Bonjour, Je suis infecté par le virus Malware Defense qui me propose d'acheter sa version payante mais qui est en fait un virus, mais je ne sait pas comment m'en débarrasser. Merci de votre aide Rapport Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:07:10, on 2010-01-15 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cls_pack.exe C:\Program Files\LimeWire\LimeWire.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhlp64.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe C:\WINDOWS\system32\SearchIndexer.exe c:\program files\lenovo\system update\suservice.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [cls_pack.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cls_pack.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: LimeWire On Startup.lnk.disabled O4 - Global Startup: Windows Search.lnk.disabled O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://support.lenovo.com/fr/en/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/... O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/... O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe

bonsoir • Télécharge Random's System Information Tool (RSIT) de Random/Random. http://images.malwareremoval.com/random/RSIT.exe • Enregistre le sur ton Bureau. • Double clique sur RSIT.exe pour lancer l'outil. • Clique sur "Continue" à l'écran Disclaimer. • Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande) et tu devras accepter la licence. • Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp Les rapports se trouvent à cet endroit: C:\rsit\info.txt C:\rsit\log.txt

Virus Malware Defense

Réponse 21 / 27

Alex2345

Je viens d'en faire un autre

18:36:08:781 3660 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
18:36:08:781 3660 ================================================================================
18:36:08:781 3660 SystemInfo:

18:36:08:781 3660 OS Version: 5.1.2600 ServicePack: 3.0
18:36:08:781 3660 Product type: Workstation
18:36:08:781 3660 ComputerName: IBM-0D2F2C11BCC
18:36:08:781 3660 UserName: Administrateur
18:36:08:781 3660 Windows directory: C:\WINDOWS
18:36:08:781 3660 Processor architecture: Intel x86
18:36:08:781 3660 Number of processors: 2
18:36:08:781 3660 Page size: 0x1000
18:36:08:781 3660 Boot type: Normal boot
18:36:08:781 3660 ================================================================================
18:36:08:796 3660 UnloadDriverW: NtUnloadDriver error 2
18:36:08:796 3660 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
18:36:08:796 3660 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
18:36:08:796 3660 UtilityInit: KLMD drop and load success
18:36:08:796 3660 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
18:36:08:796 3660 UtilityInit: KLMD open success
18:36:08:796 3660 UtilityInit: Initialize success
18:36:08:796 3660
18:36:08:796 3660 Scanning Services ...
18:36:08:796 3660 CreateRegParser: Registry parser init started
18:36:08:796 3660 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
18:36:08:796 3660 CreateRegParser: DisableWow64Redirection error
18:36:08:796 3660 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
18:36:08:796 3660 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
18:36:08:796 3660 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
18:36:08:796 3660 wfopen_ex: Trying to KLMD file open
18:36:08:796 3660 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
18:36:08:796 3660 wfopen_ex: File opened ok (Flags 2)
18:36:08:796 3660 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 384B40
18:36:08:796 3660 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
18:36:08:796 3660 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
18:36:08:796 3660 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
18:36:08:796 3660 wfopen_ex: Trying to KLMD file open
18:36:08:796 3660 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
18:36:08:796 3660 wfopen_ex: File opened ok (Flags 2)
18:36:08:796 3660 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 384BA8
18:36:08:796 3660 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
18:36:08:796 3660 CreateRegParser: EnableWow64Redirection error
18:36:08:796 3660 CreateRegParser: RegParser init completed
18:36:09:156 3660 GetAdvancedServicesInfo: Raw services enum returned 335 services
18:36:09:171 3660 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
18:36:09:171 3660 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
18:36:09:171 3660
18:36:09:171 3660 Scanning Kernel memory ...
18:36:09:171 3660 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
18:36:09:171 3660 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8636CA08
18:36:09:171 3660 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
18:36:09:171 3660
18:36:09:171 3660 DetectCureTDL3: DEVICE_OBJECT: 863D2A50
18:36:09:171 3660 KLMD_GetLowerDeviceObject: Trying to get lower device object for 863D2A50
18:36:09:171 3660 KLMD_ReadMem: Trying to ReadMemory 0x863D2A50[0x38]
18:36:09:171 3660 DetectCureTDL3: DRIVER_OBJECT: 8636CA08
18:36:09:171 3660 KLMD_ReadMem: Trying to ReadMemory 0x8636CA08[0xA8]
18:36:09:171 3660 KLMD_ReadMem: Trying to ReadMemory 0xE13F7968[0x18]
18:36:09:171 3660 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
18:36:09:171 3660 DetectCureTDL3: IrpHandler (0) addr: F767DBB0
18:36:09:171 3660 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (2) addr: F767DBB0
18:36:09:171 3660 DetectCureTDL3: IrpHandler (3) addr: F7677D1F
18:36:09:171 3660 DetectCureTDL3: IrpHandler (4) addr: F7677D1F
18:36:09:171 3660 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (9) addr: F76782E2
18:36:09:171 3660 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (14) addr: F76783BB
18:36:09:171 3660 DetectCureTDL3: IrpHandler (15) addr: F767BF28
18:36:09:171 3660 DetectCureTDL3: IrpHandler (16) addr: F76782E2
18:36:09:171 3660 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (22) addr: F7679C82
18:36:09:171 3660 DetectCureTDL3: IrpHandler (23) addr: F767E99E
18:36:09:171 3660 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:36:09:171 3660 TDL3_FileDetect: Processing driver: Disk
18:36:09:171 3660 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
18:36:09:171 3660 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
18:36:09:187 3660 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
18:36:09:187 3660
18:36:09:187 3660 DetectCureTDL3: DEVICE_OBJECT: 86376AB8
18:36:09:187 3660 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86376AB8
18:36:09:187 3660 DetectCureTDL3: DEVICE_OBJECT: 8637DF18
18:36:09:187 3660 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8637DF18
18:36:09:187 3660 DetectCureTDL3: DEVICE_OBJECT: 863D5D98
18:36:09:187 3660 KLMD_GetLowerDeviceObject: Trying to get lower device object for 863D5D98
18:36:09:187 3660 KLMD_ReadMem: Trying to ReadMemory 0x863D5D98[0x38]
18:36:09:187 3660 DetectCureTDL3: DRIVER_OBJECT: 8637FAC0
18:36:09:187 3660 KLMD_ReadMem: Trying to ReadMemory 0x8637FAC0[0xA8]
18:36:09:187 3660 KLMD_ReadMem: Trying to ReadMemory 0xE1024260[0x1A]
18:36:09:187 3660 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
18:36:09:187 3660 DetectCureTDL3: IrpHandler (0) addr: F74936F2
18:36:09:187 3660 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (2) addr: F74936F2
18:36:09:187 3660 DetectCureTDL3: IrpHandler (3) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (4) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (9) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (14) addr: F7493712
18:36:09:187 3660 DetectCureTDL3: IrpHandler (15) addr: F748F852
18:36:09:187 3660 DetectCureTDL3: IrpHandler (16) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (22) addr: F749373C
18:36:09:187 3660 DetectCureTDL3: IrpHandler (23) addr: F749A336
18:36:09:187 3660 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:36:09:187 3660 KLMD_ReadMem: Trying to ReadMemory 0xF7490864[0x400]
18:36:09:187 3660 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
18:36:09:187 3660 TDL3_FileDetect: Processing driver: atapi
18:36:09:187 3660 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
18:36:09:187 3660 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
18:36:09:203 3660 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
18:36:09:203 3660
18:36:09:203 3660 Completed
18:36:09:203 3660
18:36:09:203 3660 Results:
18:36:09:203 3660 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
18:36:09:203 3660 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
18:36:09:203 3660 File objects infected / cured / cured on reboot: 0 / 0 / 0
18:36:09:203 3660
18:36:09:203 3660 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
18:36:09:203 3660 UtilityDeinit: KLMD(ARK) unloaded successfully

Réponse 22 / 27

moment de grace Messages postés 29099 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 274

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\drivers\klmd.sys

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si tu ne trouves pas le fichier alors

Affiche tous les fichiers et dossiers :

Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Cocher afficher les dossiers cachés

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu

Puis fais «appliquer» pour valider les changements.

Et OK

Réponse 23 / 27

alex2345

Je ne pourrais pas le faire pour le moments puisqu'il ne sagisssait pas de mon ordi...

Je posterais dès que ce sera fait...

Merci de ton aide et de ton temps

Réponse 24 / 27

alex2345

Je ne trouve pas le fichier klmd.sys

Réponse 25 / 27

moment de grace Messages postés 29099 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 274

as tu affiché les dossiers et fichiers cachés

Réponse 26 / 27

alex2345

Oui, mais je ne le trouve pas quand même

Réponse 27 / 27

moment de grace Messages postés 29099 Date d'inscription Statut Contributeur sécurité Dernière intervention 2 274

ok

comment va le pc ?

Virus Malware Defense - Page 2

Discussions similaires

Newsletters