Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

problème avec vista antispyware 2010

Alex37

Par Alex37
dans Analyses et éradication malwares

 Partager

Messages recommandés

Alex37 Junior Member

Alex37

Posté(e)
Posté(e)

Bonjour à tous, mon problème comme l'indique le titre est que depuis dimanche soir j'ai ce maudit logiciel qui s'est installé et de plus il n'est présent que sur ma session et pas sur celle de mon père la session administrateur. Voila le rapport d'Hijackthis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:29:54, on 16/02/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\OrangeHSS\Systray\SystrayApp.exe

C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Users\ALEXANDRE\AppData\Local\Temp\7zS63E2.tmp\firefox.exe

C:\Users\ALEXANDRE\AppData\Local\MSASCui.exe

C:\Users\ALEXANDRE\Downloads\HiJackThis.exe

C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: McAfee Security Scan.lnk = ?

O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O13 - Gopher Prefix:

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 10077 bytes

 

J'espère que vous pourrez m'aider.

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonsoir,

 

1) Télécharge TDSS Killer de Kaspersky. http://senduit.com/ea5902 Enregistrer sur le bureau. (et pas ailleurs).

 

Va dans Démarrer/exécuter (ou touches Windows et R) et copie/colle le contenu du cadre ci-dessous:

 

"%userprofile%\bureau\TDSSKiller.exe" -l TDSSlog.txt -v

 

A la fin de l'exécution, appuie sur une touche comme demandé pour fermer la fenêtre.

Un fichier TDSSlog.txt va apparaitre sur ton bureau.

Ouvre le et poste l'intégralité de son contenu dans ta prochaine réponse.

 

NB: Si l'outil demande un reboot, accepte en tapant Y (yes).

D'ailleurs, applique tout ce qu'il propose.

 

------------------

2) Étape 1: rkill (de Grinler), téléchargement

Télécharger rkill depuis l'un des liens ci-dessous:

 

Lien 1

Lien 2

Lien 3

Lien 4

 

Enregistrer le fichier sur le Bureau.

 

 

Étape 2: Pas de processus de contrôle en temps réel

Désactiver le module résident de l'antivirus et celui de l'antispyware.

 

 

Étape 3: rkill (de Grinler), exécution

Faire un double clic sur le fichier rkill téléchargé pour lancer l'outil.

Pour Vista, faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

 

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.

 

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des quatre liens ci-dessus et faire une nouvelle tentative d'exécution.

 

Si aucun des outils téléchargés depuis les quatre liens ci-dessus ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum.

 

Le rapport se trouve sous C:\

 

---------------------------------

3) Télécharge Malwarebytes' Anti-Malware (MBAM)

 

Ce logiciel est à garder.

 

Uniquement en cas de problème de mise à jour:

 

Télécharger mises à jour MBAM

 

Exécute le fichier après l'installation de MBAM

 

Connecter les supports amovibles (clés usb etc.) avant de lancer l'analyse.

 

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen complet"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

Si MBAM demande à redémarrer le pc, fais-le.

 

!!! Ne pas vider la quarantaine de MBAM sans avis !!! (en cas de faux-positifs toujours possibles.)

 

Poste également un nouveau log Hijackthis stp.

 

@++

Alex37 Junior Member

Alex37

Posté(e)
  • Auteur
Posté(e) (modifié)

Voila le rapport TDSSKiller :

 

14:59:19:092 2456 TDSS rootkit removing tool 2.2.4 Feb 15 2010 19:38:31

14:59:19:092 2456 ================================================================================

14:59:19:092 2456 SystemInfo:

 

14:59:19:092 2456 OS Version: 6.0.6002 ServicePack: 2.0

14:59:19:092 2456 Product type: Workstation

14:59:19:093 2456 ComputerName: PC-DE-UTILISATE

14:59:19:094 2456 UserName: utilisateur

14:59:19:095 2456 Windows directory: C:\Windows

14:59:19:095 2456 Processor architecture: Intel x86

14:59:19:095 2456 Number of processors: 1

14:59:19:095 2456 Page size: 0x1000

14:59:19:129 2456 Boot type: Normal boot

14:59:19:130 2456 ================================================================================

14:59:19:138 2456 UnloadDriverW: NtUnloadDriver error 2

14:59:19:138 2456 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

14:59:19:139 2456 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000

14:59:19:589 2456 UtilityInit: KLMD drop and load success

14:59:19:589 2456 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)

14:59:19:589 2456 UtilityInit: KLMD open success

14:59:19:589 2456 UtilityInit: Initialize success

14:59:19:589 2456

14:59:19:589 2456 Scanning Services ...

14:59:19:590 2456 CreateRegParser: Registry parser init started

14:59:19:590 2456 CreateRegParser: DisableWow64Redirection error

14:59:19:590 2456 wfopen_ex: Trying to open file C:\Windows\system32\config\system

14:59:19:590 2456 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043

14:59:19:590 2456 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

14:59:19:590 2456 wfopen_ex: Trying to KLMD file open

14:59:19:590 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system

14:59:19:590 2456 wfopen_ex: File opened ok (Flags 2)

14:59:19:606 2456 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 21BD600

14:59:19:606 2456 wfopen_ex: Trying to open file C:\Windows\system32\config\software

14:59:19:607 2456 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043

14:59:19:607 2456 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

14:59:19:607 2456 wfopen_ex: Trying to KLMD file open

14:59:19:607 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software

14:59:19:607 2456 wfopen_ex: File opened ok (Flags 2)

14:59:19:607 2456 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 21B12A0

14:59:19:607 2456 CreateRegParser: EnableWow64Redirection error

14:59:19:607 2456 CreateRegParser: RegParser init completed

14:59:20:277 2456 GetAdvancedServicesInfo: Raw services enum returned 435 services

14:59:20:294 2456 fclose_ex: Trying to close file C:\Windows\system32\config\system

14:59:20:295 2456 fclose_ex: Trying to close file C:\Windows\system32\config\software

14:59:20:295 2456

14:59:20:304 2456 Scanning Kernel memory ...

14:59:20:304 2456 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk

14:59:20:304 2456 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 867930E8

14:59:20:304 2456 DetectCureTDL3: KLMD_GetDeviceObjectList returned 5 DevObjects

14:59:20:304 2456

14:59:20:304 2456 DetectCureTDL3: DEVICE_OBJECT: 87A52560

14:59:20:304 2456 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87A52560

14:59:20:304 2456 DetectCureTDL3: DEVICE_OBJECT: 87A14CB8

14:59:20:304 2456 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87A14CB8

14:59:20:304 2456 KLMD_ReadMem: Trying to ReadMemory 0x87A14CB8[0x38]

14:59:20:304 2456 DetectCureTDL3: DRIVER_OBJECT: 87985C08

14:59:20:304 2456 KLMD_ReadMem: Trying to ReadMemory 0x87985C08[0xA8]

14:59:20:305 2456 KLMD_ReadMem: Trying to ReadMemory 0x87987A18[0x1E]

14:59:20:305 2456 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

14:59:20:305 2456 DetectCureTDL3: IRP_MJ_CREATE : 8F382FC8

14:59:20:305 2456 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 84268A22

14:59:20:305 2456 DetectCureTDL3: IRP_MJ_CLOSE : 8F383040

14:59:20:305 2456 DetectCureTDL3: IRP_MJ_READ : 8F3830B8

14:59:20:305 2456 DetectCureTDL3: IRP_MJ_WRITE : 8F3830B8

14:59:20:305 2456 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 84268A22

14:59:20:305 2456 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 84268A22

14:59:20:305 2456 DetectCureTDL3: IRP_MJ_QUERY_EA : 84268A22

14:59:20:305 2456 DetectCureTDL3: IRP_MJ_SET_EA : 84268A22

14:59:20:305 2456 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 84268A22

14:59:20:305 2456 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 84268A22

14:59:20:305 2456 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 84268A22

14:59:20:305 2456 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 84268A22

14:59:20:305 2456 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 84268A22

14:59:20:305 2456 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : 8F382BC4

14:59:20:305 2456 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : 8F3767E4

14:59:20:306 2456 DetectCureTDL3: IRP_MJ_SHUTDOWN : 84268A22

14:59:20:306 2456 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 84268A22

14:59:20:306 2456 DetectCureTDL3: IRP_MJ_CLEANUP : 84268A22

14:59:20:306 2456 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 84268A22

14:59:20:306 2456 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 84268A22

14:59:20:306 2456 DetectCureTDL3: IRP_MJ_SET_SECURITY : 84268A22

14:59:20:306 2456 DetectCureTDL3: IRP_MJ_POWER : 8F38159C

14:59:20:306 2456 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : 8F37E7A2

14:59:20:306 2456 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 84268A22

14:59:20:306 2456 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 84268A22

14:59:20:306 2456 DetectCureTDL3: IRP_MJ_SET_QUOTA : 84268A22

14:59:20:306 2456 TDL3_FileDetect: Processing driver: USBSTOR

14:59:20:306 2456 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:59:20:306 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:59:20:328 2456 KLMD_ReadMem: Trying to ReadMemory 0x8F378F26[0x400]

14:59:20:328 2456 TDL3_StartIoHookDetect: CheckParameters: 4, 8F37D000, 0

14:59:20:328 2456 TDL3_FileDetect: Processing driver: USBSTOR

14:59:20:328 2456 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:59:20:328 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:59:20:332 2456 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

14:59:20:332 2456

14:59:20:332 2456 DetectCureTDL3: DEVICE_OBJECT: 87A52AC8

14:59:20:332 2456 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87A52AC8

14:59:20:332 2456 DetectCureTDL3: DEVICE_OBJECT: 87B3ACB8

14:59:20:332 2456 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87B3ACB8

14:59:20:332 2456 KLMD_ReadMem: Trying to ReadMemory 0x87B3ACB8[0x38]

14:59:20:332 2456 DetectCureTDL3: DRIVER_OBJECT: 87985C08

14:59:20:332 2456 KLMD_ReadMem: Trying to ReadMemory 0x87985C08[0xA8]

14:59:20:332 2456 KLMD_ReadMem: Trying to ReadMemory 0x87987A18[0x1E]

14:59:20:332 2456 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

14:59:20:332 2456 DetectCureTDL3: IRP_MJ_CREATE : 8F382FC8

14:59:20:332 2456 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 84268A22

14:59:20:332 2456 DetectCureTDL3: IRP_MJ_CLOSE : 8F383040

14:59:20:332 2456 DetectCureTDL3: IRP_MJ_READ : 8F3830B8

14:59:20:332 2456 DetectCureTDL3: IRP_MJ_WRITE : 8F3830B8

14:59:20:332 2456 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 84268A22

14:59:20:332 2456 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 84268A22

14:59:20:333 2456 DetectCureTDL3: IRP_MJ_QUERY_EA : 84268A22

14:59:20:333 2456 DetectCureTDL3: IRP_MJ_SET_EA : 84268A22

14:59:20:333 2456 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 84268A22

14:59:20:333 2456 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 84268A22

14:59:20:333 2456 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 84268A22

14:59:20:333 2456 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 84268A22

14:59:20:333 2456 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 84268A22

14:59:20:333 2456 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : 8F382BC4

14:59:20:333 2456 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : 8F3767E4

14:59:20:333 2456 DetectCureTDL3: IRP_MJ_SHUTDOWN : 84268A22

14:59:20:333 2456 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 84268A22

14:59:20:333 2456 DetectCureTDL3: IRP_MJ_CLEANUP : 84268A22

14:59:20:333 2456 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 84268A22

14:59:20:333 2456 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 84268A22

14:59:20:333 2456 DetectCureTDL3: IRP_MJ_SET_SECURITY : 84268A22

14:59:20:333 2456 DetectCureTDL3: IRP_MJ_POWER : 8F38159C

14:59:20:333 2456 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : 8F37E7A2

14:59:20:333 2456 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 84268A22

14:59:20:333 2456 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 84268A22

14:59:20:333 2456 DetectCureTDL3: IRP_MJ_SET_QUOTA : 84268A22

14:59:20:333 2456 TDL3_FileDetect: Processing driver: USBSTOR

14:59:20:334 2456 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:59:20:334 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:59:20:336 2456 KLMD_ReadMem: Trying to ReadMemory 0x8F378F26[0x400]

14:59:20:336 2456 TDL3_StartIoHookDetect: CheckParameters: 4, 8F37D000, 0

14:59:20:336 2456 TDL3_FileDetect: Processing driver: USBSTOR

14:59:20:336 2456 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:59:20:336 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:59:20:339 2456 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

14:59:20:339 2456

14:59:20:340 2456 DetectCureTDL3: DEVICE_OBJECT: 87A577C8

14:59:20:340 2456 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87A577C8

14:59:20:340 2456 DetectCureTDL3: DEVICE_OBJECT: 87539700

14:59:20:340 2456 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87539700

14:59:20:340 2456 KLMD_ReadMem: Trying to ReadMemory 0x87539700[0x38]

14:59:20:340 2456 DetectCureTDL3: DRIVER_OBJECT: 87985C08

14:59:20:340 2456 KLMD_ReadMem: Trying to ReadMemory 0x87985C08[0xA8]

14:59:20:340 2456 KLMD_ReadMem: Trying to ReadMemory 0x87987A18[0x1E]

14:59:20:340 2456 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

14:59:20:340 2456 DetectCureTDL3: IRP_MJ_CREATE : 8F382FC8

14:59:20:340 2456 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 84268A22

14:59:20:340 2456 DetectCureTDL3: IRP_MJ_CLOSE : 8F383040

14:59:20:340 2456 DetectCureTDL3: IRP_MJ_READ : 8F3830B8

14:59:20:340 2456 DetectCureTDL3: IRP_MJ_WRITE : 8F3830B8

14:59:20:340 2456 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 84268A22

14:59:20:340 2456 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 84268A22

14:59:20:340 2456 DetectCureTDL3: IRP_MJ_QUERY_EA : 84268A22

14:59:20:340 2456 DetectCureTDL3: IRP_MJ_SET_EA : 84268A22

14:59:20:340 2456 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 84268A22

14:59:20:340 2456 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 84268A22

14:59:20:340 2456 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 84268A22

14:59:20:340 2456 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 84268A22

14:59:20:341 2456 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 84268A22

14:59:20:341 2456 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : 8F382BC4

14:59:20:341 2456 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : 8F3767E4

14:59:20:341 2456 DetectCureTDL3: IRP_MJ_SHUTDOWN : 84268A22

14:59:20:341 2456 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 84268A22

14:59:20:341 2456 DetectCureTDL3: IRP_MJ_CLEANUP : 84268A22

14:59:20:341 2456 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 84268A22

14:59:20:341 2456 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 84268A22

14:59:20:341 2456 DetectCureTDL3: IRP_MJ_SET_SECURITY : 84268A22

14:59:20:341 2456 DetectCureTDL3: IRP_MJ_POWER : 8F38159C

14:59:20:341 2456 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : 8F37E7A2

14:59:20:341 2456 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 84268A22

14:59:20:341 2456 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 84268A22

14:59:20:341 2456 DetectCureTDL3: IRP_MJ_SET_QUOTA : 84268A22

14:59:20:341 2456 TDL3_FileDetect: Processing driver: USBSTOR

14:59:20:341 2456 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:59:20:341 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:59:20:344 2456 KLMD_ReadMem: Trying to ReadMemory 0x8F378F26[0x400]

14:59:20:344 2456 TDL3_StartIoHookDetect: CheckParameters: 4, 8F37D000, 0

14:59:20:344 2456 TDL3_FileDetect: Processing driver: USBSTOR

14:59:20:344 2456 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:59:20:344 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:59:20:347 2456 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

14:59:20:347 2456

14:59:20:347 2456 DetectCureTDL3: DEVICE_OBJECT: 87A57030

14:59:20:347 2456 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87A57030

14:59:20:347 2456 DetectCureTDL3: DEVICE_OBJECT: 875377D0

14:59:20:347 2456 KLMD_GetLowerDeviceObject: Trying to get lower device object for 875377D0

14:59:20:347 2456 KLMD_ReadMem: Trying to ReadMemory 0x875377D0[0x38]

14:59:20:348 2456 DetectCureTDL3: DRIVER_OBJECT: 87985C08

14:59:20:348 2456 KLMD_ReadMem: Trying to ReadMemory 0x87985C08[0xA8]

14:59:20:348 2456 KLMD_ReadMem: Trying to ReadMemory 0x87987A18[0x1E]

14:59:20:348 2456 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

14:59:20:348 2456 DetectCureTDL3: IRP_MJ_CREATE : 8F382FC8

14:59:20:348 2456 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 84268A22

14:59:20:348 2456 DetectCureTDL3: IRP_MJ_CLOSE : 8F383040

14:59:20:348 2456 DetectCureTDL3: IRP_MJ_READ : 8F3830B8

14:59:20:348 2456 DetectCureTDL3: IRP_MJ_WRITE : 8F3830B8

14:59:20:348 2456 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 84268A22

14:59:20:348 2456 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 84268A22

14:59:20:348 2456 DetectCureTDL3: IRP_MJ_QUERY_EA : 84268A22

14:59:20:348 2456 DetectCureTDL3: IRP_MJ_SET_EA : 84268A22

14:59:20:348 2456 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 84268A22

14:59:20:348 2456 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 84268A22

14:59:20:348 2456 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 84268A22

14:59:20:348 2456 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 84268A22

14:59:20:348 2456 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 84268A22

14:59:20:348 2456 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : 8F382BC4

14:59:20:348 2456 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : 8F3767E4

14:59:20:348 2456 DetectCureTDL3: IRP_MJ_SHUTDOWN : 84268A22

14:59:20:348 2456 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 84268A22

14:59:20:349 2456 DetectCureTDL3: IRP_MJ_CLEANUP : 84268A22

14:59:20:349 2456 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 84268A22

14:59:20:349 2456 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 84268A22

14:59:20:349 2456 DetectCureTDL3: IRP_MJ_SET_SECURITY : 84268A22

14:59:20:349 2456 DetectCureTDL3: IRP_MJ_POWER : 8F38159C

14:59:20:349 2456 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : 8F37E7A2

14:59:20:349 2456 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 84268A22

14:59:20:349 2456 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 84268A22

14:59:20:349 2456 DetectCureTDL3: IRP_MJ_SET_QUOTA : 84268A22

14:59:20:349 2456 TDL3_FileDetect: Processing driver: USBSTOR

14:59:20:349 2456 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:59:20:349 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:59:20:352 2456 KLMD_ReadMem: Trying to ReadMemory 0x8F378F26[0x400]

14:59:20:352 2456 TDL3_StartIoHookDetect: CheckParameters: 4, 8F37D000, 0

14:59:20:352 2456 TDL3_FileDetect: Processing driver: USBSTOR

14:59:20:352 2456 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:59:20:352 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:59:20:355 2456 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

14:59:20:355 2456

14:59:20:355 2456 DetectCureTDL3: DEVICE_OBJECT: 867A78B0

14:59:20:355 2456 KLMD_GetLowerDeviceObject: Trying to get lower device object for 867A78B0

14:59:20:355 2456 DetectCureTDL3: DEVICE_OBJECT: 8679E908

14:59:20:355 2456 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8679E908

14:59:20:355 2456 DetectCureTDL3: DEVICE_OBJECT: 8677D5E8

14:59:20:355 2456 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8677D5E8

14:59:20:355 2456 KLMD_ReadMem: Trying to ReadMemory 0x8677D5E8[0x38]

14:59:20:355 2456 DetectCureTDL3: DRIVER_OBJECT: 859AE5D0

14:59:20:356 2456 KLMD_ReadMem: Trying to ReadMemory 0x859AE5D0[0xA8]

14:59:20:356 2456 KLMD_ReadMem: Trying to ReadMemory 0x866F11B0[0x1A]

14:59:20:356 2456 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi

14:59:20:356 2456 DetectCureTDL3: IRP_MJ_CREATE : 84D37140

14:59:20:356 2456 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 84268A22

14:59:20:356 2456 DetectCureTDL3: IRP_MJ_CLOSE : 84D37140

14:59:20:356 2456 DetectCureTDL3: IRP_MJ_READ : 84268A22

14:59:20:356 2456 DetectCureTDL3: IRP_MJ_WRITE : 84268A22

14:59:20:356 2456 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 84268A22

14:59:20:356 2456 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 84268A22

14:59:20:356 2456 DetectCureTDL3: IRP_MJ_QUERY_EA : 84268A22

14:59:20:356 2456 DetectCureTDL3: IRP_MJ_SET_EA : 84268A22

14:59:20:356 2456 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 84268A22

14:59:20:356 2456 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 84268A22

14:59:20:356 2456 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 84268A22

14:59:20:356 2456 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 84268A22

14:59:20:356 2456 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 84268A22

14:59:20:356 2456 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : 84D25A5A

14:59:20:356 2456 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : 84D25A2C

14:59:20:356 2456 DetectCureTDL3: IRP_MJ_SHUTDOWN : 84268A22

14:59:20:356 2456 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 84268A22

14:59:20:356 2456 DetectCureTDL3: IRP_MJ_CLEANUP : 84268A22

14:59:20:357 2456 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 84268A22

14:59:20:357 2456 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 84268A22

14:59:20:357 2456 DetectCureTDL3: IRP_MJ_SET_SECURITY : 84268A22

14:59:20:357 2456 DetectCureTDL3: IRP_MJ_POWER : 84D25A88

14:59:20:357 2456 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : 84D32B70

14:59:20:357 2456 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 84268A22

14:59:20:357 2456 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 84268A22

14:59:20:357 2456 DetectCureTDL3: IRP_MJ_SET_QUOTA : 84268A22

14:59:20:357 2456 TDL3_FileDetect: Processing driver: atapi

14:59:20:357 2456 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys

14:59:20:357 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys

14:59:20:376 2456 TDL3_FileDetect: Processing driver: atapi

14:59:20:376 2456 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys

14:59:20:376 2456 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys

14:59:20:378 2456 TDL3_FileDetect: C:\Windows\system32\drivers\atapi.sys - Verdict: Clean

14:59:20:378 2456

14:59:20:379 2456 Completed

14:59:20:379 2456

14:59:20:379 2456 Results:

14:59:20:380 2456 Memory objects infected / cured / cured on reboot: 0 / 0 / 0

14:59:20:381 2456 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

14:59:20:382 2456 File objects infected / cured / cured on reboot: 0 / 0 / 0

14:59:20:382 2456

14:59:20:384 2456 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000

14:59:20:384 2456 UtilityDeinit: KLMD(ARK) unloaded successfully

 

Voila ce qu'a mis rkill :

 

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Ran as utilisateur on 18/02/2010 at 15:57:20.

 

 

Processes terminated by Rkill or while it was running:

 

 

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

 

 

Rkill completed on 18/02/2010 at 15:57:27.

 

Le rapport mbam :

 

Malwarebytes' Anti-Malware 1.44

Version de la base de données: 3741

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

 

18/02/2010 17:49:56

mbam-log-2010-02-18 (17-49-56).txt

 

Type de recherche: Examen complet (C:\|D:\|E:\|)

Eléments examinés: 323690

Temps écoulé: 1 hour(s), 43 minute(s), 35 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Et le rapport hijackthis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:51:03, on 18/02/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Users\ALEXANDRE\AppData\Local\MSASCui.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\OrangeHSS\Systray\SystrayApp.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\system32\conime.exe

C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe

C:\Windows\explorer.exe

C:\Users\ALEXANDRE\AppData\Local\Temp\7zS63E2.tmp\firefox.exe

C:\Users\ALEXANDRE\Desktop\HousecallLauncher.exe

C:\Users\UTILIS~1\AppData\Local\Temp\7zS8406.tmp\setup.exe

C:\Users\ALEXANDRE\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [TMWebProtectTray] "C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe"

O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [LESS CITY AMEN SETUP] "C:\ProgramData\Stop Admin Blue.n67s7"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Error mail] "C:\ProgramData\Upload Bags Bags.1lq2cck"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-21-3859654755-1398547588-4027240970-1001\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (User 'ALEXANDRE')

O4 - HKUS\S-1-5-21-3859654755-1398547588-4027240970-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'ALEXANDRE')

O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Startup: YesMessenger.lnk = C:\Program Files\Prodix\YesMessenger.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: McAfee Security Scan.lnk = ?

O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O13 - Gopher Prefix:

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe

O23 - Service: Trend Micro Web Protection Add-On Service (TMWebProtect) - Trend Micro Inc. - C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe

 

--

End of file - 11145 bytes

Modifié par Alex37
Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonsoir,

 

Il n'y a rien de l'infection que tu mentionnes au début de ton topic... :P

 

On fera une analyse en ligne plus tard.

 

Télécharge Lop S&D.exe sur ton Bureau.

http://eric.71.mespages.googlepages.com/LopSD.exe

 

Ou: http://eric71.geekstogo.com/tools/LopSD.exe

 

Double-clique dessus pour lancer l'installation

Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau

Sous Vista: Clic droit/exécuter en temps qu'administrateur ***

 

Sélectionne la langue souhaitée , puis choisis l'option 1 (Recherche)

Patiente jusqu'à la fin du scan

Poste le rapport généré (C:\lopR.txt)

 

(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

 

--------------------------------------------

 

Relance Lop S&D

 

Choisis cette fois ci l'Option 2 (Suppression)

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré (C:\lopR.txt)

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

 

@++

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...