Problème avec Vista Internet Security...

[heavyshred666]

Bonjour à tous!

Voilà depuis hier après midi, j'ai sur le pc de ma mère ce "virus" qui m'empêche d'aller sur le net, et qui se manifeste sans arrêt, enfin pas besoin de vous faire une description, apparement le problème est récurent en ce moment...

Pour pouvoir aller sur internet, j'ouvre le géstionnaire des taches, et j'arrête le processus "av.exe", il apparait à chaque fois que j'ouvre une page ou un onglet, même une recherche sur google. Ce qui est bizarre, c'est qu'il ne m'empêche pas d'aller sur msn. Bref.

 

Je poste donc mon rapport Hijackthis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:56:50, on 15/02/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\OpenOffice.org 2.0\program\soffice.exe

C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\Taskmgr.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

C:\Users\ALBERNY\Documents\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O13 - Gopher Prefix:

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_1_1_0.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

 

--

End of file - 6499 bytes

 

Si je m'y suis mal pris, quand au bon fonctionnement du forum, je m'excuse d'avance.

 

Nicolas.

[pear]

Bonjour,

Téléchargez les logiciels suivants pour les lancer l'un après l'autre.

Vous en posterez les rapports ensuite, en fin de procédures

 

Télécharger load_tdsskiller de Loup Blanc sur le Bureau

Cet outil est conçu pour automatiser différentes tâches proposées par TDSSKiller, un fix de Kaspersky.

• Lancer load_tdsskiller en double-cliquant dessus :
  l'outil va se connecter au Net pour télécharger une copie à jour de TDSSKiller et lancer le scan
  
• Un message dans la fenêtre noire d'invite de commande vous demandera d'appuyer sur une touche pour continuer
  
• Le rapport s'affichera automatiquement : copier-coller son contenu dans la prochaine réponse
  (le fichier est également présent ici : C:\tdsskiller\report.txt)
  
• Redémarrer le PC
  

 

rkill.comTélécharger Rkill de Grinler sur le bureau,

double clic pour le lancer.

Sous Vista, faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur"

Une fenêtre (très rapide) indiquera que tout s'est bien déroulé.

Pour Vista, faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

il y aura 'un rapport là: %SystemDrive%\rkill.log

donnant la liste de tous les processus arrêtés.

 

Désinstallez Mbam, s'il est installé

Téléchargez MBAM

 

Branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)

Vous devez désactiver vos protections et ne savez pas comment faire

 

Sur Bleeping Computers en Anglais:

 

Sur PCA,En Français

* Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet)

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

Vérifiez que les options Update et Launch soient cochées

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue..

* Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:

Si le pare-feu demande l'autorisation à MBAM de se connecter, acceptez.

* Une fois la mise à jour terminée, allez dans l'onglet Recherche.

* Sélectionnez "Exécuter un examen complet"

* Cliquez sur "Rechercher"

* .L' analyse prendra un certain temps, soyez patient !

* A la fin , un message affichera :

L'examen s'est terminé normalement.

 

*Si MBAM n'a rien trouvé, il le dira aussi.

Cliquez sur "Ok" pour poursuivre.

*Fermez les navigateurs.

Cliquez sur Afficher les résultats .

 

*Sélectionnez tout et cliquez sur Supprimer la sélection ,

MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

* Copiez-collez ce rapport dans la prochaine réponse.

[heavyshred666]

Merci!!

 

Alors voici le rapport de TDSSKiller :

 

14:41:12:430 4308 TDSS rootkit removing tool 2.2.3 Feb 4 2010 14:34:00

14:41:12:430 4308 ================================================================================

14:41:12:430 4308 SystemInfo:

 

14:41:12:430 4308 OS Version: 6.0.6002 ServicePack: 2.0

14:41:12:430 4308 Product type: Workstation

14:41:12:430 4308 ComputerName: PC-DE-ALBERNY

14:41:12:430 4308 UserName: ALBERNY

14:41:12:430 4308 Windows directory: C:\Windows

14:41:12:430 4308 Processor architecture: Intel x86

14:41:12:430 4308 Number of processors: 2

14:41:12:430 4308 Page size: 0x1000

14:41:12:430 4308 Boot type: Normal boot

14:41:12:430 4308 ================================================================================

14:41:12:430 4308 UnloadDriverW: NtUnloadDriver error 2

14:41:12:430 4308 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

14:41:12:445 4308 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000

14:41:12:601 4308 UtilityInit: KLMD drop and load success

14:41:12:601 4308 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)

14:41:12:601 4308 UtilityInit: KLMD open success

14:41:12:601 4308 UtilityInit: Initialize success

14:41:12:601 4308

14:41:12:601 4308 Scanning Services ...

14:41:12:601 4308 CreateRegParser: Registry parser init started

14:41:12:601 4308 CreateRegParser: DisableWow64Redirection error

14:41:12:601 4308 wfopen_ex: Trying to open file C:\Windows\system32\config\system

14:41:12:601 4308 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043

14:41:12:601 4308 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

14:41:12:601 4308 wfopen_ex: Trying to KLMD file open

14:41:12:601 4308 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system

14:41:12:601 4308 wfopen_ex: File opened ok (Flags 2)

14:41:12:617 4308 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 18F6A90

14:41:12:617 4308 wfopen_ex: Trying to open file C:\Windows\system32\config\software

14:41:12:617 4308 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043

14:41:12:617 4308 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

14:41:12:617 4308 wfopen_ex: Trying to KLMD file open

14:41:12:617 4308 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software

14:41:12:617 4308 wfopen_ex: File opened ok (Flags 2)

14:41:12:617 4308 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 18F6AB8

14:41:12:617 4308 CreateRegParser: EnableWow64Redirection error

14:41:12:617 4308 CreateRegParser: RegParser init completed

14:41:13:194 4308 GetAdvancedServicesInfo: Raw services enum returned 412 services

14:41:13:210 4308 fclose_ex: Trying to close file C:\Windows\system32\config\system

14:41:13:210 4308 fclose_ex: Trying to close file C:\Windows\system32\config\software

14:41:13:210 4308

14:41:13:210 4308 Scanning Kernel memory ...

14:41:13:210 4308 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk

14:41:13:210 4308 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 84A17688

14:41:13:210 4308 DetectCureTDL3: KLMD_GetDeviceObjectList returned 6 DevObjects

14:41:13:210 4308

14:41:13:210 4308 DetectCureTDL3: DEVICE_OBJECT: 843512C0

14:41:13:210 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 843512C0

14:41:13:210 4308 DetectCureTDL3: DEVICE_OBJECT: 84441B58

14:41:13:210 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84441B58

14:41:13:210 4308 KLMD_ReadMem: Trying to ReadMemory 0x84441B58[0x38]

14:41:13:210 4308 DetectCureTDL3: DRIVER_OBJECT: 8588B170

14:41:13:210 4308 KLMD_ReadMem: Trying to ReadMemory 0x8588B170[0xA8]

14:41:13:210 4308 KLMD_ReadMem: Trying to ReadMemory 0x8588B120[0x1E]

14:41:13:210 4308 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

14:41:13:210 4308 DetectCureTDL3: IrpHandler (0) addr: 8CA53FC8

14:41:13:210 4308 DetectCureTDL3: IrpHandler (1) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (2) addr: 8CA54040

14:41:13:210 4308 DetectCureTDL3: IrpHandler (3) addr: 8CA540B8

14:41:13:210 4308 DetectCureTDL3: IrpHandler (4) addr: 8CA540B8

14:41:13:210 4308 DetectCureTDL3: IrpHandler (5) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (6) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (7) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler ( addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (9) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (10) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (11) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (12) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (13) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (14) addr: 8CA53BC4

14:41:13:210 4308 DetectCureTDL3: IrpHandler (15) addr: 8CA477E4

14:41:13:210 4308 DetectCureTDL3: IrpHandler (16) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (17) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (18) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (19) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (20) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (21) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (22) addr: 8CA5259C

14:41:13:210 4308 DetectCureTDL3: IrpHandler (23) addr: 8CA4F7A2

14:41:13:210 4308 DetectCureTDL3: IrpHandler (24) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (25) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (26) addr: 81C44A22

14:41:13:210 4308 KLMD_ReadMem: Trying to ReadMemory 0x8CA49F26[0x400]

14:41:13:210 4308 TDL3_StartIoHookDetect: CheckParameters: 4, 8CA4E000, 0

14:41:13:210 4308 TDL3_FileDetect: Processing driver: USBSTOR

14:41:13:210 4308 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:41:13:210 4308 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:41:13:210 4308 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

14:41:13:210 4308

14:41:13:210 4308 DetectCureTDL3: DEVICE_OBJECT: 85EC3030

14:41:13:210 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85EC3030

14:41:13:210 4308 DetectCureTDL3: DEVICE_OBJECT: 85F47CB8

14:41:13:210 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85F47CB8

14:41:13:210 4308 KLMD_ReadMem: Trying to ReadMemory 0x85F47CB8[0x38]

14:41:13:210 4308 DetectCureTDL3: DRIVER_OBJECT: 8588B170

14:41:13:210 4308 KLMD_ReadMem: Trying to ReadMemory 0x8588B170[0xA8]

14:41:13:210 4308 KLMD_ReadMem: Trying to ReadMemory 0x8588B120[0x1E]

14:41:13:210 4308 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

14:41:13:210 4308 DetectCureTDL3: IrpHandler (0) addr: 8CA53FC8

14:41:13:210 4308 DetectCureTDL3: IrpHandler (1) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (2) addr: 8CA54040

14:41:13:210 4308 DetectCureTDL3: IrpHandler (3) addr: 8CA540B8

14:41:13:210 4308 DetectCureTDL3: IrpHandler (4) addr: 8CA540B8

14:41:13:210 4308 DetectCureTDL3: IrpHandler (5) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (6) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (7) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler ( addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (9) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (10) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (11) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (12) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (13) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (14) addr: 8CA53BC4

14:41:13:210 4308 DetectCureTDL3: IrpHandler (15) addr: 8CA477E4

14:41:13:210 4308 DetectCureTDL3: IrpHandler (16) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (17) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (18) addr: 81C44A22

14:41:13:210 4308 DetectCureTDL3: IrpHandler (19) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (20) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (21) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (22) addr: 8CA5259C

14:41:13:225 4308 DetectCureTDL3: IrpHandler (23) addr: 8CA4F7A2

14:41:13:225 4308 DetectCureTDL3: IrpHandler (24) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (25) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (26) addr: 81C44A22

14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x8CA49F26[0x400]

14:41:13:225 4308 TDL3_StartIoHookDetect: CheckParameters: 4, 8CA4E000, 0

14:41:13:225 4308 TDL3_FileDetect: Processing driver: USBSTOR

14:41:13:225 4308 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:41:13:225 4308 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:41:13:225 4308 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

14:41:13:225 4308

14:41:13:225 4308 DetectCureTDL3: DEVICE_OBJECT: 85F03030

14:41:13:225 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85F03030

14:41:13:225 4308 DetectCureTDL3: DEVICE_OBJECT: 85E9C9A0

14:41:13:225 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85E9C9A0

14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x85E9C9A0[0x38]

14:41:13:225 4308 DetectCureTDL3: DRIVER_OBJECT: 8588B170

14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x8588B170[0xA8]

14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x8588B120[0x1E]

14:41:13:225 4308 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

14:41:13:225 4308 DetectCureTDL3: IrpHandler (0) addr: 8CA53FC8

14:41:13:225 4308 DetectCureTDL3: IrpHandler (1) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (2) addr: 8CA54040

14:41:13:225 4308 DetectCureTDL3: IrpHandler (3) addr: 8CA540B8

14:41:13:225 4308 DetectCureTDL3: IrpHandler (4) addr: 8CA540B8

14:41:13:225 4308 DetectCureTDL3: IrpHandler (5) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (6) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (7) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler ( addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (9) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (10) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (11) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (12) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (13) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (14) addr: 8CA53BC4

14:41:13:225 4308 DetectCureTDL3: IrpHandler (15) addr: 8CA477E4

14:41:13:225 4308 DetectCureTDL3: IrpHandler (16) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (17) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (18) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (19) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (20) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (21) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (22) addr: 8CA5259C

14:41:13:225 4308 DetectCureTDL3: IrpHandler (23) addr: 8CA4F7A2

14:41:13:225 4308 DetectCureTDL3: IrpHandler (24) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (25) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (26) addr: 81C44A22

14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x8CA49F26[0x400]

14:41:13:225 4308 TDL3_StartIoHookDetect: CheckParameters: 4, 8CA4E000, 0

14:41:13:225 4308 TDL3_FileDetect: Processing driver: USBSTOR

14:41:13:225 4308 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:41:13:225 4308 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:41:13:225 4308 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

14:41:13:225 4308

14:41:13:225 4308 DetectCureTDL3: DEVICE_OBJECT: 85F4FAC8

14:41:13:225 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85F4FAC8

14:41:13:225 4308 DetectCureTDL3: DEVICE_OBJECT: 85F1A338

14:41:13:225 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85F1A338

14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x85F1A338[0x38]

14:41:13:225 4308 DetectCureTDL3: DRIVER_OBJECT: 8588B170

14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x8588B170[0xA8]

14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x8588B120[0x1E]

14:41:13:225 4308 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

14:41:13:225 4308 DetectCureTDL3: IrpHandler (0) addr: 8CA53FC8

14:41:13:225 4308 DetectCureTDL3: IrpHandler (1) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (2) addr: 8CA54040

14:41:13:225 4308 DetectCureTDL3: IrpHandler (3) addr: 8CA540B8

14:41:13:225 4308 DetectCureTDL3: IrpHandler (4) addr: 8CA540B8

14:41:13:225 4308 DetectCureTDL3: IrpHandler (5) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (6) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (7) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler ( addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (9) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (10) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (11) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (12) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (13) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (14) addr: 8CA53BC4

14:41:13:225 4308 DetectCureTDL3: IrpHandler (15) addr: 8CA477E4

14:41:13:225 4308 DetectCureTDL3: IrpHandler (16) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (17) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (18) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (19) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (20) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (21) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (22) addr: 8CA5259C

14:41:13:225 4308 DetectCureTDL3: IrpHandler (23) addr: 8CA4F7A2

14:41:13:225 4308 DetectCureTDL3: IrpHandler (24) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (25) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (26) addr: 81C44A22

14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x8CA49F26[0x400]

14:41:13:225 4308 TDL3_StartIoHookDetect: CheckParameters: 4, 8CA4E000, 0

14:41:13:225 4308 TDL3_FileDetect: Processing driver: USBSTOR

14:41:13:225 4308 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:41:13:225 4308 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:41:13:225 4308 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

14:41:13:225 4308

14:41:13:225 4308 DetectCureTDL3: DEVICE_OBJECT: 85F40030

14:41:13:225 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85F40030

14:41:13:225 4308 DetectCureTDL3: DEVICE_OBJECT: 857B24A8

14:41:13:225 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 857B24A8

14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x857B24A8[0x38]

14:41:13:225 4308 DetectCureTDL3: DRIVER_OBJECT: 8588B170

14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x8588B170[0xA8]

14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x8588B120[0x1E]

14:41:13:225 4308 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

14:41:13:225 4308 DetectCureTDL3: IrpHandler (0) addr: 8CA53FC8

14:41:13:225 4308 DetectCureTDL3: IrpHandler (1) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (2) addr: 8CA54040

14:41:13:225 4308 DetectCureTDL3: IrpHandler (3) addr: 8CA540B8

14:41:13:225 4308 DetectCureTDL3: IrpHandler (4) addr: 8CA540B8

14:41:13:225 4308 DetectCureTDL3: IrpHandler (5) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (6) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (7) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler ( addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (9) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (10) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (11) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (12) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (13) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (14) addr: 8CA53BC4

14:41:13:225 4308 DetectCureTDL3: IrpHandler (15) addr: 8CA477E4

14:41:13:225 4308 DetectCureTDL3: IrpHandler (16) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (17) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (18) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (19) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (20) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (21) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (22) addr: 8CA5259C

14:41:13:225 4308 DetectCureTDL3: IrpHandler (23) addr: 8CA4F7A2

14:41:13:225 4308 DetectCureTDL3: IrpHandler (24) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (25) addr: 81C44A22

14:41:13:225 4308 DetectCureTDL3: IrpHandler (26) addr: 81C44A22

14:41:13:225 4308 KLMD_ReadMem: Trying to ReadMemory 0x8CA49F26[0x400]

14:41:13:225 4308 TDL3_StartIoHookDetect: CheckParameters: 4, 8CA4E000, 0

14:41:13:225 4308 TDL3_FileDetect: Processing driver: USBSTOR

14:41:13:225 4308 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:41:13:225 4308 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:41:13:241 4308 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

14:41:13:241 4308

14:41:13:241 4308 DetectCureTDL3: DEVICE_OBJECT: 84FC5AC8

14:41:13:241 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84FC5AC8

14:41:13:241 4308 DetectCureTDL3: DEVICE_OBJECT: 84800898

14:41:13:241 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84800898

14:41:13:241 4308 DetectCureTDL3: DEVICE_OBJECT: 847FEB98

14:41:13:241 4308 KLMD_GetLowerDeviceObject: Trying to get lower device object for 847FEB98

14:41:13:241 4308 KLMD_ReadMem: Trying to ReadMemory 0x847FEB98[0x38]

14:41:13:241 4308 DetectCureTDL3: DRIVER_OBJECT: 847DF350

14:41:13:241 4308 KLMD_ReadMem: Trying to ReadMemory 0x847DF350[0xA8]

14:41:13:241 4308 KLMD_ReadMem: Trying to ReadMemory 0x847DF618[0x1A]

14:41:13:241 4308 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi

14:41:13:241 4308 DetectCureTDL3: IrpHandler (0) addr: 807B8140

14:41:13:241 4308 DetectCureTDL3: IrpHandler (1) addr: 81C44A22

14:41:13:241 4308 DetectCureTDL3: IrpHandler (2) addr: 807B8140

14:41:13:241 4308 DetectCureTDL3: IrpHandler (3) addr: 81C44A22

14:41:13:241 4308 DetectCureTDL3: IrpHandler (4) addr: 81C44A22

14:41:13:241 4308 DetectCureTDL3: IrpHandler (5) addr: 81C44A22

14:41:13:241 4308 DetectCureTDL3: IrpHandler (6) addr: 81C44A22

14:41:13:241 4308 DetectCureTDL3: IrpHandler (7) addr: 81C44A22

14:41:13:241 4308 DetectCureTDL3: IrpHandler ( addr: 81C44A22

14:41:13:241 4308 DetectCureTDL3: IrpHandler (9) addr: 81C44A22

14:41:13:241 4308 DetectCureTDL3: IrpHandler (10) addr: 81C44A22

14:41:13:241 4308 DetectCureTDL3: IrpHandler (11) addr: 81C44A22

14:41:13:241 4308 DetectCureTDL3: IrpHandler (12) addr: 81C44A22

14:41:13:241 4308 DetectCureTDL3: IrpHandler (13) addr: 81C44A22

14:41:13:241 4308 DetectCureTDL3: IrpHandler (14) addr: 807A6A5A

14:41:13:241 4308 DetectCureTDL3: IrpHandler (15) addr: 807A6A2C

14:41:13:241 4308 DetectCureTDL3: IrpHandler (16) addr: 81C44A22

14:41:13:241 4308 DetectCureTDL3: IrpHandler (17) addr: 81C44A22

14:41:13:241 4308 DetectCureTDL3: IrpHandler (18) addr: 81C44A22

14:41:13:241 4308 DetectCureTDL3: IrpHandler (19) addr: 81C44A22

14:41:13:241 4308 DetectCureTDL3: IrpHandler (20) addr: 81C44A22

14:41:13:241 4308 DetectCureTDL3: IrpHandler (21) addr: 81C44A22

14:41:13:241 4308 DetectCureTDL3: IrpHandler (22) addr: 807A6A88

14:41:13:241 4308 DetectCureTDL3: IrpHandler (23) addr: 807B3B70

14:41:13:241 4308 DetectCureTDL3: IrpHandler (24) addr: 81C44A22

14:41:13:241 4308 DetectCureTDL3: IrpHandler (25) addr: 81C44A22

14:41:13:241 4308 DetectCureTDL3: IrpHandler (26) addr: 81C44A22

14:41:13:241 4308 TDL3_FileDetect: Processing driver: atapi

14:41:13:241 4308 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys

14:41:13:241 4308 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys

14:41:13:241 4308 TDL3_FileDetect: C:\Windows\system32\drivers\atapi.sys - Verdict: Clean

14:41:13:241 4308

14:41:13:241 4308 Completed

14:41:13:241 4308

14:41:13:241 4308 Results:

14:41:13:241 4308 Memory objects infected / cured / cured on reboot: 0 / 0 / 0

14:41:13:256 4308 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

14:41:13:256 4308 File objects infected / cured / cured on reboot: 0 / 0 / 0

14:41:13:256 4308

14:41:13:256 4308 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000

14:41:13:256 4308 UtilityDeinit: KLMD(ARK) unloaded successfully

 

 

Et celui de MBAM :

 

Malwarebytes' Anti-Malware 1.44

Version de la base de données: 3741

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

 

15/02/2010 15:58:40

mbam-log-2010-02-15 (15-58-40).txt

 

Type de recherche: Examen complet (C:\|I:\|)

Eléments examinés: 259981

Temps écoulé: 58 minute(s), 58 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 1

Fichier(s) infecté(s): 5

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\secfile (Trojan.Fakealert) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\Program Files\Winsudate (Adware.édité) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Program Files\Winsudate\gibcom.dll (Adware.édité) -> Quarantined and deleted successfully.

C:\Program Files\Winsudate\gibidl.dll (Adware.édité) -> Quarantined and deleted successfully.

C:\Program Files\Winsudate\gibupt.exe (Adware.édité) -> Quarantined and deleted successfully.

C:\Users\ALBERNY\AppData\Local\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

C:\Users\ALBERNY\Local Settings\Application Data\av.exe (ROGUE.Win7Antispyware2010) -> Quarantined and deleted successfully.

[pear]

Bien,

Par précaution faites un scan en ligne:

 

Scan en ligne

NOTE: Le scan en ligne sera à faire avec Internet Explorer.

Désactiver l'antivirus actuel

 

Notez que ce scan examine , mais ne désinfecte pas

Kaspersky

Sous Vista,il faut désactiver l'UAC, et cliquer droit sur Internet Explorer / Exécuter en tant qu'administrateur et coller l'URL de Kaspersky

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

Vider la corbeille.

* Cliquer sur Accept

* Une barre jaune va demander d'accepter l'installation de Kavwebscan_Unicode.cab, installer l'Active X.

* cliquer une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patienter un moment

* Cliquer sur Next.

* Cliquer sur My Computer, le scan se met en route;

attendre la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

A la fin du scan, si des objets infectés sont découverts, cliquer sur Save report as...

Choisir bureau et nommer le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisir "fichiers texte" enregistrer le rapport.

Copier/coller l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

Coller ce rapport dans la réponse sur le forum.