Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

rapport hijackThis résolu

fanch29

Par fanch29
dans Analyses et éradication malwares

 Partager

Messages recommandés

pear Devil Member !

pear

Posté(e)
Posté(e) (modifié)

Bonjour

 

C'est bien vilusmonde

 

Qu'est-ce un outil de p2p?

 

Je ne connais pas et rien sur Internet non plus.

 

Essayons de savoir où il est:

 

Téléchargez SystemLook sur le Bureau à partir d'un des liens ci-dessous.

Miroir de téléchargement #1

Miroir de téléchargement #2

* Double-cliquer sur SystemLook.exepour le lancer.

* Clic droit|Copier sur ce qui suit , en vert et clic droit|Coller dans la zone texte de SystemLook :

 

:filefind

*vilusmonde*

 

:regfind

vilusmonde.sdn

* Cliquer sur le bouton Look pour démarrer l'examen.

* le Bloc-notes s'ouvrira avec le résultat de l'analyse.

Copier-coller le rapport dans la prochaine réponse.

 

Note : Le rapport peut aussi être trouvé sur le Bureau sous le nom SystemLook.txt

Modifié par pear

fanch29 Member

fanch29

Posté(e)
  • Auteur
Posté(e)

J'ai les rapports tdskiller et rkill par contre MBam plante, le pc s'éteint et windows récupère une "erreur sérieuse".

 

 

 

13:26:01:015 3604 TDSS rootkit removing tool 2.2.3 Feb 4 2010 14:34:00

13:26:01:015 3604 ================================================================================

13:26:01:015 3604 SystemInfo:

 

13:26:01:015 3604 OS Version: 5.1.2600 ServicePack: 3.0

13:26:01:015 3604 Product type: Workstation

13:26:01:015 3604 ComputerName: SN203659450008

13:26:01:015 3604 UserName: F

13:26:01:015 3604 Windows directory: C:\WINDOWS

13:26:01:015 3604 Processor architecture: Intel x86

13:26:01:015 3604 Number of processors: 1

13:26:01:015 3604 Page size: 0x1000

13:26:01:015 3604 Boot type: Normal boot

13:26:01:015 3604 ================================================================================

13:26:01:015 3604 UnloadDriverW: NtUnloadDriver error 2

13:26:01:015 3604 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

13:26:01:015 3604 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000

13:26:01:031 3604 UtilityInit: KLMD drop and load success

13:26:01:031 3604 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)

13:26:01:031 3604 UtilityInit: KLMD open success

13:26:01:031 3604 UtilityInit: Initialize success

13:26:01:031 3604

13:26:01:031 3604 Scanning Services ...

13:26:01:031 3604 CreateRegParser: Registry parser init started

13:26:01:031 3604 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127

13:26:01:031 3604 CreateRegParser: DisableWow64Redirection error

13:26:01:031 3604 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system

13:26:01:031 3604 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043

13:26:01:031 3604 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

13:26:01:031 3604 wfopen_ex: Trying to KLMD file open

13:26:01:031 3604 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system

13:26:01:031 3604 wfopen_ex: File opened ok (Flags 2)

13:26:01:031 3604 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 394AC8

13:26:01:031 3604 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software

13:26:01:031 3604 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043

13:26:01:031 3604 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

13:26:01:031 3604 wfopen_ex: Trying to KLMD file open

13:26:01:031 3604 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software

13:26:01:031 3604 wfopen_ex: File opened ok (Flags 2)

13:26:01:031 3604 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 394B30

13:26:01:031 3604 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127

13:26:01:031 3604 CreateRegParser: EnableWow64Redirection error

13:26:01:031 3604 CreateRegParser: RegParser init completed

13:26:01:437 3604 GetAdvancedServicesInfo: Raw services enum returned 347 services

13:26:01:437 3604 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system

13:26:01:437 3604 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software

13:26:01:437 3604

13:26:01:437 3604 Scanning Kernel memory ...

13:26:01:437 3604 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk

13:26:01:437 3604 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 82D628C0

13:26:01:437 3604 DetectCureTDL3: KLMD_GetDeviceObjectList returned 10 DevObjects

13:26:01:437 3604

13:26:01:437 3604 DetectCureTDL3: DEVICE_OBJECT: 8286CC68

13:26:01:437 3604 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8286CC68

13:26:01:437 3604 KLMD_ReadMem: Trying to ReadMemory 0x8286CC68[0x38]

13:26:01:437 3604 DetectCureTDL3: DRIVER_OBJECT: 82D628C0

13:26:01:437 3604 KLMD_ReadMem: Trying to ReadMemory 0x82D628C0[0xA8]

13:26:01:437 3604 KLMD_ReadMem: Trying to ReadMemory 0xE173CA78[0x18]

13:26:01:437 3604 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

13:26:01:437 3604 DetectCureTDL3: IrpHandler (0) addr: F862BBB0

13:26:01:437 3604 DetectCureTDL3: IrpHandler (1) addr: 804F355A

13:26:01:437 3604 DetectCureTDL3: IrpHandler (2) addr: F862BBB0

13:26:01:437 3604 DetectCureTDL3: IrpHandler (3) addr: F8625D1F

13:26:01:437 3604 DetectCureTDL3: IrpHandler (4) addr: F8625D1F

13:26:01:437 3604 DetectCureTDL3: IrpHandler (5) addr: 804F355A

13:26:01:437 3604 DetectCureTDL3: IrpHandler (6) addr: 804F355A

13:26:01:437 3604 DetectCureTDL3: IrpHandler (7) addr: 804F355A

13:26:01:437 3604 DetectCureTDL3: IrpHandler (:P addr: 804F355A

13:26:01:437 3604 DetectCureTDL3: IrpHandler (9) addr: F86262E2

13:26:01:437 3604 DetectCureTDL3: IrpHandler (10) addr: 804F355A

13:26:01:437 3604 DetectCureTDL3: IrpHandler (11) addr: 804F355A

13:26:01:437 3604 DetectCureTDL3: IrpHandler (12) addr: 804F355A

13:26:01:437 3604 DetectCureTDL3: IrpHandler (13) addr: 804F355A

13:26:01:437 3604 DetectCureTDL3: IrpHandler (14) addr: F86263BB

13:26:01:437 3604 DetectCureTDL3: IrpHandler (15) addr: F8629F28

13:26:01:437 3604 DetectCureTDL3: IrpHandler (16) addr: F86262E2

13:26:01:437 3604 DetectCureTDL3: IrpHandler (17) addr: 804F355A

13:26:01:437 3604 DetectCureTDL3: IrpHandler (18) addr: 804F355A

13:26:01:437 3604 DetectCureTDL3: IrpHandler (19) addr: 804F355A

13:26:01:437 3604 DetectCureTDL3: IrpHandler (20) addr: 804F355A

13:26:01:437 3604 DetectCureTDL3: IrpHandler (21) addr: 804F355A

13:26:01:437 3604 DetectCureTDL3: IrpHandler (22) addr: F8627C82

13:26:01:437 3604 DetectCureTDL3: IrpHandler (23) addr: F862C99E

13:26:01:437 3604 DetectCureTDL3: IrpHandler (24) addr: 804F355A

13:26:01:437 3604 DetectCureTDL3: IrpHandler (25) addr: 804F355A

13:26:01:437 3604 DetectCureTDL3: IrpHandler (26) addr: 804F355A

13:26:01:437 3604 TDL3_FileDetect: Processing driver: Disk

13:26:01:453 3604 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

13:26:01:453 3604 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

13:26:01:468 3604 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

13:26:01:468 3604

13:26:01:468 3604 DetectCureTDL3: DEVICE_OBJECT: 8286EC68

13:26:01:468 3604 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8286EC68

13:26:01:468 3604 KLMD_ReadMem: Trying to ReadMemory 0x8286EC68[0x38]

13:26:01:468 3604 DetectCureTDL3: DRIVER_OBJECT: 82D628C0

13:26:01:468 3604 KLMD_ReadMem: Trying to ReadMemory 0x82D628C0[0xA8]

13:26:01:468 3604 KLMD_ReadMem: Trying to ReadMemory 0xE173CA78[0x18]

13:26:01:468 3604 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

13:26:01:468 3604 DetectCureTDL3: IrpHandler (0) addr: F862BBB0

13:26:01:468 3604 DetectCureTDL3: IrpHandler (1) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (2) addr: F862BBB0

13:26:01:468 3604 DetectCureTDL3: IrpHandler (3) addr: F8625D1F

13:26:01:468 3604 DetectCureTDL3: IrpHandler (4) addr: F8625D1F

13:26:01:468 3604 DetectCureTDL3: IrpHandler (5) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (6) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (7) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (:P addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (9) addr: F86262E2

13:26:01:468 3604 DetectCureTDL3: IrpHandler (10) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (11) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (12) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (13) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (14) addr: F86263BB

13:26:01:468 3604 DetectCureTDL3: IrpHandler (15) addr: F8629F28

13:26:01:468 3604 DetectCureTDL3: IrpHandler (16) addr: F86262E2

13:26:01:468 3604 DetectCureTDL3: IrpHandler (17) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (18) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (19) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (20) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (21) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (22) addr: F8627C82

13:26:01:468 3604 DetectCureTDL3: IrpHandler (23) addr: F862C99E

13:26:01:468 3604 DetectCureTDL3: IrpHandler (24) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (25) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (26) addr: 804F355A

13:26:01:468 3604 TDL3_FileDetect: Processing driver: Disk

13:26:01:468 3604 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

13:26:01:468 3604 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

13:26:01:468 3604 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

13:26:01:468 3604

13:26:01:468 3604 DetectCureTDL3: DEVICE_OBJECT: 82968C68

13:26:01:468 3604 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82968C68

13:26:01:468 3604 KLMD_ReadMem: Trying to ReadMemory 0x82968C68[0x38]

13:26:01:468 3604 DetectCureTDL3: DRIVER_OBJECT: 82D628C0

13:26:01:468 3604 KLMD_ReadMem: Trying to ReadMemory 0x82D628C0[0xA8]

13:26:01:468 3604 KLMD_ReadMem: Trying to ReadMemory 0xE173CA78[0x18]

13:26:01:468 3604 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

13:26:01:468 3604 DetectCureTDL3: IrpHandler (0) addr: F862BBB0

13:26:01:468 3604 DetectCureTDL3: IrpHandler (1) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (2) addr: F862BBB0

13:26:01:468 3604 DetectCureTDL3: IrpHandler (3) addr: F8625D1F

13:26:01:468 3604 DetectCureTDL3: IrpHandler (4) addr: F8625D1F

13:26:01:468 3604 DetectCureTDL3: IrpHandler (5) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (6) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (7) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (:P addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (9) addr: F86262E2

13:26:01:468 3604 DetectCureTDL3: IrpHandler (10) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (11) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (12) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (13) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (14) addr: F86263BB

13:26:01:468 3604 DetectCureTDL3: IrpHandler (15) addr: F8629F28

13:26:01:468 3604 DetectCureTDL3: IrpHandler (16) addr: F86262E2

13:26:01:468 3604 DetectCureTDL3: IrpHandler (17) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (18) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (19) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (20) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (21) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (22) addr: F8627C82

13:26:01:468 3604 DetectCureTDL3: IrpHandler (23) addr: F862C99E

13:26:01:468 3604 DetectCureTDL3: IrpHandler (24) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (25) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (26) addr: 804F355A

13:26:01:468 3604 TDL3_FileDetect: Processing driver: Disk

13:26:01:468 3604 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

13:26:01:468 3604 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

13:26:01:468 3604 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

13:26:01:468 3604

13:26:01:468 3604 DetectCureTDL3: DEVICE_OBJECT: 829DDC68

13:26:01:468 3604 KLMD_GetLowerDeviceObject: Trying to get lower device object for 829DDC68

13:26:01:468 3604 KLMD_ReadMem: Trying to ReadMemory 0x829DDC68[0x38]

13:26:01:468 3604 DetectCureTDL3: DRIVER_OBJECT: 82D628C0

13:26:01:468 3604 KLMD_ReadMem: Trying to ReadMemory 0x82D628C0[0xA8]

13:26:01:468 3604 KLMD_ReadMem: Trying to ReadMemory 0xE173CA78[0x18]

13:26:01:468 3604 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

13:26:01:468 3604 DetectCureTDL3: IrpHandler (0) addr: F862BBB0

13:26:01:468 3604 DetectCureTDL3: IrpHandler (1) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (2) addr: F862BBB0

13:26:01:468 3604 DetectCureTDL3: IrpHandler (3) addr: F8625D1F

13:26:01:468 3604 DetectCureTDL3: IrpHandler (4) addr: F8625D1F

13:26:01:468 3604 DetectCureTDL3: IrpHandler (5) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (6) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (7) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (:P addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (9) addr: F86262E2

13:26:01:468 3604 DetectCureTDL3: IrpHandler (10) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (11) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (12) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (13) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (14) addr: F86263BB

13:26:01:468 3604 DetectCureTDL3: IrpHandler (15) addr: F8629F28

13:26:01:468 3604 DetectCureTDL3: IrpHandler (16) addr: F86262E2

13:26:01:468 3604 DetectCureTDL3: IrpHandler (17) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (18) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (19) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (20) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (21) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (22) addr: F8627C82

13:26:01:468 3604 DetectCureTDL3: IrpHandler (23) addr: F862C99E

13:26:01:468 3604 DetectCureTDL3: IrpHandler (24) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (25) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (26) addr: 804F355A

13:26:01:468 3604 TDL3_FileDetect: Processing driver: Disk

13:26:01:468 3604 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

13:26:01:468 3604 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

13:26:01:468 3604 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

13:26:01:468 3604

13:26:01:468 3604 DetectCureTDL3: DEVICE_OBJECT: 8284FAB8

13:26:01:468 3604 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8284FAB8

13:26:01:468 3604 DetectCureTDL3: DEVICE_OBJECT: 828B5898

13:26:01:468 3604 KLMD_GetLowerDeviceObject: Trying to get lower device object for 828B5898

13:26:01:468 3604 KLMD_ReadMem: Trying to ReadMemory 0x828B5898[0x38]

13:26:01:468 3604 DetectCureTDL3: DRIVER_OBJECT: 829C1458

13:26:01:468 3604 KLMD_ReadMem: Trying to ReadMemory 0x829C1458[0xA8]

13:26:01:468 3604 KLMD_ReadMem: Trying to ReadMemory 0xE1008088[0x1E]

13:26:01:468 3604 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

13:26:01:468 3604 DetectCureTDL3: IrpHandler (0) addr: F888A218

13:26:01:468 3604 DetectCureTDL3: IrpHandler (1) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (2) addr: F888A218

13:26:01:468 3604 DetectCureTDL3: IrpHandler (3) addr: F888A23C

13:26:01:468 3604 DetectCureTDL3: IrpHandler (4) addr: F888A23C

13:26:01:468 3604 DetectCureTDL3: IrpHandler (5) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (6) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (7) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (:) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (9) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (10) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (11) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (12) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (13) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (14) addr: F888A180

13:26:01:468 3604 DetectCureTDL3: IrpHandler (15) addr: F88859E6

13:26:01:468 3604 DetectCureTDL3: IrpHandler (16) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (17) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (18) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (19) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (20) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (21) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (22) addr: F88895F0

13:26:01:468 3604 DetectCureTDL3: IrpHandler (23) addr: F8887A6E

13:26:01:468 3604 DetectCureTDL3: IrpHandler (24) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (25) addr: 804F355A

13:26:01:468 3604 DetectCureTDL3: IrpHandler (26) addr: 804F355A

13:26:01:468 3604 KLMD_ReadMem: Trying to ReadMemory 0xF8886F26[0x400]

13:26:01:468 3604 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

13:26:01:468 3604 TDL3_FileDetect: Processing driver: USBSTOR

13:26:01:468 3604 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:26:01:468 3604 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:26:01:484 3604 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

13:26:01:484 3604

13:26:01:484 3604 DetectCureTDL3: DEVICE_OBJECT: 82837AB8

13:26:01:484 3604 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82837AB8

13:26:01:484 3604 DetectCureTDL3: DEVICE_OBJECT: 82996030

13:26:01:484 3604 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82996030

13:26:01:484 3604 KLMD_ReadMem: Trying to ReadMemory 0x82996030[0x38]

13:26:01:484 3604 DetectCureTDL3: DRIVER_OBJECT: 829C1458

13:26:01:484 3604 KLMD_ReadMem: Trying to ReadMemory 0x829C1458[0xA8]

13:26:01:484 3604 KLMD_ReadMem: Trying to ReadMemory 0xE1008088[0x1E]

13:26:01:484 3604 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

13:26:01:484 3604 DetectCureTDL3: IrpHandler (0) addr: F888A218

13:26:01:484 3604 DetectCureTDL3: IrpHandler (1) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (2) addr: F888A218

13:26:01:484 3604 DetectCureTDL3: IrpHandler (3) addr: F888A23C

13:26:01:484 3604 DetectCureTDL3: IrpHandler (4) addr: F888A23C

13:26:01:484 3604 DetectCureTDL3: IrpHandler (5) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (6) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (7) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (;) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (9) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (10) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (11) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (12) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (13) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (14) addr: F888A180

13:26:01:484 3604 DetectCureTDL3: IrpHandler (15) addr: F88859E6

13:26:01:484 3604 DetectCureTDL3: IrpHandler (16) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (17) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (18) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (19) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (20) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (21) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (22) addr: F88895F0

13:26:01:484 3604 DetectCureTDL3: IrpHandler (23) addr: F8887A6E

13:26:01:484 3604 DetectCureTDL3: IrpHandler (24) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (25) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (26) addr: 804F355A

13:26:01:484 3604 KLMD_ReadMem: Trying to ReadMemory 0xF8886F26[0x400]

13:26:01:484 3604 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

13:26:01:484 3604 TDL3_FileDetect: Processing driver: USBSTOR

13:26:01:484 3604 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:26:01:484 3604 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:26:01:484 3604 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

13:26:01:484 3604

13:26:01:484 3604 DetectCureTDL3: DEVICE_OBJECT: 828B7030

13:26:01:484 3604 KLMD_GetLowerDeviceObject: Trying to get lower device object for 828B7030

13:26:01:484 3604 DetectCureTDL3: DEVICE_OBJECT: 829C86A8

13:26:01:484 3604 KLMD_GetLowerDeviceObject: Trying to get lower device object for 829C86A8

13:26:01:484 3604 KLMD_ReadMem: Trying to ReadMemory 0x829C86A8[0x38]

13:26:01:484 3604 DetectCureTDL3: DRIVER_OBJECT: 829C1458

13:26:01:484 3604 KLMD_ReadMem: Trying to ReadMemory 0x829C1458[0xA8]

13:26:01:484 3604 KLMD_ReadMem: Trying to ReadMemory 0xE1008088[0x1E]

13:26:01:484 3604 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

13:26:01:484 3604 DetectCureTDL3: IrpHandler (0) addr: F888A218

13:26:01:484 3604 DetectCureTDL3: IrpHandler (1) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (2) addr: F888A218

13:26:01:484 3604 DetectCureTDL3: IrpHandler (3) addr: F888A23C

13:26:01:484 3604 DetectCureTDL3: IrpHandler (4) addr: F888A23C

13:26:01:484 3604 DetectCureTDL3: IrpHandler (5) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (6) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (7) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (;) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (9) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (10) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (11) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (12) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (13) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (14) addr: F888A180

13:26:01:484 3604 DetectCureTDL3: IrpHandler (15) addr: F88859E6

13:26:01:484 3604 DetectCureTDL3: IrpHandler (16) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (17) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (18) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (19) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (20) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (21) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (22) addr: F88895F0

13:26:01:484 3604 DetectCureTDL3: IrpHandler (23) addr: F8887A6E

13:26:01:484 3604 DetectCureTDL3: IrpHandler (24) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (25) addr: 804F355A

13:26:01:484 3604 DetectCureTDL3: IrpHandler (26) addr: 804F355A

13:26:01:484 3604 KLMD_ReadMem: Trying to ReadMemory 0xF8886F26[0x400]

13:26:01:484 3604 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

13:26:01:484 3604 TDL3_FileDetect: Processing driver: USBSTOR

13:26:01:484 3604 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:26:01:484 3604 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:26:01:500 3604 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

13:26:01:500 3604

13:26:01:500 3604 DetectCureTDL3: DEVICE_OBJECT: 82880AB8

13:26:01:500 3604 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82880AB8

13:26:01:500 3604 DetectCureTDL3: DEVICE_OBJECT: 828CAEA0

13:26:01:500 3604 KLMD_GetLowerDeviceObject: Trying to get lower device object for 828CAEA0

13:26:01:500 3604 KLMD_ReadMem: Trying to ReadMemory 0x828CAEA0[0x38]

13:26:01:500 3604 DetectCureTDL3: DRIVER_OBJECT: 829C1458

13:26:01:500 3604 KLMD_ReadMem: Trying to ReadMemory 0x829C1458[0xA8]

13:26:01:500 3604 KLMD_ReadMem: Trying to ReadMemory 0xE1008088[0x1E]

13:26:01:500 3604 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

13:26:01:500 3604 DetectCureTDL3: IrpHandler (0) addr: F888A218

13:26:01:500 3604 DetectCureTDL3: IrpHandler (1) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (2) addr: F888A218

13:26:01:500 3604 DetectCureTDL3: IrpHandler (3) addr: F888A23C

13:26:01:500 3604 DetectCureTDL3: IrpHandler (4) addr: F888A23C

13:26:01:500 3604 DetectCureTDL3: IrpHandler (5) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (6) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (7) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (:) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (9) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (10) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (11) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (12) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (13) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (14) addr: F888A180

13:26:01:500 3604 DetectCureTDL3: IrpHandler (15) addr: F88859E6

13:26:01:500 3604 DetectCureTDL3: IrpHandler (16) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (17) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (18) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (19) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (20) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (21) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (22) addr: F88895F0

13:26:01:500 3604 DetectCureTDL3: IrpHandler (23) addr: F8887A6E

13:26:01:500 3604 DetectCureTDL3: IrpHandler (24) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (25) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (26) addr: 804F355A

13:26:01:500 3604 KLMD_ReadMem: Trying to ReadMemory 0xF8886F26[0x400]

13:26:01:500 3604 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

13:26:01:500 3604 TDL3_FileDetect: Processing driver: USBSTOR

13:26:01:500 3604 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:26:01:500 3604 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:26:01:500 3604 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

13:26:01:500 3604

13:26:01:500 3604 DetectCureTDL3: DEVICE_OBJECT: 82D7FC68

13:26:01:500 3604 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82D7FC68

13:26:01:500 3604 KLMD_ReadMem: Trying to ReadMemory 0x82D7FC68[0x38]

13:26:01:500 3604 DetectCureTDL3: DRIVER_OBJECT: 82D628C0

13:26:01:500 3604 KLMD_ReadMem: Trying to ReadMemory 0x82D628C0[0xA8]

13:26:01:500 3604 KLMD_ReadMem: Trying to ReadMemory 0xE173CA78[0x18]

13:26:01:500 3604 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

13:26:01:500 3604 DetectCureTDL3: IrpHandler (0) addr: F862BBB0

13:26:01:500 3604 DetectCureTDL3: IrpHandler (1) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (2) addr: F862BBB0

13:26:01:500 3604 DetectCureTDL3: IrpHandler (3) addr: F8625D1F

13:26:01:500 3604 DetectCureTDL3: IrpHandler (4) addr: F8625D1F

13:26:01:500 3604 DetectCureTDL3: IrpHandler (5) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (6) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (7) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (:D addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (9) addr: F86262E2

13:26:01:500 3604 DetectCureTDL3: IrpHandler (10) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (11) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (12) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (13) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (14) addr: F86263BB

13:26:01:500 3604 DetectCureTDL3: IrpHandler (15) addr: F8629F28

13:26:01:500 3604 DetectCureTDL3: IrpHandler (16) addr: F86262E2

13:26:01:500 3604 DetectCureTDL3: IrpHandler (17) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (18) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (19) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (20) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (21) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (22) addr: F8627C82

13:26:01:500 3604 DetectCureTDL3: IrpHandler (23) addr: F862C99E

13:26:01:500 3604 DetectCureTDL3: IrpHandler (24) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (25) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (26) addr: 804F355A

13:26:01:500 3604 TDL3_FileDetect: Processing driver: Disk

13:26:01:500 3604 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

13:26:01:500 3604 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

13:26:01:500 3604 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

13:26:01:500 3604

13:26:01:500 3604 DetectCureTDL3: DEVICE_OBJECT: 82D78AB8

13:26:01:500 3604 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82D78AB8

13:26:01:500 3604 DetectCureTDL3: DEVICE_OBJECT: 82D73F18

13:26:01:500 3604 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82D73F18

13:26:01:500 3604 DetectCureTDL3: DEVICE_OBJECT: 82D71940

13:26:01:500 3604 KLMD_GetLowerDeviceObject: Trying to get lower device object for 82D71940

13:26:01:500 3604 KLMD_ReadMem: Trying to ReadMemory 0x82D71940[0x38]

13:26:01:500 3604 DetectCureTDL3: DRIVER_OBJECT: 82D90A68

13:26:01:500 3604 KLMD_ReadMem: Trying to ReadMemory 0x82D90A68[0xA8]

13:26:01:500 3604 KLMD_ReadMem: Trying to ReadMemory 0xE1012AE8[0x1A]

13:26:01:500 3604 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi

13:26:01:500 3604 DetectCureTDL3: IrpHandler (0) addr: F83DF6F2

13:26:01:500 3604 DetectCureTDL3: IrpHandler (1) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (2) addr: F83DF6F2

13:26:01:500 3604 DetectCureTDL3: IrpHandler (3) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (4) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (5) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (6) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (7) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (:lol: addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (9) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (10) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (11) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (12) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (13) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (14) addr: F83DF712

13:26:01:500 3604 DetectCureTDL3: IrpHandler (15) addr: F83DB852

13:26:01:500 3604 DetectCureTDL3: IrpHandler (16) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (17) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (18) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (19) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (20) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (21) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (22) addr: F83DF73C

13:26:01:500 3604 DetectCureTDL3: IrpHandler (23) addr: F83E6336

13:26:01:500 3604 DetectCureTDL3: IrpHandler (24) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (25) addr: 804F355A

13:26:01:500 3604 DetectCureTDL3: IrpHandler (26) addr: 804F355A

13:26:01:500 3604 KLMD_ReadMem: Trying to ReadMemory 0xF83DC864[0x400]

13:26:01:500 3604 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

13:26:01:500 3604 TDL3_FileDetect: Processing driver: atapi

13:26:01:500 3604 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys

13:26:01:500 3604 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys

13:26:01:515 3604 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean

13:26:01:515 3604

13:26:01:515 3604 Completed

13:26:01:531 3604

13:26:01:531 3604 Results:

13:26:01:531 3604 Memory objects infected / cured / cured on reboot: 0 / 0 / 0

13:26:01:531 3604 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

13:26:01:531 3604 File objects infected / cured / cured on reboot: 0 / 0 / 0

13:26:01:531 3604

13:26:01:531 3604 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000

13:26:01:531 3604 UtilityDeinit: KLMD(ARK) unloaded successfully

 

 

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Ran as F on 13/02/2010 at 13:30:38.

 

 

Processes terminated by Rkill or while it was running:

 

 

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\Documents and Settings\F\Bureau\rkill.com

 

 

Rkill completed on 13/02/2010 at 13:30:41.

pear Devil Member !

pear

Posté(e)
Posté(e) (modifié)

Je m'en doutais :P

 

Désinstallez la Restauration Système.

Poste de Travail->Propriétés->Restauration Système.

Décocher la Restauration sur tous les lecteurs.

Vous la rétablirez par la suite.

 

Télécharger VundoFix.exe (par Atribune) sur leBureau.

* Double-cliquer VundoFix.exe afin de le lancer

* Cliquer sur le bouton Scan for Vundo

* Lorsque le scan est complété, cliquer sur le bouton Fix Vundo

* Une invite demandera si vous voulez supprimer les fichiers, clique YES

* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

* Une invite annonce que le PC va redémarrer; cliquer OK

* Copier/coller le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans la prochaine réponse

 

Vundo récalcitrants

Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer.

Dans ce cas,redémarrer, l'outil se relancera ;

Suivre les instructions ci-dessous, à partir de "cliquer sur le bouton Scan for Vundo".

 

* Double-cliquer VundoFix.exe afin de le lancer.

* Cliquer sur le bouton Scan for Vundo.

* Lorsque le scan est complété, cliquer sur le bouton Fix Vundo.

* Si l'outil rapporte qu'aucune infection n'a été trouvée ("No infected files were found"), faire un clic droit dans la fenêtre blanche et cliquer "Add more files?"

* Dans la nouvelle fenêtre qui apparait, Copier/coller le**chemin du dll Vundo identifié** dans la première case (au haut):

**chemin du dll Vundo identifié**

c:\windows\system32\wvuvt.dll

* Copier/coller le chemin du fichier suivant dans la seconde case (au centre):

**chemin des fichiers inversés du dll**

c:\windows\system32\tvuvw.dll

* Cliquer sur le bouton "Add File(s)"

* Cliquer sur le bouton "Close Window"

* Cliquer à nouveau sur "Fix Vundo"

* Une invite demandera si vous voulez supprimer les fichiers, cliquer YES

* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.

* Une invite annonce que le PC va s'éteindre ("shutdown"); cliquer OK

* Redémarrer le PC

* Copier/coller le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans la prochaine réponse.

 

 

 

En cas d'échec de Vundo:

 

Télécharger VirtumundoBegone sur le bureau:

 

Redémarrer en mode sans échec

 

Double cliquer ensuite sur VirtumundoBeGone.exe et suivre les instructions.

Une fois terminé, redémarrer et poster le rapport VBG.TXT créé sur le bureau dans la prochaine réponse.

Si un message Ecran bleu "Erreur fatale"apparait , c'est normal et attendu.

 

Désinstallez Mbam, s'il est installé

Téléchargez MBAM

 

[branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

* Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet)

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

Vérifiez que les options Update et Launch soient cochées

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue..

* Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:

Si le pare-feu demande l'autorisation à MBAM de se connecter, acceptez.

* Une fois la mise à jour terminée, allez dans l'onglet Recherche.

* Sélectionnez "Exécuter un examen rapide"

* Cliquez sur "Rechercher"

* .L' analyse prendra un certain temps, soyez patient !

* A la fin , un message affichera :

L'examen s'est terminé normalement.

 

*Si MBAM n'a rien trouvé, il le dira aussi.

Cliquez sur "Ok" pour poursuivre.

*Fermez les navigateurs.

Cliquez sur Afficher les résultats .

 

*Sélectionnez tout et cliquez sur Supprimer la sélection ,

MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

* Copiez-collez ce rapport dans la prochaine réponse.

Modifié par pear
fanch29 Member

fanch29

Posté(e)
  • Auteur
Posté(e)

virtumonde n'a rien trouvé

 

[02/14/2010, 15:03:33] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\F\Bureau\VirtumundoBeGone.exe" )

[02/14/2010, 15:03:36] - Detected System Information:

[02/14/2010, 15:03:36] - Windows Version: 5.1.2600, Service Pack 3

[02/14/2010, 15:03:36] - Current Username: F (Admin)

[02/14/2010, 15:03:36] - Windows is in SAFE mode with Networking.

[02/14/2010, 15:03:36] - Searching for Browser Helper Objects:

[02/14/2010, 15:03:36] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)

[02/14/2010, 15:03:36] - BHO 2: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (Adobe PDF Link Helper)

[02/14/2010, 15:03:36] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)

[02/14/2010, 15:03:36] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()

[02/14/2010, 15:03:36] - WARNING: BHO has no default name. Checking for Winlogon reference.

[02/14/2010, 15:03:36] - No filename found. Continuing.

[02/14/2010, 15:03:36] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)

[02/14/2010, 15:03:36] - BHO 6: {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} (IEHlprObj Class)

[02/14/2010, 15:03:36] - Finished Searching Browser Helper Objects

[02/14/2010, 15:03:36] - Finishing up...

[02/14/2010, 15:03:36] - Nothing found! Exiting...

 

Je continue avec Mbam?

fanch29 Member

fanch29

Posté(e)
  • Auteur
Posté(e)

Rapport mbam

 

Malwarebytes' Anti-Malware 1.44

Version de la base de données: 3739

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

 

14/02/2010 18:47:29

mbam-log-2010-02-14 (18-47-29).txt

 

Type de recherche: Examen rapide

Eléments examinés: 153001

Temps écoulé: 6 minute(s), 44 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\poof (Rootkit.Agent) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\TDSSpqxt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

fanch29 Member

fanch29

Posté(e)
  • Auteur
Posté(e)

hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:02:18, on 14/02/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe

C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\F\LOCALS~1\Temp\Rar$EX00.188\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/fr/index.php?rvs=hompag

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe --background

O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://mm.tf1.fr/superdistribution/installer2.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 8596 bytes

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

Désinstallez et réinstallez Hijackthis

* Décompressez le dans un dossier à la racine du disque dur(généralement C:\)

Mais jamais dans un dossier temporaire

Sous Vista,,il faut faire clic-droit >> "Exécuter en tant qu'Administrateur" sur Hijackthis.exe sinon HJT tourne mais ne fixe rien.

* Lancer le fichier Hijackthis.exe

 

Dans Hojackthis, cochez et fixez:

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe --background

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

 

Supprimer Ctfmon

Suppression des fonctionnalités Modes d'entrée utilisateur complémentaires des Services de texte

Démarrer-> Panneau de configuration.

-> Options régionales, date, heure et langue,

-> Options régionales et linguistiques.

Sous l'onglet Langues, cliquez sur Détails.

Sous Services installés, sélectionnez chaque élément d'entrée répertorié,

->cliquez sur Supprimer pour supprimer l'élément en question.

Tous les éléments doivent être supprimés, un par un, à l'exception du service d'entrée suivant :

Français (France) – clavier : Français

Ensuite

Copiez collez ce qui suit dans le bloc notes.

Enregistrez sur le bureau sous ctf.bat.

Double cliquez sur le fichier.

 

@echo off

start /wait regsvr32 /u msimtf.dll /s

start /wait regsvr32 /u msctf.dll /s

Pause

echo Termine

exit

 

Java n'est pas à jour,donc vulnérable.

Téléchargez Javara

ou là:

Javara

clic sur Download Windows binary.zip vers le bureau.

Dézippez.

lancez Javara.exe

clic sur mise à jour via jucheck

clic sur installer

 

Revenez dans JavaRa

 

Cliquez Effacer les anciennes versions

Puis..... Autres Options ->Cocher Effacer les fichiers JRE Inutiles ->Exécuter

 

 

 

 

Il ne vous servirait à rien de garder des outils de désinfection qui sont constamment mis à jours et seraient obsolètes en quelques jours.

 

Pour enlever les programmes utilisés pendant la procédure.

Télécharger ToolsCleaner2 de A.Rothstein

* Enregistrer ToolsCleaner2.exe sur le Bureau.

Sous Vista,Clic-droit > Exécuter en tant que Administrateur

* Double-cliquer dessus, puis cliquer sur Recherche --> Le programme va chercher les utilitaires installés

------> Il se peut que la fenêtre devienne blanche pendant le scan, c'est normal !

 

L'outil supprimera sans que vous ayez à intervenir.

fanch29 Member

fanch29

Posté(e)
  • Auteur
Posté(e)

Bonjour,

J'ai fait toutes les manips.

Il ne se passe rien quand je fais des recherches de mise à jour sur javara

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:35:15, on 15/02/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\F\LOCALS~1\Temp\Rar$EX00.782\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/fr/index.php?rvs=hompag

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://mm.tf1.fr/superdistribution/installer2.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Fichiers communs\Protexis\License Service\PSIService.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 6840 bytes

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...