AXWIN FRame Windows: svchost.exe - Erreur App

Nebulus -  
moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

A8400 3,0Ghz
2 Go RAM
GTX 275
500Go + 1To

Je n'avais aucun problème hier soir, je n'ai fais aucune installation entre temps, mais ce soir en allumant mon PC, mon windows XP se lance, hélas après quelques minutes (même sans le toucher), un popup avec le message suivant apparait :

----------------------------------------------------------------
AXWIN FRame Windows: svchost.exe - Erreur d'application

L'instruction à "0x0301f7a0" emploie l'adresse mémoire "0x0301f7a0". La mémoire ne peut pas être "written".

Cliquez sur OK pour terminer le programme.
Cliquez sur Annuler pour déboguer le programme.
----------------------------------------------------------------

Si je ne touche pas il ne se passe rien (je laisse le popup dans un coin) le PC marche normalement, par contre si je clique sur OK ou ANNULER, après un cours laps de temps, la barre de tache se remet en format windows classic, mon son saute de plus je ne peux plus éteindre windows, obligé de faire ça en "hard" ou de "reset".

J'ai deja passé Avira Antivir mis à jour. Aucun résultat.
Spybot, Aucun résultat.
CCLeaner, pour les fichier temp et les bases de registre, le problème reviens quand même.

Je ne sais plus quoi faire, je veux absolement éviter de réinstaller windows, je possède trop de chose sur le le disque C et plus de place sur le disque D.

Par avance merci !

Voici un log HiJackThis.exe au cas ou :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:51, on 11/02/2010
Platform: Windows XP SP3, v.5512 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
F2 - REG:system.ini: UserInit=\\.\globalroot\systemroot\system32\userinit.exe,
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\OUTPOS~1\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Jeux\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cliché instantané de volume VSSSchedule (VSSSchedule) - Unknown owner - .exe (file missing)

--
End of file - 4302 bytes
Configuration: Windows XP Internet Explorer 7.0

12 réponses

  1. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    bonjour

    • Télécharge load_tdsskiller (de Loup Blanc) sur ton Bureau

    http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe

    • Lance load_tdsskiller en faisant un double-clic dessus / Lance par un clic-droit dessus → Exécuter en temps qu'administrateur
    • L'outil va se connecter pour télécharger une copie à jour de TDSSKiller, puis va lancer une analyse
    • A la fin, il te sera demandé d'appuyer sur une touche, puis le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (C:\tdsskiller\report.txt)

    0
  2. Nebulus
     
    Bonjour,

    Voila :

    21:25:44:546 2916 TDSS rootkit removing tool 2.2.3 Feb 4 2010 14:34:00
    21:25:44:546 2916 ================================================================================
    21:25:44:546 2916 SystemInfo:

    21:25:44:546 2916 OS Version: 5.1.2600 ServicePack: 3.0
    21:25:44:546 2916 Product type: Workstation
    21:25:44:546 2916 ComputerName: WINDOWS-F318F31
    21:25:44:546 2916 UserName: Administrateur
    21:25:44:546 2916 Windows directory: C:\WINDOWS
    21:25:44:546 2916 Processor architecture: Intel x86
    21:25:44:546 2916 Number of processors: 2
    21:25:44:546 2916 Page size: 0x1000
    21:25:44:546 2916 Boot type: Normal boot
    21:25:44:546 2916 ================================================================================
    21:25:44:546 2916 UnloadDriverW: NtUnloadDriver error 2
    21:25:44:546 2916 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
    21:25:44:546 2916 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
    21:25:44:546 2916 UtilityInit: KLMD drop and load success
    21:25:44:546 2916 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)
    21:25:44:546 2916 UtilityInit: KLMD open success
    21:25:44:546 2916 UtilityInit: Initialize success
    21:25:44:546 2916
    21:25:44:546 2916 Scanning Services ...
    21:25:44:546 2916 CreateRegParser: Registry parser init started
    21:25:44:546 2916 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
    21:25:44:546 2916 CreateRegParser: DisableWow64Redirection error
    21:25:44:546 2916 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
    21:25:44:546 2916 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
    21:25:44:546 2916 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
    21:25:44:546 2916 wfopen_ex: Trying to KLMD file open
    21:25:44:546 2916 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
    21:25:44:546 2916 wfopen_ex: File opened ok (Flags 2)
    21:25:44:546 2916 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: A94C58
    21:25:44:546 2916 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
    21:25:44:546 2916 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
    21:25:44:546 2916 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
    21:25:44:546 2916 wfopen_ex: Trying to KLMD file open
    21:25:44:546 2916 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
    21:25:44:546 2916 wfopen_ex: File opened ok (Flags 2)
    21:25:44:546 2916 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: A94D00
    21:25:44:546 2916 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
    21:25:44:546 2916 CreateRegParser: EnableWow64Redirection error
    21:25:44:546 2916 CreateRegParser: RegParser init completed
    21:25:44:953 2916 GetAdvancedServicesInfo: Raw services enum returned 304 services
    21:25:44:953 2916 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
    21:25:44:953 2916 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
    21:25:44:953 2916
    21:25:44:953 2916 Scanning Kernel memory ...
    21:25:44:953 2916 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
    21:25:44:953 2916 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 89DFAC50
    21:25:44:953 2916 DetectCureTDL3: KLMD_GetDeviceObjectList returned 4 DevObjects
    21:25:44:953 2916
    21:25:44:953 2916 DetectCureTDL3: DEVICE_OBJECT: 89D68838
    21:25:44:953 2916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D68838
    21:25:44:953 2916 KLMD_ReadMem: Trying to ReadMemory 0x89D68838[0x38]
    21:25:44:953 2916 DetectCureTDL3: DRIVER_OBJECT: 89DFAC50
    21:25:44:953 2916 KLMD_ReadMem: Trying to ReadMemory 0x89DFAC50[0xA8]
    21:25:44:953 2916 KLMD_ReadMem: Trying to ReadMemory 0xE1014B90[0x18]
    21:25:44:953 2916 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (0) addr: B80EEBB0
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (1) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (2) addr: B80EEBB0
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (3) addr: B80E8D1F
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (4) addr: B80E8D1F
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (5) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (6) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (7) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (8) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (9) addr: B80E92E2
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (10) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (11) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (12) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (13) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (14) addr: B80E93BB
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (15) addr: B80ECF28
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (16) addr: B80E92E2
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (17) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (18) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (19) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (20) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (21) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (22) addr: B80EAC82
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (23) addr: B80EF99E
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (24) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (25) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (26) addr: 804F4552
    21:25:44:953 2916 TDL3_FileDetect: Processing driver: Disk
    21:25:44:953 2916 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
    21:25:44:953 2916 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
    21:25:44:953 2916 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
    21:25:44:953 2916
    21:25:44:953 2916 DetectCureTDL3: DEVICE_OBJECT: 89D66C68
    21:25:44:953 2916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D66C68
    21:25:44:953 2916 KLMD_ReadMem: Trying to ReadMemory 0x89D66C68[0x38]
    21:25:44:953 2916 DetectCureTDL3: DRIVER_OBJECT: 89DFAC50
    21:25:44:953 2916 KLMD_ReadMem: Trying to ReadMemory 0x89DFAC50[0xA8]
    21:25:44:953 2916 KLMD_ReadMem: Trying to ReadMemory 0xE1014B90[0x18]
    21:25:44:953 2916 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (0) addr: B80EEBB0
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (1) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (2) addr: B80EEBB0
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (3) addr: B80E8D1F
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (4) addr: B80E8D1F
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (5) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (6) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (7) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (8) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (9) addr: B80E92E2
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (10) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (11) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (12) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (13) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (14) addr: B80E93BB
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (15) addr: B80ECF28
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (16) addr: B80E92E2
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (17) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (18) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (19) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (20) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (21) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (22) addr: B80EAC82
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (23) addr: B80EF99E
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (24) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (25) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (26) addr: 804F4552
    21:25:44:953 2916 TDL3_FileDetect: Processing driver: Disk
    21:25:44:953 2916 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
    21:25:44:953 2916 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
    21:25:44:953 2916 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
    21:25:44:953 2916
    21:25:44:953 2916 DetectCureTDL3: DEVICE_OBJECT: 89DF2AB8
    21:25:44:953 2916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89DF2AB8
    21:25:44:953 2916 DetectCureTDL3: DEVICE_OBJECT: 89D683B8
    21:25:44:953 2916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D683B8
    21:25:44:953 2916 DetectCureTDL3: DEVICE_OBJECT: 89DEED98
    21:25:44:953 2916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89DEED98
    21:25:44:953 2916 KLMD_ReadMem: Trying to ReadMemory 0x89DEED98[0x38]
    21:25:44:953 2916 DetectCureTDL3: DRIVER_OBJECT: 89E4E9C8
    21:25:44:953 2916 KLMD_ReadMem: Trying to ReadMemory 0x89E4E9C8[0xA8]
    21:25:44:968 2916 KLMD_ReadMem: Trying to ReadMemory 0xE1477428[0x1A]
    21:25:44:968 2916 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (0) addr: B7F146F2
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (1) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (2) addr: B7F146F2
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (3) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (4) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (5) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (6) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (7) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (8) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (9) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (10) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (11) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (12) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (13) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (14) addr: B7F14712
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (15) addr: B7F10852
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (16) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (17) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (18) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (19) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (20) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (21) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (22) addr: B7F1473C
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (23) addr: B7F1B336
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (24) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (25) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (26) addr: 804F4552
    21:25:44:968 2916 KLMD_ReadMem: Trying to ReadMemory 0xB7F11864[0x400]
    21:25:44:968 2916 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
    21:25:44:968 2916 TDL3_FileDetect: Processing driver: atapi
    21:25:44:968 2916 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
    21:25:44:968 2916 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys
    21:25:44:968 2916 TDL3_FileDetect: C:\WINDOWS\system32\drivers\atapi.sys - Verdict: Clean
    21:25:44:968 2916
    21:25:44:968 2916 DetectCureTDL3: DEVICE_OBJECT: 89E5C8F0
    21:25:44:968 2916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89E5C8F0
    21:25:44:968 2916 DetectCureTDL3: DEVICE_OBJECT: 89E45F18
    21:25:44:968 2916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89E45F18
    21:25:44:968 2916 DetectCureTDL3: DEVICE_OBJECT: 89D67D98
    21:25:44:968 2916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D67D98
    21:25:44:968 2916 KLMD_ReadMem: Trying to ReadMemory 0x89D67D98[0x38]
    21:25:44:968 2916 DetectCureTDL3: DRIVER_OBJECT: 89E4E9C8
    21:25:44:968 2916 KLMD_ReadMem: Trying to ReadMemory 0x89E4E9C8[0xA8]
    21:25:44:968 2916 KLMD_ReadMem: Trying to ReadMemory 0xE1477428[0x1A]
    21:25:44:968 2916 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (0) addr: B7F146F2
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (1) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (2) addr: B7F146F2
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (3) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (4) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (5) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (6) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (7) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (8) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (9) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (10) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (11) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (12) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (13) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (14) addr: B7F14712
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (15) addr: B7F10852
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (16) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (17) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (18) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (19) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (20) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (21) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (22) addr: B7F1473C
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (23) addr: B7F1B336
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (24) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (25) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (26) addr: 804F4552
    21:25:44:968 2916 KLMD_ReadMem: Trying to ReadMemory 0xB7F11864[0x400]
    21:25:44:968 2916 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
    21:25:44:968 2916 TDL3_FileDetect: Processing driver: atapi
    21:25:44:968 2916 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
    21:25:44:968 2916 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys
    21:25:44:968 2916 TDL3_FileDetect: C:\WINDOWS\system32\drivers\atapi.sys - Verdict: Clean
    21:25:44:968 2916
    21:25:44:968 2916 Completed
    21:25:44:968 2916
    21:25:44:968 2916 Results:
    21:25:44:968 2916 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
    21:25:44:968 2916 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
    21:25:44:968 2916 File objects infected / cured / cured on reboot: 0 / 0 / 0
    21:25:44:968 2916
    21:25:44:968 2916 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
    21:25:44:968 2916 UtilityDeinit: KLMD(ARK) unloaded successfully

    Merci.
    0
  3. Nebulus
     
    Bonjour,

    Voila :

    21:25:44:546 2916 TDSS rootkit removing tool 2.2.3 Feb 4 2010 14:34:00
    21:25:44:546 2916 ================================================================================
    21:25:44:546 2916 SystemInfo:

    21:25:44:546 2916 OS Version: 5.1.2600 ServicePack: 3.0
    21:25:44:546 2916 Product type: Workstation
    21:25:44:546 2916 ComputerName: WINDOWS-F318F31
    21:25:44:546 2916 UserName: Administrateur
    21:25:44:546 2916 Windows directory: C:\WINDOWS
    21:25:44:546 2916 Processor architecture: Intel x86
    21:25:44:546 2916 Number of processors: 2
    21:25:44:546 2916 Page size: 0x1000
    21:25:44:546 2916 Boot type: Normal boot
    21:25:44:546 2916 ================================================================================
    21:25:44:546 2916 UnloadDriverW: NtUnloadDriver error 2
    21:25:44:546 2916 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
    21:25:44:546 2916 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
    21:25:44:546 2916 UtilityInit: KLMD drop and load success
    21:25:44:546 2916 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)
    21:25:44:546 2916 UtilityInit: KLMD open success
    21:25:44:546 2916 UtilityInit: Initialize success
    21:25:44:546 2916
    21:25:44:546 2916 Scanning Services ...
    21:25:44:546 2916 CreateRegParser: Registry parser init started
    21:25:44:546 2916 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
    21:25:44:546 2916 CreateRegParser: DisableWow64Redirection error
    21:25:44:546 2916 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
    21:25:44:546 2916 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
    21:25:44:546 2916 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
    21:25:44:546 2916 wfopen_ex: Trying to KLMD file open
    21:25:44:546 2916 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
    21:25:44:546 2916 wfopen_ex: File opened ok (Flags 2)
    21:25:44:546 2916 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: A94C58
    21:25:44:546 2916 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
    21:25:44:546 2916 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
    21:25:44:546 2916 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
    21:25:44:546 2916 wfopen_ex: Trying to KLMD file open
    21:25:44:546 2916 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
    21:25:44:546 2916 wfopen_ex: File opened ok (Flags 2)
    21:25:44:546 2916 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: A94D00
    21:25:44:546 2916 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
    21:25:44:546 2916 CreateRegParser: EnableWow64Redirection error
    21:25:44:546 2916 CreateRegParser: RegParser init completed
    21:25:44:953 2916 GetAdvancedServicesInfo: Raw services enum returned 304 services
    21:25:44:953 2916 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
    21:25:44:953 2916 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
    21:25:44:953 2916
    21:25:44:953 2916 Scanning Kernel memory ...
    21:25:44:953 2916 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
    21:25:44:953 2916 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 89DFAC50
    21:25:44:953 2916 DetectCureTDL3: KLMD_GetDeviceObjectList returned 4 DevObjects
    21:25:44:953 2916
    21:25:44:953 2916 DetectCureTDL3: DEVICE_OBJECT: 89D68838
    21:25:44:953 2916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D68838
    21:25:44:953 2916 KLMD_ReadMem: Trying to ReadMemory 0x89D68838[0x38]
    21:25:44:953 2916 DetectCureTDL3: DRIVER_OBJECT: 89DFAC50
    21:25:44:953 2916 KLMD_ReadMem: Trying to ReadMemory 0x89DFAC50[0xA8]
    21:25:44:953 2916 KLMD_ReadMem: Trying to ReadMemory 0xE1014B90[0x18]
    21:25:44:953 2916 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (0) addr: B80EEBB0
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (1) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (2) addr: B80EEBB0
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (3) addr: B80E8D1F
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (4) addr: B80E8D1F
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (5) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (6) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (7) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (8) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (9) addr: B80E92E2
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (10) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (11) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (12) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (13) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (14) addr: B80E93BB
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (15) addr: B80ECF28
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (16) addr: B80E92E2
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (17) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (18) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (19) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (20) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (21) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (22) addr: B80EAC82
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (23) addr: B80EF99E
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (24) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (25) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (26) addr: 804F4552
    21:25:44:953 2916 TDL3_FileDetect: Processing driver: Disk
    21:25:44:953 2916 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
    21:25:44:953 2916 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
    21:25:44:953 2916 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
    21:25:44:953 2916
    21:25:44:953 2916 DetectCureTDL3: DEVICE_OBJECT: 89D66C68
    21:25:44:953 2916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D66C68
    21:25:44:953 2916 KLMD_ReadMem: Trying to ReadMemory 0x89D66C68[0x38]
    21:25:44:953 2916 DetectCureTDL3: DRIVER_OBJECT: 89DFAC50
    21:25:44:953 2916 KLMD_ReadMem: Trying to ReadMemory 0x89DFAC50[0xA8]
    21:25:44:953 2916 KLMD_ReadMem: Trying to ReadMemory 0xE1014B90[0x18]
    21:25:44:953 2916 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (0) addr: B80EEBB0
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (1) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (2) addr: B80EEBB0
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (3) addr: B80E8D1F
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (4) addr: B80E8D1F
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (5) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (6) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (7) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (8) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (9) addr: B80E92E2
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (10) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (11) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (12) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (13) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (14) addr: B80E93BB
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (15) addr: B80ECF28
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (16) addr: B80E92E2
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (17) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (18) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (19) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (20) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (21) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (22) addr: B80EAC82
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (23) addr: B80EF99E
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (24) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (25) addr: 804F4552
    21:25:44:953 2916 DetectCureTDL3: IrpHandler (26) addr: 804F4552
    21:25:44:953 2916 TDL3_FileDetect: Processing driver: Disk
    21:25:44:953 2916 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
    21:25:44:953 2916 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
    21:25:44:953 2916 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
    21:25:44:953 2916
    21:25:44:953 2916 DetectCureTDL3: DEVICE_OBJECT: 89DF2AB8
    21:25:44:953 2916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89DF2AB8
    21:25:44:953 2916 DetectCureTDL3: DEVICE_OBJECT: 89D683B8
    21:25:44:953 2916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D683B8
    21:25:44:953 2916 DetectCureTDL3: DEVICE_OBJECT: 89DEED98
    21:25:44:953 2916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89DEED98
    21:25:44:953 2916 KLMD_ReadMem: Trying to ReadMemory 0x89DEED98[0x38]
    21:25:44:953 2916 DetectCureTDL3: DRIVER_OBJECT: 89E4E9C8
    21:25:44:953 2916 KLMD_ReadMem: Trying to ReadMemory 0x89E4E9C8[0xA8]
    21:25:44:968 2916 KLMD_ReadMem: Trying to ReadMemory 0xE1477428[0x1A]
    21:25:44:968 2916 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (0) addr: B7F146F2
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (1) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (2) addr: B7F146F2
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (3) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (4) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (5) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (6) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (7) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (8) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (9) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (10) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (11) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (12) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (13) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (14) addr: B7F14712
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (15) addr: B7F10852
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (16) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (17) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (18) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (19) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (20) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (21) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (22) addr: B7F1473C
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (23) addr: B7F1B336
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (24) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (25) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (26) addr: 804F4552
    21:25:44:968 2916 KLMD_ReadMem: Trying to ReadMemory 0xB7F11864[0x400]
    21:25:44:968 2916 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
    21:25:44:968 2916 TDL3_FileDetect: Processing driver: atapi
    21:25:44:968 2916 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
    21:25:44:968 2916 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys
    21:25:44:968 2916 TDL3_FileDetect: C:\WINDOWS\system32\drivers\atapi.sys - Verdict: Clean
    21:25:44:968 2916
    21:25:44:968 2916 DetectCureTDL3: DEVICE_OBJECT: 89E5C8F0
    21:25:44:968 2916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89E5C8F0
    21:25:44:968 2916 DetectCureTDL3: DEVICE_OBJECT: 89E45F18
    21:25:44:968 2916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89E45F18
    21:25:44:968 2916 DetectCureTDL3: DEVICE_OBJECT: 89D67D98
    21:25:44:968 2916 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D67D98
    21:25:44:968 2916 KLMD_ReadMem: Trying to ReadMemory 0x89D67D98[0x38]
    21:25:44:968 2916 DetectCureTDL3: DRIVER_OBJECT: 89E4E9C8
    21:25:44:968 2916 KLMD_ReadMem: Trying to ReadMemory 0x89E4E9C8[0xA8]
    21:25:44:968 2916 KLMD_ReadMem: Trying to ReadMemory 0xE1477428[0x1A]
    21:25:44:968 2916 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (0) addr: B7F146F2
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (1) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (2) addr: B7F146F2
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (3) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (4) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (5) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (6) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (7) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (8) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (9) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (10) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (11) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (12) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (13) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (14) addr: B7F14712
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (15) addr: B7F10852
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (16) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (17) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (18) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (19) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (20) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (21) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (22) addr: B7F1473C
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (23) addr: B7F1B336
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (24) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (25) addr: 804F4552
    21:25:44:968 2916 DetectCureTDL3: IrpHandler (26) addr: 804F4552
    21:25:44:968 2916 KLMD_ReadMem: Trying to ReadMemory 0xB7F11864[0x400]
    21:25:44:968 2916 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
    21:25:44:968 2916 TDL3_FileDetect: Processing driver: atapi
    21:25:44:968 2916 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
    21:25:44:968 2916 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys
    21:25:44:968 2916 TDL3_FileDetect: C:\WINDOWS\system32\drivers\atapi.sys - Verdict: Clean
    21:25:44:968 2916
    21:25:44:968 2916 Completed
    21:25:44:968 2916
    21:25:44:968 2916 Results:
    21:25:44:968 2916 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
    21:25:44:968 2916 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
    21:25:44:968 2916 File objects infected / cured / cured on reboot: 0 / 0 / 0
    21:25:44:968 2916
    21:25:44:968 2916 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
    21:25:44:968 2916 UtilityDeinit: KLMD(ARK) unloaded successfully

    Merci.
    0
  4. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    • Télécharge Random's System Information Tool (RSIT) de Random/Random.

    (outil de diagnostic)

    http://images.malwareremoval.com/random/RSIT.exe

    • Enregistre le sur ton Bureau.

    • Double clique sur RSIT.exe pour lancer l'outil.

    • Clique sur "Continue" à l'écran Disclaimer.

    • Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande)

    et tu devras accepter la licence.

    • Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp

    Les rapports se trouvent à cet endroit:
    C:\rsit\info.txt
    C:\rsit\log.txt
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Nébulus
     
    Voila :

    info.txt logfile of random's system information tool 1.06 2010-02-11 22:03:53

    ======Uninstall list======

    -->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
    µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
    7-Zip 4.60 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
    ACDSee 32-->C:\PROGRA~1\ACDSee32\UNWISE.EXE C:\PROGRA~1\ACDSee32\INSTALL.LOG
    Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
    Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
    Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
    Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
    Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
    Any DVD Converter Professional 3.7.8-->"C:\Program Files\Any DVD Converter Professional\unins000.exe"
    Any Video Converter 2.7.6-->"C:\Program Files\Any Video Converter\unins000.exe"
    Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
    AVS Video Converter 6-->"C:\Program Files\AVSVideoConverter6\unins000.exe"
    BioShock 2-->"C:\Program Files\InstallShield Installation Information\{4A8B461A-9336-4CF9-98F4-14DD38E673F0}\setup.exe" -runfromtemp -l0x0409 -removeonly
    Borderlands-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}\setup.exe" -l0x9 -removeonly
    Call of Duty Modern Warfare 2-->"C:\Jeux\Modern Warfare 2\unins000.exe"
    CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
    ClearType Tuning Control Panel Applet-->MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
    DiRT2-->"C:\Program Files\InstallShield Installation Information\{52D1D62C-FEAB-4580-849E-1DB624BADBBD}\setup.exe" -runfromtemp -l0x040c -removeonly
    Dragon Age: Origins-->C:\Program Files\Fichiers communs\BioWare\Uninstall Dragon Age.exe
    Free PS Convert driver 8.15-->"C:\Program Files\psconvert\unins000.exe"
    GrabIt 1.7.2 Beta 4 (build 997)-->"C:\Program Files\GrabIt\unins000.exe"
    HijackThis 2.0.2-->"C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    JPEG to PDF 1.0-->"C:\Program Files\JPEG to PDF\unins000.exe"
    Kings Bounty Armored Princess-->"C:\Jeux\Kings Bounty Armored Princess\unins000.exe"
    King's Bounty. The Legend (Remove Only)-->"C:\jeux\King's Bounty. The Legend\unins000.exe"
    Left 4 Dead 2 - 2.0.0.3-->"C:\jeux\Left 4 Dead 2\unins000.exe"
    Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
    Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Mass Effect 2-->C:\Program Files\Fichiers communs\BioWare\Uninstall Mass Effect 2.exe
    Mass Effect-->C:\Program Files\Fichiers communs\BioWare\Uninstall Mass Effect.exe
    Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
    Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
    Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
    Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
    Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
    Microsoft Games for Windows - LIVE-->MsiExec.exe /X{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}
    Microsoft Office Word Viewer 2003-->MsiExec.exe /I{9085040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
    Microsoft Xbox 360 Accessories 1.1-->MsiExec.exe /X{9F5DF7FC-3AF2-4502-9084-F62FC00A5A3F}
    Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
    Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
    Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
    NCsoft Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x040c -removeonly
    Need for Speed™ SHIFT-->MsiExec.exe /X{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}
    NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
    NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
    NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
    NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
    OpenAL-->"C:\Program Files\OpenAL\OpenALwEAX.exe" /U
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_1F9DE4E49C97F59EE9F75C34E0E91E568FC9EEB2\amdk8.inf
    PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
    QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
    Rapture3D 2.3.22 Game-->"C:\Program Files\BRS\unins000.exe"
    REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -removeonly
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
    Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    STREET FIGHTER IV-->MsiExec.exe /X{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}
    SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
    Torchlight-->C:\Jeux\Torchlight\uninstall.exe
    UDPixel.exe-->"C:\Program Files\UDPixel\uninstall.exe"
    Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
    VLC media player 1.0.2-->C:\Program Files\VLC\uninstall.exe
    Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
    Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
    Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
    Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows Trust Installer-->"C:\Program Files\WTInstaller\Désinstaller.exe"
    Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
    Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
    WinRAR-->"C:\Program Files\WinRAR\uninstall.exe"
    Wow Cartographe 1.10-->C:\Program Files\WowCartographe\uninst.exe
    Zuma's Revenge!-->"C:\WINDOWS\Zuma's Revenge!\uninstall.exe" "/U:C:\Jeux\Zuma's Revenge!\Uninstall\uninstall.xml"

    ======Hosts File======

    127.0.0.1 localhost
    127.0.0.1 mpa.one.microsoft.com

    Securitycenter WMI appears to be broken

    ======System event log======

    Computer Name: WINDOWS-F318F31
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI.

    Record Number: 3393
    Source Name: Service Control Manager
    Time Written: 20091216180725.000000+060
    Event Type: Informations
    User: WINDOWS-F318F31\Administrateur

    Computer Name: WINDOWS-F318F31
    Event Code: 7036
    Message: Le service Connexions réseau est entré dans l'état : en cours d'exécution.

    Record Number: 3392
    Source Name: Service Control Manager
    Time Written: 20091216180725.000000+060
    Event Type: Informations
    User:

    Computer Name: WINDOWS-F318F31
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Connexions réseau.

    Record Number: 3391
    Source Name: Service Control Manager
    Time Written: 20091216180725.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: WINDOWS-F318F31
    Event Code: 8021
    Message: L'explorateur n'a pas pu retrouver la liste des serveurs du maître explorateur \\WINDOWS-8EFF91B sur le réseau \Device\NetBT_Tcpip_{8C7A6D50-937D-4420-8141-A52D1E2C539D}.
    La donnée est le code d'erreur.

    Record Number: 3390
    Source Name: BROWSER
    Time Written: 20091216180658.000000+060
    Event Type: Avertissement
    User:

    Computer Name: WINDOWS-F318F31
    Event Code: 17
    Message: AVGNTFLT successfully loaded

    Record Number: 3389
    Source Name: avgntflt
    Time Written: 20091216180616.000000+060
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: WINDOWS-F318F31
    Event Code: 4113
    Message: AntiVir a détecté dans le fichier
    C:\WINDOWS\temp\cxrl.tmp\svchost.exe
    un code suspect avec la désignation 'DR/Delphi.Gen'!

    Record Number: 2172
    Source Name: Avira AntiVir
    Time Written: 20100125182837.000000+060
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: WINDOWS-F318F31
    Event Code: 4113
    Message: AntiVir a détecté dans le fichier
    C:\WINDOWS\temp\wmqr.tmp\svchost.exe
    un code suspect avec la désignation 'DR/Delphi.Gen'!

    Record Number: 2171
    Source Name: Avira AntiVir
    Time Written: 20100125182218.000000+060
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: WINDOWS-F318F31
    Event Code: 4113
    Message: AntiVir a détecté dans le fichier
    C:\WINDOWS\temp\xwkb.tmp\svchost.exe
    un code suspect avec la désignation 'DR/Delphi.Gen'!

    Record Number: 2170
    Source Name: Avira AntiVir
    Time Written: 20100125181601.000000+060
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: WINDOWS-F318F31
    Event Code: 4113
    Message: AntiVir a détecté dans le fichier
    C:\WINDOWS\temp\fuxf.tmp\svchost.exe
    un code suspect avec la désignation 'DR/Delphi.Gen'!

    Record Number: 2169
    Source Name: Avira AntiVir
    Time Written: 20100125180934.000000+060
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: WINDOWS-F318F31
    Event Code: 4113
    Message: AntiVir a détecté dans le fichier
    C:\WINDOWS\temp\gqdr.tmp\svchost.exe
    un code suspect avec la désignation 'DR/Delphi.Gen'!

    Record Number: 2168
    Source Name: Avira AntiVir
    Time Written: 20100125180322.000000+060
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Adobe\AGL
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
    "PROCESSOR_REVISION"=1706
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP

    -----------------EOF-----------------

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Administrateur at 2010-02-11 22:03:49
    Microsoft Windows XP Professionnel Service Pack 3, v.5512
    System drive C: has 21 GB (4%) free of 477 GB
    Total RAM: 2046 MB (75% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:03:52, on 11/02/2010
    Platform: Windows XP SP3, v.5512 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20861)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Maxthon\Maxthon.exe
    C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
    C:\Documents and Settings\Administrateur\Bureau\Administrateur.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
    F2 - REG:system.ini: UserInit=\\.\globalroot\systemroot\system32\userinit.exe,
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Jeux\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cliché instantané de volume VSSSchedule (VSSSchedule) - Unknown owner - .exe (file missing)
    0
  7. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    ok

    1)

    Téléchargez USBFIX de El Desaparecido, C_xx

    http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
    ou
    https://www.ionos.fr/?affiliate_id=77097

    /!\ Utilisateur de vista et windows 7 :
    ne pas oublier de désactiver Le contrôle des comptes utilisateurs
    https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

    /!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

    • Double clic sur le raccourci UsbFix présent sur le bureau .

    Choisir l'option2 suppression
    (d’autres options disponibles, voir le tutoriel).
    • Laissez travailler l'outil.
    Le menu démarrer et les icônes vont disparaître.. c'est normal.

    Si un message te demande de redémarrer l'ordinateur fais le ...

    ● Au redémarrage, le fix se relance... laisses l'opération s'effectuer.

    ● Le bloc note s'ouvre avec un rapport, envoies le dans la prochaine réponse

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    • Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    • Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html

    UsbFix peut te demander d'uploader un dossier compressé à cette adresse : https://www.ionos.fr/?affiliate_id=77097

    Il est enregistré sur ton bureau.

    Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches.

    ......................

    2)

    Téléchargez MalwareByte's Anti-Malware

    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    . Enregistres le sur le bureau
    . Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
    . Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
    . Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
    . Une fois la mise à jour terminé
    . Rend-toi dans l'onglet, Recherche
    . Sélectionnes Exécuter un examen complet (examen assez long)
    . Cliques sur Rechercher
    . Le scan démarre.
    . A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    . Cliques sur Ok pour poursuivre.
    . Si des malwares ont été détectés, clique sur Afficher les résultats
    . Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
    . Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
    . Rends toi dans l'onglet rapport/log
    . Tu cliques dessus pour l'afficher, une fois affiché
    . Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
    . Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
    . tu cliques droit dans le cadre de la reponse et coller

    Si tu as besoin d'aide regarde ces tutoriels :
    Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam

    0
  8. Nébulus
     
    Re,

    J'ai fais différents cleanage et pour le moment je n'ai plus de problème, je croise les doigts, si ça reviens je fais ce que tu m'as dis avec malware bytes que j'ai deja passé et qui m'a trouvé quelques petites merdes...

    Merci beaucoup.
    Nébulus.
    0
  9. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    usbfix avant car tu as une infection par support usb

    et MBAM le mettre à jour avant de lancer le scan complet
    0
  10. Nébulus
     
    Etrange USBFix me dis que j'ai une mauvaise version de windows ! Alors j'ai XP, du coup il ne se lance pas.

    Comment ça une infection par support USB ?
    0
  11. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    Comment ça une infection par support USB ?

    oui tu as une infection qui a été transmise par un support usb

    j'ai une mauvaise version de windows

    mes outils m'indique pareil

    passes usbfix pour l'instant, je vais me renseigner et fais MBAM
    0
  12. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    ca pour l'usb

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{173cf087-051a-11df-bd88-001d7d014545}]
    shell\AutoRun\command - G:\PMB_P.exe

    ............
    ca qui ne va pas

    F2 - REG:system.ini: UserInit=\\.\globalroot\systemroot\system32\userinit.exe,
    ...........

    et un doute ailleurs

    0