Problème provoqué par SecurityTool

[maximilio]

Bonjour,

 

SecurityTool s'est installé sur mon ordinateur.

 

J'ai lancé Malwarebytes'Anti-Malware, lequel a partiellement supprimé SecurityTool.

 

Grâce à cette action, j'accède à nouveau à mon bureau.

 

Néanmoins, je pense que SecurityTool est toujours actif du fait qu'un raccourci de ce fichier est toujours présent sur mon bureau.

 

Je cherche donc à le supprimer totalement.

 

Je vous envoie ci-dessous un rapport d'HijackThis.

 

D'avance merci pour votre aide :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:57:11, on 19/02/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WgaTray.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\SpeedFan\speedfan.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Lydie et François\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/go.php?verb=register-home&lang=fre

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

 

--

End of file - 2334 bytes

[pear]

Bonsoir,

votre rapport est bien court et trop peu bavard.

 

 

Téléchargez les logiciels suivants pour les lancer l'un après l'autre.

Vous en posterez les rapports ensuite, en fin de procédures

 

Télécharger load_tdsskiller de Loup Blanc sur le Bureau

Cet outil est conçu pour automatiser différentes tâches proposées par TDSSKiller, un fix de Kaspersky.

• Lancer load_tdsskiller en double-cliquant dessus :
  l'outil va se connecter au Net pour télécharger une copie à jour de TDSSKiller et lancer le scan
  
• Un message dans la fenêtre noire d'invite de commande vous demandera d'appuyer sur une touche pour continuer
  
• Le rapport s'affichera automatiquement : copier-coller son contenu dans la prochaine réponse
  (le fichier est également présent ici : C:\tdsskiller\report.txt)
  
• Redémarrer le PC
  

 

rkill.comTélécharger Rkill de Grinler sur le bureau,

double clic pour le lancer.

Sous Vista, faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur"

Une fenêtre (très rapide) indiquera que tout s'est bien déroulé.

Pour Vista, faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

il y aura 'un rapport là: %SystemDrive%\rkill.log

donnant la liste de tous les processus arrêtés.

 

Désinstallez Mbam, s'il est installé

Téléchargez MBAM

 

Branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)

Vous devez désactiver vos protections et ne savez pas comment faire

 

Sur Bleeping Computers en Anglais:

 

Sur PCA,En Français

* Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet)

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

Vérifiez que les options Update et Launch soient cochées

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue..

* Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:

Si le pare-feu demande l'autorisation à MBAM de se connecter, acceptez.

* Une fois la mise à jour terminée, allez dans l'onglet Recherche.

* Sélectionnez "Exécuter un examen complet"

* Cliquez sur "Rechercher"

* .L' analyse prendra un certain temps, soyez patient !

* A la fin , un message affichera :

L'examen s'est terminé normalement.

 

*Si MBAM n'a rien trouvé, il le dira aussi.

Cliquez sur "Ok" pour poursuivre.

*Fermez les navigateurs.

Cliquez sur Afficher les résultats .

 

*Sélectionnez tout et cliquez sur Supprimer la sélection ,

MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

* Copiez-collez ce rapport dans la prochaine réponse.

[maximilio]

Bonjour,

 

J'ai téléchargé les deux programmes.

 

Je recontre toutefois un problème :

 

Lorsque j'appuie sur une touche après que s'affiche le message "appuyer sur une touche pour continuer", le bloc-notes s'ouvre vide (!), autrement dit sans rapport.

 

Je n'explique pas ce problème.

 

@+

[maximilio]

Bonjour,

 

Voici le premier rapport recueilli dans C:\ :

 

12:07:34:000 3776 TDSS rootkit removing tool 2.2.4 Feb 15 2010 19:38:31

12:07:34:000 3776 ================================================================================

12:07:34:000 3776 SystemInfo:

 

12:07:34:000 3776 OS Version: 5.1.2600 ServicePack: 2.0

12:07:34:000 3776 Product type: Workstation

12:07:34:000 3776 ComputerName: PRINCIPAL

12:07:34:000 3776 UserName: Lydie et François

12:07:34:000 3776 Windows directory: C:\WINDOWS

12:07:34:000 3776 Processor architecture: Intel x86

12:07:34:000 3776 Number of processors: 1

12:07:34:000 3776 Page size: 0x1000

12:07:34:000 3776 Boot type: Normal boot

12:07:34:000 3776 ================================================================================

12:07:34:000 3776 UnloadDriverW: NtUnloadDriver error 2

12:07:34:000 3776 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

12:07:34:000 3776 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000

12:07:34:015 3776 UtilityInit: KLMD drop and load success

12:07:34:015 3776 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)

12:07:34:015 3776 UtilityInit: KLMD open success

12:07:34:015 3776 UtilityInit: Initialize success

12:07:34:015 3776

12:07:34:015 3776 Scanning Services ...

12:07:34:015 3776 CreateRegParser: Registry parser init started

12:07:34:015 3776 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127

12:07:34:015 3776 CreateRegParser: DisableWow64Redirection error

12:07:34:015 3776 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system

12:07:34:015 3776 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043

12:07:34:015 3776 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

12:07:34:015 3776 wfopen_ex: Trying to KLMD file open

12:07:34:015 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system

12:07:34:015 3776 wfopen_ex: File opened ok (Flags 2)

12:07:34:015 3776 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 9C4A48

12:07:34:015 3776 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software

12:07:34:015 3776 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043

12:07:34:015 3776 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

12:07:34:015 3776 wfopen_ex: Trying to KLMD file open

12:07:34:015 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software

12:07:34:015 3776 wfopen_ex: File opened ok (Flags 2)

12:07:34:015 3776 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 9C4AB0

12:07:34:015 3776 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127

12:07:34:015 3776 CreateRegParser: EnableWow64Redirection error

12:07:34:015 3776 CreateRegParser: RegParser init completed

12:07:34:328 3776 GetAdvancedServicesInfo: Raw services enum returned 264 services

12:07:34:328 3776 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system

12:07:34:328 3776 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software

12:07:34:328 3776

12:07:34:328 3776 Scanning Kernel memory ...

12:07:34:328 3776 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk

12:07:34:328 3776 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 83FCDD00

12:07:34:328 3776 DetectCureTDL3: KLMD_GetDeviceObjectList returned 5 DevObjects

12:07:34:328 3776

12:07:34:328 3776 DetectCureTDL3: DEVICE_OBJECT: 83FD1C68

12:07:34:328 3776 KLMD_GetLowerDeviceObject: Trying to get lower device object for 83FD1C68

12:07:34:328 3776 KLMD_ReadMem: Trying to ReadMemory 0x83FD1C68[0x38]

12:07:34:328 3776 DetectCureTDL3: DRIVER_OBJECT: 83FCDD00

12:07:34:328 3776 KLMD_ReadMem: Trying to ReadMemory 0x83FCDD00[0xA8]

12:07:34:328 3776 KLMD_ReadMem: Trying to ReadMemory 0xE12FEC40[0x18]

12:07:34:328 3776 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_CREATE : F7540C30

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FB8DE

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_CLOSE : F7540C30

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_READ : F753AD9B

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_WRITE : F753AD9B

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FB8DE

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FB8DE

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FB8DE

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_SET_EA : 804FB8DE

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F753B366

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FB8DE

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FB8DE

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FB8DE

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FB8DE

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F753B44D

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F753EFC3

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_SHUTDOWN : F753B366

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FB8DE

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_CLEANUP : 804FB8DE

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FB8DE

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FB8DE

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FB8DE

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_POWER : F753CEF3

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F7541A24

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FB8DE

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FB8DE

12:07:34:328 3776 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FB8DE

12:07:34:328 3776 TDL3_FileDetect: Processing driver: Disk

12:07:34:328 3776 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

12:07:34:328 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

12:07:34:343 3776 TDL3_FileDetect: Processing driver: Disk

12:07:34:343 3776 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

12:07:34:343 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

12:07:34:343 3776 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

12:07:34:343 3776

12:07:34:343 3776 DetectCureTDL3: DEVICE_OBJECT: 83FD1030

12:07:34:343 3776 KLMD_GetLowerDeviceObject: Trying to get lower device object for 83FD1030

12:07:34:343 3776 KLMD_ReadMem: Trying to ReadMemory 0x83FD1030[0x38]

12:07:34:343 3776 DetectCureTDL3: DRIVER_OBJECT: 83FCDD00

12:07:34:343 3776 KLMD_ReadMem: Trying to ReadMemory 0x83FCDD00[0xA8]

12:07:34:343 3776 KLMD_ReadMem: Trying to ReadMemory 0xE12FEC40[0x18]

12:07:34:343 3776 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_CREATE : F7540C30

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FB8DE

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_CLOSE : F7540C30

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_READ : F753AD9B

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_WRITE : F753AD9B

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FB8DE

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FB8DE

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FB8DE

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_SET_EA : 804FB8DE

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F753B366

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FB8DE

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FB8DE

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FB8DE

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FB8DE

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F753B44D

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F753EFC3

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_SHUTDOWN : F753B366

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FB8DE

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_CLEANUP : 804FB8DE

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FB8DE

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FB8DE

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FB8DE

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_POWER : F753CEF3

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F7541A24

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FB8DE

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FB8DE

12:07:34:343 3776 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FB8DE

12:07:34:343 3776 TDL3_FileDetect: Processing driver: Disk

12:07:34:343 3776 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

12:07:34:343 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

12:07:34:343 3776 TDL3_FileDetect: Processing driver: Disk

12:07:34:343 3776 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

12:07:34:343 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

12:07:34:359 3776 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

12:07:34:359 3776

12:07:34:359 3776 DetectCureTDL3: DEVICE_OBJECT: 83FD28A0

12:07:34:359 3776 KLMD_GetLowerDeviceObject: Trying to get lower device object for 83FD28A0

12:07:34:359 3776 KLMD_ReadMem: Trying to ReadMemory 0x83FD28A0[0x38]

12:07:34:359 3776 DetectCureTDL3: DRIVER_OBJECT: 83FCDD00

12:07:34:359 3776 KLMD_ReadMem: Trying to ReadMemory 0x83FCDD00[0xA8]

12:07:34:359 3776 KLMD_ReadMem: Trying to ReadMemory 0xE12FEC40[0x18]

12:07:34:359 3776 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CREATE : F7540C30

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CLOSE : F7540C30

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_READ : F753AD9B

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_WRITE : F753AD9B

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_EA : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F753B366

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F753B44D

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F753EFC3

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SHUTDOWN : F753B366

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CLEANUP : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_POWER : F753CEF3

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F7541A24

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FB8DE

12:07:34:359 3776 TDL3_FileDetect: Processing driver: Disk

12:07:34:359 3776 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

12:07:34:359 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

12:07:34:359 3776 TDL3_FileDetect: Processing driver: Disk

12:07:34:359 3776 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

12:07:34:359 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

12:07:34:359 3776 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

12:07:34:359 3776

12:07:34:359 3776 DetectCureTDL3: DEVICE_OBJECT: 83FD2C68

12:07:34:359 3776 KLMD_GetLowerDeviceObject: Trying to get lower device object for 83FD2C68

12:07:34:359 3776 KLMD_ReadMem: Trying to ReadMemory 0x83FD2C68[0x38]

12:07:34:359 3776 DetectCureTDL3: DRIVER_OBJECT: 83FCDD00

12:07:34:359 3776 KLMD_ReadMem: Trying to ReadMemory 0x83FCDD00[0xA8]

12:07:34:359 3776 KLMD_ReadMem: Trying to ReadMemory 0xE12FEC40[0x18]

12:07:34:359 3776 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CREATE : F7540C30

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CLOSE : F7540C30

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_READ : F753AD9B

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_WRITE : F753AD9B

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_EA : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F753B366

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F753B44D

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F753EFC3

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SHUTDOWN : F753B366

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CLEANUP : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_POWER : F753CEF3

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F7541A24

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FB8DE

12:07:34:359 3776 TDL3_FileDetect: Processing driver: Disk

12:07:34:359 3776 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

12:07:34:359 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

12:07:34:359 3776 TDL3_FileDetect: Processing driver: Disk

12:07:34:359 3776 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

12:07:34:359 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

12:07:34:359 3776 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

12:07:34:359 3776

12:07:34:359 3776 DetectCureTDL3: DEVICE_OBJECT: 83FCC030

12:07:34:359 3776 KLMD_GetLowerDeviceObject: Trying to get lower device object for 83FCC030

12:07:34:359 3776 DetectCureTDL3: DEVICE_OBJECT: 83F88F18

12:07:34:359 3776 KLMD_GetLowerDeviceObject: Trying to get lower device object for 83F88F18

12:07:34:359 3776 DetectCureTDL3: DEVICE_OBJECT: 83F8B4E0

12:07:34:359 3776 KLMD_GetLowerDeviceObject: Trying to get lower device object for 83F8B4E0

12:07:34:359 3776 KLMD_ReadMem: Trying to ReadMemory 0x83F8B4E0[0x38]

12:07:34:359 3776 DetectCureTDL3: DRIVER_OBJECT: 83F8BC28

12:07:34:359 3776 KLMD_ReadMem: Trying to ReadMemory 0x83F8BC28[0xA8]

12:07:34:359 3776 KLMD_ReadMem: Trying to ReadMemory 0xE12FED10[0x1A]

12:07:34:359 3776 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CREATE : F7446572

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CLOSE : F7446572

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_READ : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_WRITE : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_EA : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_EA : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F7446592

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F74427B4

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CLEANUP : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_POWER : F74465BC

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F744D164

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804FB8DE

12:07:34:359 3776 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804FB8DE

12:07:34:359 3776 TDL3_FileDetect: Processing driver: atapi

12:07:34:359 3776 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys

12:07:34:359 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys

12:07:34:375 3776 KLMD_ReadMem: Trying to ReadMemory 0xF74437C6[0x400]

12:07:34:375 3776 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

12:07:34:375 3776 TDL3_FileDetect: Processing driver: atapi

12:07:34:375 3776 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys

12:07:34:375 3776 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys

12:07:34:375 3776 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean

12:07:34:375 3776

12:07:34:375 3776 Completed

12:07:34:375 3776

12:07:34:375 3776 Results:

12:07:34:375 3776 Memory objects infected / cured / cured on reboot: 0 / 0 / 0

12:07:34:375 3776 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

12:07:34:375 3776 File objects infected / cured / cured on reboot: 0 / 0 / 0

12:07:34:375 3776

12:07:34:375 3776 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000

12:07:34:375 3776 UtilityDeinit: KLMD(ARK) unloaded successfully

[maximilio]

Voici le second rapport effectué par Rkill de Grinler.

 

D'avance merci pour vos conseils.

 

@+

 

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Ran as Lydie et Fran‡ois on 20/02/2010 at 12:14:38.

 

 

Processes terminated by Rkill or while it was running:

 

 

C:\Documents and Settings\Lydie et François\Local Settings\Temporary Internet Files\Content.IE5\W5WLM34T\rkill[1].com

 

 

Rkill completed on 20/02/2010 at 12:14:41.