDL3: IrpHandler (10) addr: 804FB8DE

08:59:00:328 1428 DetectCureTDL3: IrpHandler (11) addr: 804FB8DE

08:59:00:328 1428 DetectCureTDL3: IrpHandler (12) addr: 804FB8DE

08:59:00:328 1428 DetectCureTDL3: IrpHandler (13) addr: 804FB8DE

08:59:00:328 1428 DetectCureTDL3: IrpHandler (14) addr: F7764180

08:59:00:328 1428 DetectCureTDL3: IrpHandler (15) addr: F74D895C

08:59:00:328 1428 DetectCureTDL3: IrpHandler (16) addr: 804FB8DE

08:59:00:328 1428 DetectCureTDL3: IrpHandler (17) addr: 804FB8DE

08:59:00:328 1428 DetectCureTDL3: IrpHandler (18) addr: 804FB8DE

08:59:00:328 1428 DetectCureTDL3: IrpHandler (19) addr: 804FB8DE

08:59:00:328 1428 DetectCureTDL3: IrpHandler (20) addr: 804FB8DE

08:59:00:328 1428 DetectCureTDL3: IrpHandler (21) addr: 804FB8DE

08:59:00:328 1428 DetectCureTDL3: IrpHandler (22) addr: F77635F0

08:59:00:328 1428 DetectCureTDL3: IrpHandler (23) addr: F7761A6E

08:59:00:328 1428 DetectCureTDL3: IrpHandler (24) addr: 804FB8DE

08:59:00:328 1428 DetectCureTDL3: IrpHandler (25) addr: 804FB8DE

08:59:00:328 1428 DetectCureTDL3: IrpHandler (26) addr: 804FB8DE

08:59:00:328 1428 KLMD_ReadMem: Trying to ReadMemory 0xF7760F26[0x400]

08:59:00:328 1428 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

08:59:00:328 1428 TDL3_FileDetect: Processing driver: USBSTOR

08:59:00:328 1428 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:59:00:328 1428 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:59:00:390 1428 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

08:59:00:390 1428

08:59:00:390 1428 DetectCureTDL3: DEVICE_OBJECT: 86CD2440

08:59:00:390 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86CD2440

08:59:00:390 1428 KLMD_ReadMem: Trying to ReadMemory 0x86CD2440[0x38]

08:59:00:390 1428 DetectCureTDL3: DRIVER_OBJECT: 86F53E18

08:59:00:390 1428 KLMD_ReadMem: Trying to ReadMemory 0x86F53E18[0xA8]

08:59:00:390 1428 KLMD_ReadMem: Trying to ReadMemory 0xE1C20A28[0x18]

08:59:00:390 1428 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

08:59:00:390 1428 DetectCureTDL3: IrpHandler (0) addr: F750DC30

08:59:00:390 1428 DetectCureTDL3: IrpHandler (1) addr: 804FB8DE

08:59:00:390 1428 DetectCureTDL3: IrpHandler (2) addr: F750DC30

08:59:00:390 1428 DetectCureTDL3: IrpHandler (3) addr: F7507D9B

08:59:00:390 1428 DetectCureTDL3: IrpHandler (4) addr: F7507D9B

08:59:00:390 1428 DetectCureTDL3: IrpHandler (5) addr: 804FB8DE

08:59:00:390 1428 DetectCureTDL3: IrpHandler (6) addr: 804FB8DE

08:59:00:390 1428 DetectCureTDL3: IrpHandler (7) addr: 804FB8DE

08:59:00:390 1428 DetectCureTDL3: IrpHandler ( addr: 804FB8DE

08:59:00:390 1428 DetectCureTDL3: IrpHandler (9) addr: F7508366

08:59:00:390 1428 DetectCureTDL3: IrpHandler (10) addr: 804FB8DE

08:59:00:390 1428 DetectCureTDL3: IrpHandler (11) addr: 804FB8DE

08:59:00:390 1428 DetectCureTDL3: IrpHandler (12) addr: 804FB8DE

08:59:00:390 1428 DetectCureTDL3: IrpHandler (13) addr: 804FB8DE

08:59:00:390 1428 DetectCureTDL3: IrpHandler (14) addr: F750844D

08:59:00:390 1428 DetectCureTDL3: IrpHandler (15) addr: F750BFC3

08:59:00:390 1428 DetectCureTDL3: IrpHandler (16) addr: F7508366

08:59:00:390 1428 DetectCureTDL3: IrpHandler (17) addr: 804FB8DE

08:59:00:390 1428 DetectCureTDL3: IrpHandler (18) addr: 804FB8DE

08:59:00:390 1428 DetectCureTDL3: IrpHandler (19) addr: 804FB8DE

08:59:00:390 1428 DetectCureTDL3: IrpHandler (20) addr: 804FB8DE

08:59:00:390 1428 DetectCureTDL3: IrpHandler (21) addr: 804FB8DE

08:59:00:390 1428 DetectCureTDL3: IrpHandler (22) addr: F7509EF3

08:59:00:390 1428 DetectCureTDL3: IrpHandler (23) addr: F750EA24

08:59:00:390 1428 DetectCureTDL3: IrpHandler (24) addr: 804FB8DE

08:59:00:390 1428 DetectCureTDL3: IrpHandler (25) addr: 804FB8DE

08:59:00:390 1428 DetectCureTDL3: IrpHandler (26) addr: 804FB8DE

08:59:00:390 1428 TDL3_FileDetect: Processing driver: Disk

08:59:00:390 1428 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

08:59:00:390 1428 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

08:59:00:421 1428 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

08:59:00:421 1428

08:59:00:421 1428 DetectCureTDL3: DEVICE_OBJECT: 86B16260

08:59:00:421 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86B16260

08:59:00:421 1428 DetectCureTDL3: DEVICE_OBJECT: 86A17938

08:59:00:421 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86A17938

08:59:00:421 1428 KLMD_ReadMem: Trying to ReadMemory 0x86A17938[0x38]

08:59:00:421 1428 DetectCureTDL3: DRIVER_OBJECT: 86A069E0

08:59:00:421 1428 KLMD_ReadMem: Trying to ReadMemory 0x86A069E0[0xA8]

08:59:00:421 1428 KLMD_ReadMem: Trying to ReadMemory 0xE1FC68C8[0x1E]

08:59:00:421 1428 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

08:59:00:421 1428 DetectCureTDL3: IrpHandler (0) addr: F7764218

08:59:00:421 1428 DetectCureTDL3: IrpHandler (1) addr: 804FB8DE

08:59:00:421 1428 DetectCureTDL3: IrpHandler (2) addr: F7764218

08:59:00:421 1428 DetectCureTDL3: IrpHandler (3) addr: F776423C

08:59:00:421 1428 DetectCureTDL3: IrpHandler (4) addr: F776423C

08:59:00:421 1428 DetectCureTDL3: IrpHandler (5) addr: 804FB8DE

08:59:00:421 1428 DetectCureTDL3: IrpHandler (6) addr: 804FB8DE

08:59:00:421 1428 DetectCureTDL3: IrpHandler (7) addr: 804FB8DE

08:59:00:421 1428 DetectCureTDL3: IrpHandler ( addr: 804FB8DE

08:59:00:421 1428 DetectCureTDL3: IrpHandler (9) addr: 804FB8DE

08:59:00:421 1428 DetectCureTDL3: IrpHandler (10) addr: 804FB8DE

08:59:00:421 1428 DetectCureTDL3: IrpHandler (11) addr: 804FB8DE

08:59:00:421 1428 DetectCureTDL3: IrpHandler (12) addr: 804FB8DE

08:59:00:421 1428 DetectCureTDL3: IrpHandler (13) addr: 804FB8DE

08:59:00:421 1428 DetectCureTDL3: IrpHandler (14) addr: F7764180

08:59:00:421 1428 DetectCureTDL3: IrpHandler (15) addr: F74D895C

08:59:00:421 1428 DetectCureTDL3: IrpHandler (16) addr: 804FB8DE

08:59:00:421 1428 DetectCureTDL3: IrpHandler (17) addr: 804FB8DE

08:59:00:421 1428 DetectCureTDL3: IrpHandler (18) addr: 804FB8DE

08:59:00:421 1428 DetectCureTDL3: IrpHandler (19) addr: 804FB8DE

08:59:00:421 1428 DetectCureTDL3: IrpHandler (20) addr: 804FB8DE

08:59:00:421 1428 DetectCureTDL3: IrpHandler (21) addr: 804FB8DE

08:59:00:421 1428 DetectCureTDL3: IrpHandler (22) addr: F77635F0

08:59:00:421 1428 DetectCureTDL3: IrpHandler (23) addr: F7761A6E

08:59:00:421 1428 DetectCureTDL3: IrpHandler (24) addr: 804FB8DE

08:59:00:421 1428 DetectCureTDL3: IrpHandler (25) addr: 804FB8DE

08:59:00:421 1428 DetectCureTDL3: IrpHandler (26) addr: 804FB8DE

08:59:00:421 1428 KLMD_ReadMem: Trying to ReadMemory 0xF7760F26[0x400]

08:59:00:421 1428 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

08:59:00:421 1428 TDL3_FileDetect: Processing driver: USBSTOR

08:59:00:421 1428 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:59:00:421 1428 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:59:00:484 1428 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

08:59:00:484 1428

08:59:00:484 1428 DetectCureTDL3: DEVICE_OBJECT: 86F4D8A0

08:59:00:484 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F4D8A0

08:59:00:484 1428 KLMD_ReadMem: Trying to ReadMemory 0x86F4D8A0[0x38]

08:59:00:484 1428 DetectCureTDL3: DRIVER_OBJECT: 86F53E18

08:59:00:484 1428 KLMD_ReadMem: Trying to ReadMemory 0x86F53E18[0xA8]

08:59:00:484 1428 KLMD_ReadMem: Trying to ReadMemory 0xE1C20A28[0x18]

08:59:00:484 1428 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

08:59:00:484 1428 DetectCureTDL3: IrpHandler (0) addr: F750DC30

08:59:00:484 1428 DetectCureTDL3: IrpHandler (1) addr: 804FB8DE

08:59:00:484 1428 DetectCureTDL3: IrpHandler (2) addr: F750DC30

08:59:00:484 1428 DetectCureTDL3: IrpHandler (3) addr: F7507D9B

08:59:00:484 1428 DetectCureTDL3: IrpHandler (4) addr: F7507D9B

08:59:00:484 1428 DetectCureTDL3: IrpHandler (5) addr: 804FB8DE

08:59:00:484 1428 DetectCureTDL3: IrpHandler (6) addr: 804FB8DE

08:59:00:484 1428 DetectCureTDL3: IrpHandler (7) addr: 804FB8DE

08:59:00:484 1428 DetectCureTDL3: IrpHandler ( addr: 804FB8DE

08:59:00:484 1428 DetectCureTDL3: IrpHandler (9) addr: F7508366

08:59:00:484 1428 DetectCureTDL3: IrpHandler (10) addr: 804FB8DE

08:59:00:484 1428 DetectCureTDL3: IrpHandler (11) addr: 804FB8DE

08:59:00:484 1428 DetectCureTDL3: IrpHandler (12) addr: 804FB8DE

08:59:00:484 1428 DetectCureTDL3: IrpHandler (13) addr: 804FB8DE

08:59:00:484 1428 DetectCureTDL3: IrpHandler (14) addr: F750844D

08:59:00:484 1428 DetectCureTDL3: IrpHandler (15) addr: F750BFC3

08:59:00:484 1428 DetectCureTDL3: IrpHandler (16) addr: F7508366

08:59:00:484 1428 DetectCureTDL3: IrpHandler (17) addr: 804FB8DE

08:59:00:484 1428 DetectCureTDL3: IrpHandler (18) addr: 804FB8DE

08:59:00:484 1428 DetectCureTDL3: IrpHandler (19) addr: 804FB8DE

08:59:00:484 1428 DetectCureTDL3: IrpHandler (20) addr: 804FB8DE

08:59:00:484 1428 DetectCureTDL3: IrpHandler (21) addr: 804FB8DE

08:59:00:484 1428 DetectCureTDL3: IrpHandler (22) addr: F7509EF3

08:59:00:484 1428 DetectCureTDL3: IrpHandler (23) addr: F750EA24

08:59:00:484 1428 DetectCureTDL3: IrpHandler (24) addr: 804FB8DE

08:59:00:484 1428 DetectCureTDL3: IrpHandler (25) addr: 804FB8DE

08:59:00:484 1428 DetectCureTDL3: IrpHandler (26) addr: 804FB8DE

08:59:00:484 1428 TDL3_FileDetect: Processing driver: Disk

08:59:00:484 1428 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

08:59:00:484 1428 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

08:59:00:515 1428 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

08:59:00:515 1428

08:59:00:515 1428 DetectCureTDL3: DEVICE_OBJECT: 86F4DC68

08:59:00:515 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F4DC68

08:59:00:515 1428 KLMD_ReadMem: Trying to ReadMemory 0x86F4DC68[0x38]

08:59:00:515 1428 DetectCureTDL3: DRIVER_OBJECT: 86F53E18

08:59:00:515 1428 KLMD_ReadMem: Trying to ReadMemory 0x86F53E18[0xA8]

08:59:00:515 1428 KLMD_ReadMem: Trying to ReadMemory 0xE1C20A28[0x18]

08:59:00:515 1428 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

08:59:00:515 1428 DetectCureTDL3: IrpHandler (0) addr: F750DC30

08:59:00:515 1428 DetectCureTDL3: IrpHandler (1) addr: 804FB8DE

08:59:00:515 1428 DetectCureTDL3: IrpHandler (2) addr: F750DC30

08:59:00:515 1428 DetectCureTDL3: IrpHandler (3) addr: F7507D9B

08:59:00:515 1428 DetectCureTDL3: IrpHandler (4) addr: F7507D9B

08:59:00:515 1428 DetectCureTDL3: IrpHandler (5) addr: 804FB8DE

08:59:00:515 1428 DetectCureTDL3: IrpHandler (6) addr: 804FB8DE

08:59:00:515 1428 DetectCureTDL3: IrpHandler (7) addr: 804FB8DE

08:59:00:515 1428 DetectCureTDL3: IrpHandler ( addr: 804FB8DE

08:59:00:515 1428 DetectCureTDL3: IrpHandler (9) addr: F7508366

08:59:00:515 1428 DetectCureTDL3: IrpHandler (10) addr: 804FB8DE

08:59:00:515 1428 DetectCureTDL3: IrpHandler (11) addr: 804FB8DE

08:59:00:515 1428 DetectCureTDL3: IrpHandler (12) addr: 804FB8DE

08:59:00:515 1428 DetectCureTDL3: IrpHandler (13) addr: 804FB8DE

08:59:00:515 1428 DetectCureTDL3: IrpHandler (14) addr: F750844D

08:59:00:515 1428 DetectCureTDL3: IrpHandler (15) addr: F750BFC3

08:59:00:515 1428 DetectCureTDL3: IrpHandler (16) addr: F7508366

08:59:00:515 1428 DetectCureTDL3: IrpHandler (17) addr: 804FB8DE

08:59:00:515 1428 DetectCureTDL3: IrpHandler (18) addr: 804FB8DE

08:59:00:515 1428 DetectCureTDL3: IrpHandler (19) addr: 804FB8DE

08:59:00:515 1428 DetectCureTDL3: IrpHandler (20) addr: 804FB8DE

08:59:00:515 1428 DetectCureTDL3: IrpHandler (21) addr: 804FB8DE

08:59:00:515 1428 DetectCureTDL3: IrpHandler (22) addr: F7509EF3

08:59:00:515 1428 DetectCureTDL3: IrpHandler (23) addr: F750EA24

08:59:00:515 1428 DetectCureTDL3: IrpHandler (24) addr: 804FB8DE

08:59:00:515 1428 DetectCureTDL3: IrpHandler (25) addr: 804FB8DE

08:59:00:515 1428 DetectCureTDL3: IrpHandler (26) addr: 804FB8DE

08:59:00:515 1428 TDL3_FileDetect: Processing driver: Disk

08:59:00:515 1428 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

08:59:00:515 1428 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

08:59:00:546 1428 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

08:59:00:546 1428

08:59:00:546 1428 DetectCureTDL3: DEVICE_OBJECT: 86F4D030

08:59:00:546 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F4D030

08:59:00:546 1428 KLMD_ReadMem: Trying to ReadMemory 0x86F4D030[0x38]

08:59:00:546 1428 DetectCureTDL3: DRIVER_OBJECT: 86F53E18

08:59:00:546 1428 KLMD_ReadMem: Trying to ReadMemory 0x86F53E18[0xA8]

08:59:00:546 1428 KLMD_ReadMem: Trying to ReadMemory 0xE1C20A28[0x18]

08:59:00:546 1428 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

08:59:00:546 1428 DetectCureTDL3: IrpHandler (0) addr: F750DC30

08:59:00:546 1428 DetectCureTDL3: IrpHandler (1) addr: 804FB8DE

08:59:00:546 1428 DetectCureTDL3: IrpHandler (2) addr: F750DC30

08:59:00:546 1428 DetectCureTDL3: IrpHandler (3) addr: F7507D9B

08:59:00:546 1428 DetectCureTDL3: IrpHandler (4) addr: F7507D9B

08:59:00:546 1428 DetectCureTDL3: IrpHandler (5) addr: 804FB8DE

08:59:00:546 1428 DetectCureTDL3: IrpHandler (6) addr: 804FB8DE

08:59:00:546 1428 DetectCureTDL3: IrpHandler (7) addr: 804FB8DE

08:59:00:546 1428 DetectCureTDL3: IrpHandler ( addr: 804FB8DE

08:59:00:546 1428 DetectCureTDL3: IrpHandler (9) addr: F7508366

08:59:00:546 1428 DetectCureTDL3: IrpHandler (10) addr: 804FB8DE

08:59:00:546 1428 DetectCureTDL3: IrpHandler (11) addr: 804FB8DE

08:59:00:546 1428 DetectCureTDL3: IrpHandler (12) addr: 804FB8DE

08:59:00:546 1428 DetectCureTDL3: IrpHandler (13) addr: 804FB8DE

08:59:00:546 1428 DetectCureTDL3: IrpHandler (14) addr: F750844D

08:59:00:546 1428 DetectCureTDL3: IrpHandler (15) addr: F750BFC3

08:59:00:546 1428 DetectCureTDL3: IrpHandler (16) addr: F7508366

08:59:00:546 1428 DetectCureTDL3: IrpHandler (17) addr: 804FB8DE

08:59:00:546 1428 DetectCureTDL3: IrpHandler (18) addr: 804FB8DE

08:59:00:546 1428 DetectCureTDL3: IrpHandler (19) addr: 804FB8DE

08:59:00:546 1428 DetectCureTDL3: IrpHandler (20) addr: 804FB8DE

08:59:00:546 1428 DetectCureTDL3: IrpHandler (21) addr: 804FB8DE

08:59:00:546 1428 DetectCureTDL3: IrpHandler (22) addr: F7509EF3

08:59:00:546 1428 DetectCureTDL3: IrpHandler (23) addr: F750EA24

08:59:00:546 1428 DetectCureTDL3: IrpHandler (24) addr: 804FB8DE

08:59:00:546 1428 DetectCureTDL3: IrpHandler (25) addr: 804FB8DE

08:59:00:546 1428 DetectCureTDL3: IrpHandler (26) addr: 804FB8DE

08:59:00:546 1428 TDL3_FileDetect: Processing driver: Disk

08:59:00:546 1428 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

08:59:00:546 1428 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

08:59:00:578 1428 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

08:59:00:578 1428

08:59:00:578 1428 DetectCureTDL3: DEVICE_OBJECT: 86F3D030

08:59:00:578 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F3D030

08:59:00:578 1428 DetectCureTDL3: DEVICE_OBJECT: 86F49C30

08:59:00:578 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F49C30

08:59:00:578 1428 DetectCureTDL3: DEVICE_OBJECT: 86F71940

08:59:00:578 1428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F71940

08:59:00:578 1428 KLMD_ReadMem: Trying to ReadMemory 0x86F71940[0x38]

08:59:00:578 1428 DetectCureTDL3: DRIVER_OBJECT: 86F7E660

08:59:00:578 1428 KLMD_ReadMem: Trying to ReadMemory 0x86F7E660[0xA8]

08:59:00:578 1428 KLMD_ReadMem: Trying to ReadMemory 0xE1BF70C0[0x1A]

08:59:00:578 1428 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi

08:59:00:578 1428 DetectCureTDL3: IrpHandler (0) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (1) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (2) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (3) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (4) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (5) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (6) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (7) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler ( addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (9) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (10) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (11) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (12) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (13) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (14) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (15) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (16) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (17) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (18) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (19) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (20) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (21) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (22) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (23) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (24) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (25) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: IrpHandler (26) addr: 86C0E868

08:59:00:578 1428 DetectCureTDL3: All IRP handlers pointed to one addr: 86C0E868

08:59:00:578 1428 KLMD_ReadMem: Trying to ReadMemory 0x86C0E868[0x400]

08:59:00:578 1428 TDL3_IrpHookDetect: CheckParameters: 0, 0, 0, 0, 0, 0

08:59:00:578 1428 KLMD_ReadMem: Trying to ReadMemory 0xF73A87C6[0x400]

08:59:00:578 1428 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

08:59:00:578 1428 TDL3_FileDetect: Processing driver: atapi

08:59:00:578 1428 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys

08:59:00:578 1428 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys

08:59:00:609 1428 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean

08:59:00:609 1428

08:59:00:640 1428 Completed

08:59:00:640 1428

08:59:00:640 1428 Results:

08:59:00:640 1428 Memory objects infected / cured / cured on reboot: 0 / 0 / 0

08:59:00:640 1428 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

08:59:00:671 1428 File objects infected / cured / cured on reboot: 0 / 0 / 0

08:59:00:671 1428

08:59:00:671 1428 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000

08:59:00:671 1428 UtilityDeinit: KLMD(ARK) unloaded successfully

Merci d'avance pour la suite.

Falkra · le 3 février 2010

On va réparer un fichier qui est problématique maintenant.

Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

Télécharge le fichier CFscript.txt depuis ce site :
http://senduit.com/cc30e4
Place-le sur le bureau, près de l'icône de combofix.
Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur cet exemple

Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

laidet · le 3 février 2010

Bonjour,

Tu ne m'as pas déja fait faire cette manip ? Ou alors est ce une autre ?

Dans tous les cas, je ne comprends rien à tout ce que ces outils font.....lol alors j'exécute.

Pour info, quel est le fichier endommagé stp ?

Je n'ai pas eteint encore l'ordi suite à la manip précédente. Dois je le faire avant de lancer la dernièere manip avec Combofix ou est ce sans importance ?

Je fais cette manip ce soir et te tiens au courant.

Merci

Falkra · le 3 février 2010

C'en est une autre, enfin la manip est la même mais le contenu des opérations sera différent.

Atapi.sys est endommagé par un virus, on peut le réparer, par cette manip.

Tu peux lancer combofix tout de suite, ou éteindre et faire ça ce soir : comme tu préfères.

laidet · le 3 février 2010

ComboFix 10-02-03.01 - install 03/02/2010 18:48:22.3.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.605 [GMT 1:00]

Lancé depuis: c:\documents and settings\install\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\install\Bureau\CFscript.txt

AV: avast! antivirus 4.8.1368 [VPS 100117-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Système anti-virus AVG 7.0.323 *On-access scanning enabled* (Updated) {41564737-3200-1071-989B-0000E87B4FB1}

FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

--------------- FCopy ---------------

c:\windows\system32\dllcache\atapi.sys --> c:\windows\system32\drivers\atapi.sys

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-01-03 au 2010-02-03 ))))))))))))))))))))))))))))))))))))

.

2010-02-03 07:56 . 2010-02-03 07:57 -------- d-----w- C:\tdsskiller

2010-02-02 17:25 . 2010-02-02 17:25 -------- d-----w- c:\documents and settings\install\Local Settings\Application Data\Microsoft Corporation

2010-02-02 17:24 . 2010-02-02 17:25 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

2010-01-21 21:51 . 2010-01-21 21:51 -------- d-----w- c:\program files\CCleaner

2010-01-21 20:10 . 2010-01-21 20:12 -------- d-----w- C:\rsit

2010-01-18 22:36 . 2010-01-18 20:50 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-01-18 21:23 . 2007-03-29 03:42 29704 ----a-w- c:\windows\system32\uxtuneup.dll

2010-01-18 21:07 . 2010-01-18 21:07 -------- d-----w- c:\documents and settings\LocalService\Bureau

2010-01-18 20:50 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-01-18 20:44 . 2010-01-18 20:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

2010-01-18 20:43 . 2010-01-18 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-01-18 20:28 . 2010-01-18 20:28 -------- d-----w- c:\program files\Fichiers communs\Borland Shared

2010-01-18 20:28 . 1999-01-20 04:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL

2010-01-18 20:28 . 2010-01-26 18:05 -------- d-----w- c:\program files\ZebHelpProcess

2010-01-18 20:13 . 2010-01-18 20:13 -------- d-----w- c:\program files\ZHPFix

2010-01-18 19:57 . 2010-01-18 20:38 -------- d-----w- c:\windows\BDOSCAN8

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-03 17:42 . 2006-09-01 13:34 4212 ---h--w- c:\windows\system32\zllictbl.dat

2010-02-03 00:32 . 2007-02-01 20:19 -------- d---a-w- c:\program files\eMule Applejuice

2010-01-28 21:14 . 2006-11-10 16:11 34653528 ----a-w- c:\windows\Internet Logs\tvDebug.zip

2010-01-28 02:50 . 2010-01-18 20:50 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

2010-01-25 18:20 . 2010-01-25 18:29 2643968 ----a-w- c:\windows\Internet Logs\xDBA.tmp

2010-01-24 07:07 . 2010-01-24 07:07 38149 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_01_24_07_45_03_small.dmp.zip

2010-01-21 19:10 . 2001-09-28 11:00 81918 ----a-w- c:\windows\system32\perfc00C.dat

2010-01-21 19:10 . 2001-09-28 11:00 504068 ----a-w- c:\windows\system32\perfh00C.dat

2010-01-19 18:16 . 2010-01-19 22:52 5243904 ----a-w- c:\windows\Internet Logs\xDB9.tmp

2010-01-18 21:33 . 2007-08-29 17:28 -------- d-----w- c:\program files\TuneUp Utilities 2007

2010-01-18 21:16 . 2006-09-01 14:30 -------- d-----w- c:\program files\Lavasoft

2010-01-18 21:16 . 2006-09-01 14:31 -------- d-----w- c:\documents and settings\install\Application Data\Lavasoft

2010-01-16 14:26 . 2005-06-16 20:52 -------- d-----w- c:\program files\Microsoft IntelliPoint

2010-01-16 14:26 . 2005-06-16 20:50 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2010-01-16 14:25 . 2010-01-16 14:25 39119 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_01_16_15_21_38_small.dmp.zip

2010-01-16 14:25 . 2010-01-16 14:25 34816 ----a-w- c:\windows\Internet Logs\xDB8.tmp

2010-01-16 12:49 . 2010-01-16 12:50 32768 ----a-w- c:\windows\Internet Logs\xDB6.tmp

2010-01-16 12:49 . 2010-01-16 12:50 5193728 ----a-w- c:\windows\Internet Logs\xDB7.tmp

2010-01-16 09:43 . 2010-01-16 10:17 5192704 ----a-w- c:\windows\Internet Logs\xDB5.tmp

2010-01-16 09:43 . 2010-01-16 10:17 144896 ----a-w- c:\windows\Internet Logs\xDB4.tmp

2010-01-15 23:02 . 2010-01-15 23:03 2621440 ----a-w- c:\windows\Internet Logs\xDB2.tmp

2010-01-15 23:02 . 2010-01-15 23:03 5188096 ----a-w- c:\windows\Internet Logs\xDB3.tmp

2010-01-09 11:25 . 2009-01-10 11:34 -------- d-----w- c:\program files\Windows Live Safety Center

2009-12-28 22:08 . 2009-12-24 16:46 -------- d-----w- c:\program files\Lock Folder XP

2009-12-19 11:33 . 2009-12-19 11:33 20299200 ----a-w- c:\documents and settings\install\Application Data\TomTom\HOME\Profiles\e0pyj0ce.default\Updates\v2_7_3_1894_win.exe

2009-12-17 18:08 . 2009-12-17 18:08 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-17 18:08 . 2003-01-02 01:13 -------- d-----w- c:\program files\Java

2009-12-17 18:07 . 2009-12-17 18:07 152576 ----a-w- c:\documents and settings\install\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-12-17 18:07 . 2009-12-17 18:07 79488 ----a-w- c:\documents and settings\install\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-12-07 20:34 . 2008-07-31 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2009-12-07 20:25 . 2006-10-09 17:00 -------- d-----w- c:\documents and settings\install\Application Data\Apple Computer

2009-12-07 20:19 . 2009-12-07 20:19 -------- d-----w- c:\program files\iTunes

2009-12-07 20:19 . 2009-12-07 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-12-07 20:19 . 2009-12-07 20:19 -------- d-----w- c:\program files\iPod

2009-12-07 20:19 . 2008-07-31 22:14 -------- d-----w- c:\program files\Fichiers communs\Apple

2009-12-07 20:17 . 2009-12-07 20:17 -------- d-----w- c:\program files\Bonjour

2009-12-07 20:16 . 2009-12-07 20:16 -------- d-----w- c:\program files\QuickTime

2009-12-07 20:11 . 2009-12-07 20:11 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-11-24 23:54 . 2007-10-13 09:34 1280480 ----a-w- c:\windows\system32\aswBoot.exe

2009-11-24 23:51 . 2007-10-13 09:34 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-11-24 23:50 . 2007-10-13 09:34 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-11-24 23:50 . 2008-03-31 06:22 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-11-24 23:50 . 2008-03-31 06:22 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-11-24 23:49 . 2007-10-13 09:34 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-11-24 23:48 . 2007-10-13 09:34 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-11-24 23:47 . 2007-10-13 09:34 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-11-24 23:47 . 2007-10-13 09:34 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-11-10 18:01 . 2009-11-15 21:36 2719232 ----a-w- c:\windows\Internet Logs\xDB1.tmp

2005-10-31 08:31 . 2005-06-20 18:55 21 ----a-w- c:\program files\Fichiers communs\appop.log

.

------- Sigcheck -------

[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys

[-] 2004-08-03 21:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-04-27 312328]

"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

"Splash screen for Avast!"="c:\program files\Alwil Software\Avast4\ashAvast.exe" [2009-11-24 274640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 968696]

"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-17 8478720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

Trusted 13b8

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

2009-11-24 23:51 81000 ----a-w- c:\progra~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-03 22:54 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

2006-06-26 20:45 1211176 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Office Outlook]

2008-05-21 02:37 12844576 ----a-w- c:\progra~1\MICROS~4\Office12\OUTLOOK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2007-08-17 08:13 8478720 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"dmadmin"=3 (0x3)

"PlugPlay"=2 (0x2)

"Eventlog"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"

"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

"nwiz"=nwiz.exe /install

"RTHDCPL"=RTHDCPL.EXE

"Alcmtr"=ALCMTR.EXE

"SkyTel"=SkyTel.EXE

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"SolidWorks_CheckForUpdates"="c:\program files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" /scheduler

"AppleSyncNotifier"=c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Konami\\Pro Evolution Soccer 2008\\PES2008.exe"=

"c:\\Program Files\\HomePlayer\\HomePlayer.exe"=

"c:\\Program Files\\HomePlayer\\VLC\\vlc.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [09/01/2006 14:29 160640]

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [09/01/2006 14:29 5248]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18/01/2010 21:50 64288]

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06/12/2005 16:11 35328]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/03/2008 07:22 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/03/2008 07:22 20560]

R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [25/07/2005 16:42 137344]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contenu du dossier 'Tâches planifiées'

2010-01-30 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 05:51]

2010-02-03 c:\windows\Tasks\Ad-Aware Update (Daily 1).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:51]

2010-02-03 c:\windows\Tasks\Ad-Aware Update (Daily 2).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:51]

2010-02-03 c:\windows\Tasks\Ad-Aware Update (Daily 3).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:51]

2010-02-03 c:\windows\Tasks\Ad-Aware Update (Daily 4).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:51]

2010-02-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:51]

2010-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2006-03-06 c:\windows\Tasks\FRU Task 2002-06-11 17:56ewlett-Packard2002-06-11 17:56p psc 2200 series0873DBB30DAF953F7DCEA1BDCC4F78BFDB130745132680612.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-11 09:56]

2010-01-29 c:\windows\Tasks\{4017CBCD-9805-4488-BF48-23D6A379A889}_AURÉLIEN_install.job

- c:\windows\system32\mobsync.exe [2004-08-03 22:54]

2010-02-02 c:\windows\Tasks\{56529124-F26D-4200-AD05-81212A011FB0}_AURÉLIEN_install.job

- c:\windows\system32\mobsync.exe [2004-08-03 22:54]

2010-02-02 c:\windows\Tasks\{E02F481F-7A86-48A3-9928-36A1A28E2D1A}_AURÉLIEN_install.job

- c:\windows\system32\mobsync.exe [2004-08-03 22:54]

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Recherche sur eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

IE: {{1DAA624F-A7AB-4b31-97A4-67205FF6963C} - d:\mrbookmakerfrmpp\MPPoker.exe

Trusted Zone: registration.sonystyle-europe.com

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab

FF - ProfilePath - c:\documents and settings\install\Application Data\Mozilla\Firefox\Profiles\teyda9km.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr&source=iglk

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-03 18:57

Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86BDCA78]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf750bfc3

\Driver\ACPI -> ACPI.sys @ 0xf7415cb8

\Driver\atapi -> 0x86bdca78

IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a0004

ParseProcedure -> TUKERNEL.EXE @ 0x8056f00e

\Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a0004

ParseProcedure -> TUKERNEL.EXE @ 0x8056f00e

Warning: possible MBR rootkit infection !

user & kernel MBR OK

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\System\MountedDevice1]

@Denied: (Read) (Administrators)

"\\??\\Volume{16c24bf8-1df1-11d7-b252-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,

00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\

"\\??\\Volume{16c24bf9-1df1-11d7-b252-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,

00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,\

"\\??\\Volume{16c24bfa-1df1-11d7-b252-806d6172696f}"=hex:84,50,85,50,00,7e,00,

00,00,00,00,00

"\\DosDevices\\C:"=hex:84,50,85,50,00,7e,00,00,00,00,00,00

"\\??\\Volume{07ca6942-1df0-11d7-bdec-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,

00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,\

"\\??\\Volume{07ca6945-1df0-11d7-bdec-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\

"\\DosDevices\\B:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,

45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\

"\\DosDevices\\Q:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,

64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,4e,00,45,00,45,00,52,00,5f,00,44,\

"\\??\\Volume{0ed19597-1df3-11d7-bded-0011d8ce8029}"=hex:84,50,85,50,00,dc,8f,

8b,08,00,00,00

"\\DosDevices\\D:"=hex:84,50,85,50,00,dc,8f,8b,08,00,00,00

"\\??\\Volume{0ed19598-1df3-11d7-bded-0011d8ce8029}"=hex:84,50,85,50,00,32,6c,

4f,12,00,00,00

"\\DosDevices\\E:"=hex:84,50,85,50,00,32,6c,4f,12,00,00,00

"\\??\\Volume{852c7cc0-2040-11d7-b135-806d6172696f}"=hex:d7,cc,d7,cc,00,7e,00,

00,00,00,00,00

"\\??\\Volume{852c7cc1-2040-11d7-b135-806d6172696f}"=hex:d7,cc,d7,cc,00,6a,26,

db,12,00,00,00

"\\DosDevices\\G:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,

64,00,52,00,6f,00,6d,00,50,00,49,00,4f,00,4e,00,45,00,45,00,52,00,5f,00,44,\

"\\??\\Volume{e00d81c8-e1bf-11d9-b140-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\

"\\??\\Volume{d09fa225-e276-11d9-b14e-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\

"\\??\\Volume{a43b6444-e647-11d9-b155-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{e890f0e6-e741-11d9-b158-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\DosDevices\\H:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,

47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\

"\\??\\Volume{9ec2782e-f880-11d9-b16b-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\

"\\??\\Volume{c66f5d13-140d-11da-b18e-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{c66f5d14-140d-11da-b18e-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{6c569e81-3a58-11da-b1b4-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{ff2e9f21-3e66-11da-b1ba-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{ff2e9f22-3e66-11da-b1ba-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{6ee12d6e-3e7c-11da-b1bc-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{48c8dcba-3fd2-11da-b1be-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{588552f4-8114-11da-b220-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\

"\\??\\Volume{b21b51aa-8777-11da-b22c-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{65ad4e38-8825-11da-b22f-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{d0c9bf83-b40a-11da-b265-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\DosDevices\\I:"=hex:25,9f,83,43,00,7e,00,00,00,00,00,00

"\\??\\Volume{d0daa2dc-336f-11db-b2a0-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{cf6e426f-3b25-11db-b2a8-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{92a91db2-57b7-11db-b2b2-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{0678f6a0-7281-11db-b2d4-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{496b9036-7c03-11db-b2e4-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{434cfd61-7d69-11db-b2e5-0011d8ce8029}"=hex:66,13,83,80,00,7e,00,

00,00,00,00,00

"\\??\\Volume{6a509aec-911a-11db-b301-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{6bdbb111-a15a-11db-b30c-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{cb73848a-b75c-11db-b324-0011d8ce8029}"=hex:25,9f,83,43,00,7e,00,

00,00,00,00,00

"\\DosDevices\\A:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,

45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\

"\\DosDevices\\F:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00,

43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,41,00,58,00,56,\

"\\??\\Volume{5a99846c-7edc-11dc-b3b0-0011d8ce8029}"=hex:c0,9b,39,8d,00,7e,00,

00,00,00,00,00

"\\??\\Volume{cc0d0982-c749-11dc-b409-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{cc0d0983-c749-11dc-b409-0011d8ce8029}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{3da1a604-ef17-11dc-b431-b4f6fd511600}"=hex:5c,00,3f,00,3f,00,5c,

00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\

"\\DosDevices\\J:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,

47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\

"\\??\\Volume{2842bddb-faa6-11dc-b43b-001966628408}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{af96e0b3-5da2-11dd-b45d-001966628408}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{86861054-5f91-11dd-b45e-001966628408}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{e70a2c74-8363-11dd-b461-001966628408}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

"\\??\\Volume{e70a2ca9-8363-11dd-b461-001966628408}"=hex:5c,00,3f,00,3f,00,5c,

00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\

.

--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(316)

c:\windows\system32\WPDShServiceObj.dll

c:\program files\WinSCP\DragExt.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Lavasoft\Ad-Aware\AAWService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Heure de fin: 2010-02-03 19:14:12 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-02-03 18:13

ComboFix2.txt 2010-01-28 21:30

ComboFix3.txt 2010-01-25 20:40

Avant-CF: 23 489 691 648 octets libres

Après-CF: 23 427 796 992 octets libres

- - End Of File - - 09915922129854191157523D3D443527

Merci d'avance pour le verdict.

Falkra · le 3 février 2010

Ca ne passe pas, on va devoir bricoler.

Télécharge GMER Rootkit Scanner du lien suivant :

http://www.gmer.net/#files

- Clique sur le bouton "Download EXE"

- Sauvegarde-le sur ton Bureau

- Colle et sauvegarde ces instructions dans un fichier texte ou imprime-les, car tu devras fermer le navigateur.

- Ferme les fenêtres de navigateur ouvertes

- Lance le fichier téléchargé (le nom comporte 8 chiffres/lettres aléatoires) par double clic ;

- Si l'outil te lance un warning d'activité de rootkit et te demande de faire un scan ; clique "NO"

- Dans la section de droite de la fenêtre de l'outil, décoche les options suivantes :

Sections
Modules
IAT/EAT
**Assure-toi que "Show All" est décoché**

- Clique maintenant sur le bouton "Scan" et patiente (cela peut prendre 10 minutes ou +)

- Lorsque l'analyse sera terminée, clique sur le bouton "Save..." (au bas à droite) ;

- Nomme le fichier"Ark.txt" et sauvegarde-le sur le Bureau ;

- Copie/colle le contenu de ce rapport dans ta réponse.

laidet · le 5 février 2010

Bonjour,

GMER Rootkit Scanner ne fonctionne pas. Il se lance, et plante après 5-10 secondes sans que j'y touche.

Falkra · le 5 février 2010

Essaie rkill, puis relance Gmer.

Étape 1: rkill (de Grinler), téléchargement

Télécharger rkill depuis l'un des liens ci-dessous:

Enregistre le fichier sur le bureau.

Étape 2: Pas de processus de contrôle en temps réel

Désactive le module résident de l'antivirus et celui de l'antispyware.

Étape 3: rkill (de Grinler), exécution

Fais un double-clic sur le fichier rkill téléchargé pour lancer l'outil.

Pour Vista, faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.

Poste le rapport que tu trouveras dans C:\rkill.log

Connexion

Pas encore inscrit ?

Services.exe : 100% CPU dans tous les modes

Messages recommandés

laidet

Falkra

laidet

Falkra

laidet

Falkra

laidet

Falkra

laidet

Falkra

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer