Philou46

Merci et peut-être à bientôt.... Philippe

Après 48 heures de bon fonctionnement, je pense pouvoir mettre "résolu" Juste un question, comment effacer tous les programmes qui m'ont servi à déverminer ???(sauf Mbam bien sûr) Encore merci et à bientôt Philippe

Voilà, c'est fait... Je poste quand même le rapport Rkill qui a été fait en temps: rapport Rkill This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as Bernadette on 23/02/2010 at 15:28:32. Processes terminated by Rkill or while it was running: C:\Documents and Settings\Bernadette\Bureau\rkill.com Rkill completed on 23/02/2010 at 15:28:34. Rapport Avenger: Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Driver "kbdgjnzy" deleted successfully. File "C:\WINDOWS\system32\drivers\kbdgjnzy.sys" deleted successfully. Completed script processing. ******************* Finished! Terminate. Rapport Mbam: Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3788 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 25/02/2010 13:09:14 mbam-log-2010-02-25 (13-09-14).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 253255 Temps écoulé: 39 minute(s), 50 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Voilà, il semble que tout est rentré dans l'ordre... Amitié Philippe

Bonjours, Je lance cette manip dès que possible... C'est effectivement ce "kbdgjnzy.sys" qui a résisté à 2 tentatives d'éradication de Mbam, avant de vous contacter. Si il faut, je peux vous passer le rapport Rkill car je les ai passé dans l'ordre que vous m'avez indiqué, mais oublié, dans la précipitation, de poster le bon rapport. Merci et à bientôt Philippe

Bonjours et merci de vous occuper encore de moi... Voici tout d'abord le rapport Mbam: Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3780 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 23/02/2010 16:16:06 mbam-log-2010-02-23 (16-16-06).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 249949 Temps écoulé: 31 minute(s), 42 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\remote system protection (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\drivers\kbdgjnzy.sys (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\ylvr.dwo (Trojan.Oficla) -> Quarantined and deleted successfully. Le rapport RKill: 15:25:04:390 3764 TDSS rootkit removing tool 2.2.4 Feb 15 2010 19:38:31 15:25:04:390 3764 ================================================================================ 15:25:04:390 3764 SystemInfo: 15:25:04:390 3764 OS Version: 5.1.2600 ServicePack: 3.0 15:25:04:390 3764 Product type: Workstation 15:25:04:390 3764 ComputerName: D3104P3J 15:25:04:390 3764 UserName: Bernadette 15:25:04:390 3764 Windows directory: C:\WINDOWS 15:25:04:390 3764 Processor architecture: Intel x86 15:25:04:390 3764 Number of processors: 2 15:25:04:390 3764 Page size: 0x1000 15:25:04:390 3764 Boot type: Normal boot 15:25:04:390 3764 ================================================================================ 15:25:04:406 3764 UnloadDriverW: NtUnloadDriver error 2 15:25:04:406 3764 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 15:25:04:421 3764 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000 15:25:04:437 3764 UtilityInit: KLMD drop and load success 15:25:04:437 3764 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010) 15:25:04:437 3764 UtilityInit: KLMD open success 15:25:04:437 3764 UtilityInit: Initialize success 15:25:04:437 3764 15:25:04:437 3764 Scanning Services ... 15:25:04:437 3764 CreateRegParser: Registry parser init started 15:25:04:437 3764 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127 15:25:04:437 3764 CreateRegParser: DisableWow64Redirection error 15:25:04:437 3764 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system 15:25:04:437 3764 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043 15:25:04:437 3764 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 15:25:04:437 3764 wfopen_ex: Trying to KLMD file open 15:25:04:437 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system 15:25:04:437 3764 wfopen_ex: File opened ok (Flags 2) 15:25:04:437 3764 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 384C08 15:25:04:437 3764 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software 15:25:04:437 3764 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043 15:25:04:437 3764 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 15:25:04:437 3764 wfopen_ex: Trying to KLMD file open 15:25:04:437 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software 15:25:04:437 3764 wfopen_ex: File opened ok (Flags 2) 15:25:04:437 3764 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 384C70 15:25:04:437 3764 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127 15:25:04:437 3764 CreateRegParser: EnableWow64Redirection error 15:25:04:437 3764 CreateRegParser: RegParser init completed 15:25:04:781 3764 GetAdvancedServicesInfo: Raw services enum returned 344 services 15:25:04:781 3764 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system 15:25:04:781 3764 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software 15:25:04:781 3764 15:25:04:781 3764 Scanning Kernel memory ... 15:25:04:781 3764 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 15:25:04:781 3764 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A721910 15:25:04:781 3764 DetectCureTDL3: KLMD_GetDeviceObjectList returned 14 DevObjects 15:25:04:781 3764 15:25:04:781 3764 DetectCureTDL3: DEVICE_OBJECT: 89ED0210 15:25:04:781 3764 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89ED0210 15:25:04:781 3764 KLMD_ReadMem: Trying to ReadMemory 0x89ED0210[0x38] 15:25:04:781 3764 DetectCureTDL3: DRIVER_OBJECT: 8A721910 15:25:04:781 3764 KLMD_ReadMem: Trying to ReadMemory 0x8A721910[0xA8] 15:25:04:781 3764 KLMD_ReadMem: Trying to ReadMemory 0xE17A11A8[0x18] 15:25:04:781 3764 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 15:25:04:781 3764 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 15:25:04:781 3764 TDL3_FileDetect: Processing driver: Disk 15:25:04:781 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:781 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:796 3764 TDL3_FileDetect: Processing driver: Disk 15:25:04:796 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:796 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:796 3764 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 15:25:04:796 3764 15:25:04:796 3764 DetectCureTDL3: DEVICE_OBJECT: 8A3BDB20 15:25:04:796 3764 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3BDB20 15:25:04:796 3764 KLMD_ReadMem: Trying to ReadMemory 0x8A3BDB20[0x38] 15:25:04:796 3764 DetectCureTDL3: DRIVER_OBJECT: 8A721910 15:25:04:796 3764 KLMD_ReadMem: Trying to ReadMemory 0x8A721910[0xA8] 15:25:04:796 3764 KLMD_ReadMem: Trying to ReadMemory 0xE17A11A8[0x18] 15:25:04:796 3764 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 15:25:04:796 3764 TDL3_FileDetect: Processing driver: Disk 15:25:04:796 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:796 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:796 3764 TDL3_FileDetect: Processing driver: Disk 15:25:04:796 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:796 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:796 3764 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 15:25:04:796 3764 15:25:04:796 3764 DetectCureTDL3: DEVICE_OBJECT: 8A3C6030 15:25:04:796 3764 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3C6030 15:25:04:796 3764 KLMD_ReadMem: Trying to ReadMemory 0x8A3C6030[0x38] 15:25:04:796 3764 DetectCureTDL3: DRIVER_OBJECT: 8A721910 15:25:04:796 3764 KLMD_ReadMem: Trying to ReadMemory 0x8A721910[0xA8] 15:25:04:796 3764 KLMD_ReadMem: Trying to ReadMemory 0xE17A11A8[0x18] 15:25:04:796 3764 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 15:25:04:796 3764 TDL3_FileDetect: Processing driver: Disk 15:25:04:796 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:796 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:796 3764 TDL3_FileDetect: Processing driver: Disk 15:25:04:796 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:796 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:796 3764 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 15:25:04:796 3764 15:25:04:796 3764 DetectCureTDL3: DEVICE_OBJECT: 8A4CA580 15:25:04:796 3764 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A4CA580 15:25:04:796 3764 KLMD_ReadMem: Trying to ReadMemory 0x8A4CA580[0x38] 15:25:04:796 3764 DetectCureTDL3: DRIVER_OBJECT: 8A721910 15:25:04:796 3764 KLMD_ReadMem: Trying to ReadMemory 0x8A721910[0xA8] 15:25:04:796 3764 KLMD_ReadMem: Trying to ReadMemory 0xE17A11A8[0x18] 15:25:04:796 3764 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 15:25:04:796 3764 TDL3_FileDetect: Processing driver: Disk 15:25:04:796 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:796 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:796 3764 TDL3_FileDetect: Processing driver: Disk 15:25:04:796 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:796 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:796 3764 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 15:25:04:796 3764 15:25:04:796 3764 DetectCureTDL3: DEVICE_OBJECT: 89EDAAF8 15:25:04:796 3764 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89EDAAF8 15:25:04:796 3764 KLMD_ReadMem: Trying to ReadMemory 0x89EDAAF8[0x38] 15:25:04:796 3764 DetectCureTDL3: DRIVER_OBJECT: 8A721910 15:25:04:796 3764 KLMD_ReadMem: Trying to ReadMemory 0x8A721910[0xA8] 15:25:04:796 3764 KLMD_ReadMem: Trying to ReadMemory 0xE17A11A8[0x18] 15:25:04:796 3764 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 15:25:04:796 3764 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 15:25:04:796 3764 TDL3_FileDetect: Processing driver: Disk 15:25:04:796 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:796 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:796 3764 TDL3_FileDetect: Processing driver: Disk 15:25:04:796 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:796 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:796 3764 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 15:25:04:796 3764 15:25:04:796 3764 DetectCureTDL3: DEVICE_OBJECT: 89F43AB8 15:25:04:796 3764 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89F43AB8 15:25:04:796 3764 DetectCureTDL3: DEVICE_OBJECT: 89EADB48 15:25:04:796 3764 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89EADB48 15:25:04:796 3764 KLMD_ReadMem: Trying to ReadMemory 0x89EADB48[0x38] 15:25:04:796 3764 DetectCureTDL3: DRIVER_OBJECT: 89F202C0 15:25:04:812 3764 KLMD_ReadMem: Trying to ReadMemory 0x89F202C0[0xA8] 15:25:04:812 3764 KLMD_ReadMem: Trying to ReadMemory 0xE17AA1A0[0x1E] 15:25:04:812 3764 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_CREATE : BA475218 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_CLOSE : BA475218 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_READ : BA47523C 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_WRITE : BA47523C 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA475180 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA4709E6 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_POWER : BA4745F0 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA472A6E 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 15:25:04:812 3764 TDL3_FileDetect: Processing driver: USBSTOR 15:25:04:812 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:25:04:812 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:25:04:812 3764 KLMD_ReadMem: Trying to ReadMemory 0xBA471F26[0x400] 15:25:04:812 3764 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 15:25:04:812 3764 TDL3_FileDetect: Processing driver: USBSTOR 15:25:04:812 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:25:04:812 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:25:04:812 3764 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 15:25:04:812 3764 15:25:04:812 3764 DetectCureTDL3: DEVICE_OBJECT: 8A5929C8 15:25:04:812 3764 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A5929C8 15:25:04:812 3764 DetectCureTDL3: DEVICE_OBJECT: 89EF11B8 15:25:04:812 3764 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89EF11B8 15:25:04:812 3764 KLMD_ReadMem: Trying to ReadMemory 0x89EF11B8[0x38] 15:25:04:812 3764 DetectCureTDL3: DRIVER_OBJECT: 89F202C0 15:25:04:812 3764 KLMD_ReadMem: Trying to ReadMemory 0x89F202C0[0xA8] 15:25:04:812 3764 KLMD_ReadMem: Trying to ReadMemory 0xE17AA1A0[0x1E] 15:25:04:812 3764 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_CREATE : BA475218 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_CLOSE : BA475218 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_READ : BA47523C 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_WRITE : BA47523C 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA475180 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA4709E6 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_POWER : BA4745F0 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA472A6E 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 15:25:04:812 3764 TDL3_FileDetect: Processing driver: USBSTOR 15:25:04:812 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:25:04:812 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:25:04:812 3764 KLMD_ReadMem: Trying to ReadMemory 0xBA471F26[0x400] 15:25:04:812 3764 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 15:25:04:812 3764 TDL3_FileDetect: Processing driver: USBSTOR 15:25:04:812 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:25:04:812 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:25:04:812 3764 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 15:25:04:812 3764 15:25:04:812 3764 DetectCureTDL3: DEVICE_OBJECT: 8A3DE788 15:25:04:812 3764 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3DE788 15:25:04:812 3764 DetectCureTDL3: DEVICE_OBJECT: 89F30030 15:25:04:812 3764 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89F30030 15:25:04:812 3764 KLMD_ReadMem: Trying to ReadMemory 0x89F30030[0x38] 15:25:04:812 3764 DetectCureTDL3: DRIVER_OBJECT: 89F202C0 15:25:04:812 3764 KLMD_ReadMem: Trying to ReadMemory 0x89F202C0[0xA8] 15:25:04:812 3764 KLMD_ReadMem: Trying to ReadMemory 0xE17AA1A0[0x1E] 15:25:04:812 3764 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_CREATE : BA475218 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_CLOSE : BA475218 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_READ : BA47523C 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_WRITE : BA47523C 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA475180 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA4709E6 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_POWER : BA4745F0 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA472A6E 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 15:25:04:812 3764 TDL3_FileDetect: Processing driver: USBSTOR 15:25:04:812 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:25:04:812 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:25:04:812 3764 KLMD_ReadMem: Trying to ReadMemory 0xBA471F26[0x400] 15:25:04:812 3764 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 15:25:04:812 3764 TDL3_FileDetect: Processing driver: USBSTOR 15:25:04:812 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:25:04:812 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:25:04:812 3764 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 15:25:04:812 3764 15:25:04:812 3764 DetectCureTDL3: DEVICE_OBJECT: 8A524030 15:25:04:812 3764 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A524030 15:25:04:812 3764 DetectCureTDL3: DEVICE_OBJECT: 89E6DEA0 15:25:04:812 3764 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89E6DEA0 15:25:04:812 3764 KLMD_ReadMem: Trying to ReadMemory 0x89E6DEA0[0x38] 15:25:04:812 3764 DetectCureTDL3: DRIVER_OBJECT: 89F202C0 15:25:04:812 3764 KLMD_ReadMem: Trying to ReadMemory 0x89F202C0[0xA8] 15:25:04:812 3764 KLMD_ReadMem: Trying to ReadMemory 0xE17AA1A0[0x1E] 15:25:04:812 3764 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_CREATE : BA475218 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_CLOSE : BA475218 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_READ : BA47523C 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_WRITE : BA47523C 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA475180 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA4709E6 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_POWER : BA4745F0 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA472A6E 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 15:25:04:812 3764 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 15:25:04:812 3764 TDL3_FileDetect: Processing driver: USBSTOR 15:25:04:812 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:25:04:812 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:25:04:828 3764 KLMD_ReadMem: Trying to ReadMemory 0xBA471F26[0x400] 15:25:04:828 3764 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 15:25:04:828 3764 TDL3_FileDetect: Processing driver: USBSTOR 15:25:04:828 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:25:04:828 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:25:04:828 3764 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 15:25:04:828 3764 15:25:04:828 3764 DetectCureTDL3: DEVICE_OBJECT: 8A46A928 15:25:04:828 3764 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A46A928 15:25:04:828 3764 DetectCureTDL3: DEVICE_OBJECT: 89DF1EA0 15:25:04:828 3764 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89DF1EA0 15:25:04:828 3764 KLMD_ReadMem: Trying to ReadMemory 0x89DF1EA0[0x38] 15:25:04:828 3764 DetectCureTDL3: DRIVER_OBJECT: 89F202C0 15:25:04:828 3764 KLMD_ReadMem: Trying to ReadMemory 0x89F202C0[0xA8] 15:25:04:828 3764 KLMD_ReadMem: Trying to ReadMemory 0xE17AA1A0[0x1E] 15:25:04:828 3764 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CREATE : BA475218 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CLOSE : BA475218 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_READ : BA47523C 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_WRITE : BA47523C 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA475180 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA4709E6 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_POWER : BA4745F0 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA472A6E 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 15:25:04:828 3764 TDL3_FileDetect: Processing driver: USBSTOR 15:25:04:828 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:25:04:828 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:25:04:828 3764 KLMD_ReadMem: Trying to ReadMemory 0xBA471F26[0x400] 15:25:04:828 3764 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 15:25:04:828 3764 TDL3_FileDetect: Processing driver: USBSTOR 15:25:04:828 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:25:04:828 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:25:04:828 3764 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 15:25:04:828 3764 15:25:04:828 3764 DetectCureTDL3: DEVICE_OBJECT: 8A6D1C68 15:25:04:828 3764 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A6D1C68 15:25:04:828 3764 KLMD_ReadMem: Trying to ReadMemory 0x8A6D1C68[0x38] 15:25:04:828 3764 DetectCureTDL3: DRIVER_OBJECT: 8A721910 15:25:04:828 3764 KLMD_ReadMem: Trying to ReadMemory 0x8A721910[0xA8] 15:25:04:828 3764 KLMD_ReadMem: Trying to ReadMemory 0xE17A11A8[0x18] 15:25:04:828 3764 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 15:25:04:828 3764 TDL3_FileDetect: Processing driver: Disk 15:25:04:828 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:828 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:828 3764 TDL3_FileDetect: Processing driver: Disk 15:25:04:828 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:828 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:828 3764 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 15:25:04:828 3764 15:25:04:828 3764 DetectCureTDL3: DEVICE_OBJECT: 8A702C68 15:25:04:828 3764 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A702C68 15:25:04:828 3764 KLMD_ReadMem: Trying to ReadMemory 0x8A702C68[0x38] 15:25:04:828 3764 DetectCureTDL3: DRIVER_OBJECT: 8A721910 15:25:04:828 3764 KLMD_ReadMem: Trying to ReadMemory 0x8A721910[0xA8] 15:25:04:828 3764 KLMD_ReadMem: Trying to ReadMemory 0xE17A11A8[0x18] 15:25:04:828 3764 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 15:25:04:828 3764 TDL3_FileDetect: Processing driver: Disk 15:25:04:828 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:828 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:828 3764 TDL3_FileDetect: Processing driver: Disk 15:25:04:828 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:828 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:828 3764 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 15:25:04:828 3764 15:25:04:828 3764 DetectCureTDL3: DEVICE_OBJECT: 8A71FC68 15:25:04:828 3764 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A71FC68 15:25:04:828 3764 KLMD_ReadMem: Trying to ReadMemory 0x8A71FC68[0x38] 15:25:04:828 3764 DetectCureTDL3: DRIVER_OBJECT: 8A721910 15:25:04:828 3764 KLMD_ReadMem: Trying to ReadMemory 0x8A721910[0xA8] 15:25:04:828 3764 KLMD_ReadMem: Trying to ReadMemory 0xE17A11A8[0x18] 15:25:04:828 3764 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 15:25:04:828 3764 TDL3_FileDetect: Processing driver: Disk 15:25:04:828 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:828 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:828 3764 TDL3_FileDetect: Processing driver: Disk 15:25:04:828 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:828 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 15:25:04:828 3764 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 15:25:04:828 3764 15:25:04:828 3764 DetectCureTDL3: DEVICE_OBJECT: 8A703AB8 15:25:04:828 3764 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A703AB8 15:25:04:828 3764 DetectCureTDL3: DEVICE_OBJECT: 8A748160 15:25:04:828 3764 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A748160 15:25:04:828 3764 DetectCureTDL3: DEVICE_OBJECT: 8A6D5D98 15:25:04:828 3764 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A6D5D98 15:25:04:828 3764 KLMD_ReadMem: Trying to ReadMemory 0x8A6D5D98[0x38] 15:25:04:828 3764 DetectCureTDL3: DRIVER_OBJECT: 8A748E40 15:25:04:828 3764 KLMD_ReadMem: Trying to ReadMemory 0x8A748E40[0xA8] 15:25:04:828 3764 KLMD_ReadMem: Trying to ReadMemory 0xE17C2208[0x1A] 15:25:04:828 3764 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CREATE : B9C2D6F2 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CLOSE : B9C2D6F2 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_READ : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_WRITE : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : B9C2D712 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : B9C29852 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_POWER : B9C2D73C 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : B9C34336 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 15:25:04:828 3764 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 15:25:04:828 3764 TDL3_FileDetect: Processing driver: atapi 15:25:04:828 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys 15:25:04:828 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys 15:25:04:843 3764 KLMD_ReadMem: Trying to ReadMemory 0xB9C2A864[0x400] 15:25:04:843 3764 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 15:25:04:843 3764 TDL3_FileDetect: Processing driver: atapi 15:25:04:843 3764 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys 15:25:04:843 3764 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys 15:25:04:843 3764 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean 15:25:04:843 3764 15:25:04:843 3764 Completed 15:25:04:843 3764 15:25:04:843 3764 Results: 15:25:04:843 3764 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 15:25:04:843 3764 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 15:25:04:843 3764 File objects infected / cured / cured on reboot: 0 / 0 / 0 15:25:04:843 3764 15:25:04:843 3764 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000 15:25:04:843 3764 UtilityDeinit: KLMD(ARK) unloaded successfully Le rapport tdsskiller: 16:24:40:296 3236 TDSS rootkit removing tool 2.2.4 Feb 15 2010 19:38:31 16:24:40:296 3236 ================================================================================ 16:24:40:296 3236 SystemInfo: 16:24:40:296 3236 OS Version: 5.1.2600 ServicePack: 3.0 16:24:40:296 3236 Product type: Workstation 16:24:40:296 3236 ComputerName: D3104P3J 16:24:40:296 3236 UserName: Bernadette 16:24:40:296 3236 Windows directory: C:\WINDOWS 16:24:40:296 3236 Processor architecture: Intel x86 16:24:40:296 3236 Number of processors: 2 16:24:40:296 3236 Page size: 0x1000 16:24:40:296 3236 Boot type: Normal boot 16:24:40:296 3236 ================================================================================ 16:24:40:296 3236 UnloadDriverW: NtUnloadDriver error 2 16:24:40:296 3236 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 16:24:40:296 3236 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000 16:24:40:296 3236 UtilityInit: KLMD drop and load success 16:24:40:296 3236 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010) 16:24:40:296 3236 UtilityInit: KLMD open success 16:24:40:296 3236 UtilityInit: Initialize success 16:24:40:296 3236 16:24:40:296 3236 Scanning Services ... 16:24:40:296 3236 CreateRegParser: Registry parser init started 16:24:40:296 3236 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127 16:24:40:296 3236 CreateRegParser: DisableWow64Redirection error 16:24:40:296 3236 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system 16:24:40:296 3236 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043 16:24:40:296 3236 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 16:24:40:296 3236 wfopen_ex: Trying to KLMD file open 16:24:40:296 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system 16:24:40:296 3236 wfopen_ex: File opened ok (Flags 2) 16:24:40:296 3236 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 384A98 16:24:40:296 3236 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software 16:24:40:296 3236 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043 16:24:40:296 3236 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 16:24:40:312 3236 wfopen_ex: Trying to KLMD file open 16:24:40:312 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software 16:24:40:312 3236 wfopen_ex: File opened ok (Flags 2) 16:24:40:312 3236 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 384B00 16:24:40:312 3236 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127 16:24:40:312 3236 CreateRegParser: EnableWow64Redirection error 16:24:40:312 3236 CreateRegParser: RegParser init completed 16:24:40:640 3236 GetAdvancedServicesInfo: Raw services enum returned 345 services 16:24:40:640 3236 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system 16:24:40:640 3236 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software 16:24:40:640 3236 16:24:40:640 3236 Scanning Kernel memory ... 16:24:40:640 3236 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 16:24:40:640 3236 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A721910 16:24:40:640 3236 DetectCureTDL3: KLMD_GetDeviceObjectList returned 14 DevObjects 16:24:40:640 3236 16:24:40:640 3236 DetectCureTDL3: DEVICE_OBJECT: 89F28420 16:24:40:640 3236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89F28420 16:24:40:640 3236 KLMD_ReadMem: Trying to ReadMemory 0x89F28420[0x38] 16:24:40:640 3236 DetectCureTDL3: DRIVER_OBJECT: 8A721910 16:24:40:640 3236 KLMD_ReadMem: Trying to ReadMemory 0x8A721910[0xA8] 16:24:40:640 3236 KLMD_ReadMem: Trying to ReadMemory 0xE17BB308[0x18] 16:24:40:640 3236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 16:24:40:640 3236 TDL3_FileDetect: Processing driver: Disk 16:24:40:640 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:640 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:640 3236 TDL3_FileDetect: Processing driver: Disk 16:24:40:640 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:640 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:640 3236 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 16:24:40:640 3236 16:24:40:640 3236 DetectCureTDL3: DEVICE_OBJECT: 8A410190 16:24:40:640 3236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A410190 16:24:40:640 3236 KLMD_ReadMem: Trying to ReadMemory 0x8A410190[0x38] 16:24:40:640 3236 DetectCureTDL3: DRIVER_OBJECT: 8A721910 16:24:40:640 3236 KLMD_ReadMem: Trying to ReadMemory 0x8A721910[0xA8] 16:24:40:640 3236 KLMD_ReadMem: Trying to ReadMemory 0xE17BB308[0x18] 16:24:40:640 3236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 16:24:40:640 3236 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 16:24:40:640 3236 TDL3_FileDetect: Processing driver: Disk 16:24:40:640 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:640 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:656 3236 TDL3_FileDetect: Processing driver: Disk 16:24:40:656 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:656 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:656 3236 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 16:24:40:656 3236 16:24:40:656 3236 DetectCureTDL3: DEVICE_OBJECT: 8A4BEC40 16:24:40:656 3236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A4BEC40 16:24:40:656 3236 KLMD_ReadMem: Trying to ReadMemory 0x8A4BEC40[0x38] 16:24:40:656 3236 DetectCureTDL3: DRIVER_OBJECT: 8A721910 16:24:40:656 3236 KLMD_ReadMem: Trying to ReadMemory 0x8A721910[0xA8] 16:24:40:656 3236 KLMD_ReadMem: Trying to ReadMemory 0xE17BB308[0x18] 16:24:40:656 3236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 16:24:40:656 3236 TDL3_FileDetect: Processing driver: Disk 16:24:40:656 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:656 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:656 3236 TDL3_FileDetect: Processing driver: Disk 16:24:40:656 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:656 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:656 3236 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 16:24:40:656 3236 16:24:40:656 3236 DetectCureTDL3: DEVICE_OBJECT: 8A477B00 16:24:40:656 3236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A477B00 16:24:40:656 3236 KLMD_ReadMem: Trying to ReadMemory 0x8A477B00[0x38] 16:24:40:656 3236 DetectCureTDL3: DRIVER_OBJECT: 8A721910 16:24:40:656 3236 KLMD_ReadMem: Trying to ReadMemory 0x8A721910[0xA8] 16:24:40:656 3236 KLMD_ReadMem: Trying to ReadMemory 0xE17BB308[0x18] 16:24:40:656 3236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 16:24:40:656 3236 TDL3_FileDetect: Processing driver: Disk 16:24:40:656 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:656 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:656 3236 TDL3_FileDetect: Processing driver: Disk 16:24:40:656 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:656 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:656 3236 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 16:24:40:656 3236 16:24:40:656 3236 DetectCureTDL3: DEVICE_OBJECT: 8A3E22F0 16:24:40:656 3236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3E22F0 16:24:40:656 3236 KLMD_ReadMem: Trying to ReadMemory 0x8A3E22F0[0x38] 16:24:40:656 3236 DetectCureTDL3: DRIVER_OBJECT: 8A721910 16:24:40:656 3236 KLMD_ReadMem: Trying to ReadMemory 0x8A721910[0xA8] 16:24:40:656 3236 KLMD_ReadMem: Trying to ReadMemory 0xE17BB308[0x18] 16:24:40:656 3236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 16:24:40:656 3236 TDL3_FileDetect: Processing driver: Disk 16:24:40:656 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:656 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:656 3236 TDL3_FileDetect: Processing driver: Disk 16:24:40:656 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:656 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:656 3236 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 16:24:40:656 3236 16:24:40:656 3236 DetectCureTDL3: DEVICE_OBJECT: 8A3E09B0 16:24:40:656 3236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3E09B0 16:24:40:656 3236 DetectCureTDL3: DEVICE_OBJECT: 8A3B6030 16:24:40:656 3236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3B6030 16:24:40:656 3236 KLMD_ReadMem: Trying to ReadMemory 0x8A3B6030[0x38] 16:24:40:656 3236 DetectCureTDL3: DRIVER_OBJECT: 89EAEA70 16:24:40:656 3236 KLMD_ReadMem: Trying to ReadMemory 0x89EAEA70[0xA8] 16:24:40:656 3236 KLMD_ReadMem: Trying to ReadMemory 0xE17B3648[0x1E] 16:24:40:656 3236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_CREATE : BA485218 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_CLOSE : BA485218 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_READ : BA48523C 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_WRITE : BA48523C 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA485180 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA4809E6 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_POWER : BA4845F0 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA482A6E 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 16:24:40:656 3236 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 16:24:40:656 3236 TDL3_FileDetect: Processing driver: USBSTOR 16:24:40:656 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:24:40:656 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:24:40:671 3236 KLMD_ReadMem: Trying to ReadMemory 0xBA481F26[0x400] 16:24:40:671 3236 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 16:24:40:671 3236 TDL3_FileDetect: Processing driver: USBSTOR 16:24:40:671 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:24:40:671 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:24:40:671 3236 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 16:24:40:671 3236 16:24:40:671 3236 DetectCureTDL3: DEVICE_OBJECT: 8A44E300 16:24:40:671 3236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A44E300 16:24:40:671 3236 DetectCureTDL3: DEVICE_OBJECT: 8A4C2DA0 16:24:40:671 3236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A4C2DA0 16:24:40:671 3236 KLMD_ReadMem: Trying to ReadMemory 0x8A4C2DA0[0x38] 16:24:40:671 3236 DetectCureTDL3: DRIVER_OBJECT: 89EAEA70 16:24:40:671 3236 KLMD_ReadMem: Trying to ReadMemory 0x89EAEA70[0xA8] 16:24:40:671 3236 KLMD_ReadMem: Trying to ReadMemory 0xE17B3648[0x1E] 16:24:40:671 3236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_CREATE : BA485218 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_CLOSE : BA485218 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_READ : BA48523C 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_WRITE : BA48523C 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA485180 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA4809E6 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_POWER : BA4845F0 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA482A6E 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 16:24:40:671 3236 TDL3_FileDetect: Processing driver: USBSTOR 16:24:40:671 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:24:40:671 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:24:40:671 3236 KLMD_ReadMem: Trying to ReadMemory 0xBA481F26[0x400] 16:24:40:671 3236 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 16:24:40:671 3236 TDL3_FileDetect: Processing driver: USBSTOR 16:24:40:671 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:24:40:671 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:24:40:671 3236 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 16:24:40:671 3236 16:24:40:671 3236 DetectCureTDL3: DEVICE_OBJECT: 8A46B030 16:24:40:671 3236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A46B030 16:24:40:671 3236 DetectCureTDL3: DEVICE_OBJECT: 89E9BEA0 16:24:40:671 3236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89E9BEA0 16:24:40:671 3236 KLMD_ReadMem: Trying to ReadMemory 0x89E9BEA0[0x38] 16:24:40:671 3236 DetectCureTDL3: DRIVER_OBJECT: 89EAEA70 16:24:40:671 3236 KLMD_ReadMem: Trying to ReadMemory 0x89EAEA70[0xA8] 16:24:40:671 3236 KLMD_ReadMem: Trying to ReadMemory 0xE17B3648[0x1E] 16:24:40:671 3236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_CREATE : BA485218 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_CLOSE : BA485218 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_READ : BA48523C 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_WRITE : BA48523C 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA485180 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA4809E6 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_POWER : BA4845F0 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA482A6E 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 16:24:40:671 3236 TDL3_FileDetect: Processing driver: USBSTOR 16:24:40:671 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:24:40:671 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:24:40:671 3236 KLMD_ReadMem: Trying to ReadMemory 0xBA481F26[0x400] 16:24:40:671 3236 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 16:24:40:671 3236 TDL3_FileDetect: Processing driver: USBSTOR 16:24:40:671 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:24:40:671 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:24:40:671 3236 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 16:24:40:671 3236 16:24:40:671 3236 DetectCureTDL3: DEVICE_OBJECT: 8A451588 16:24:40:671 3236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A451588 16:24:40:671 3236 DetectCureTDL3: DEVICE_OBJECT: 8A3FA368 16:24:40:671 3236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3FA368 16:24:40:671 3236 KLMD_ReadMem: Trying to ReadMemory 0x8A3FA368[0x38] 16:24:40:671 3236 DetectCureTDL3: DRIVER_OBJECT: 89EAEA70 16:24:40:671 3236 KLMD_ReadMem: Trying to ReadMemory 0x89EAEA70[0xA8] 16:24:40:671 3236 KLMD_ReadMem: Trying to ReadMemory 0xE17B3648[0x1E] 16:24:40:671 3236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_CREATE : BA485218 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_CLOSE : BA485218 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_READ : BA48523C 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_WRITE : BA48523C 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA485180 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA4809E6 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_POWER : BA4845F0 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA482A6E 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 16:24:40:671 3236 TDL3_FileDetect: Processing driver: USBSTOR 16:24:40:671 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:24:40:671 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:24:40:671 3236 KLMD_ReadMem: Trying to ReadMemory 0xBA481F26[0x400] 16:24:40:671 3236 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 16:24:40:671 3236 TDL3_FileDetect: Processing driver: USBSTOR 16:24:40:671 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:24:40:671 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:24:40:671 3236 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 16:24:40:671 3236 16:24:40:671 3236 DetectCureTDL3: DEVICE_OBJECT: 8A403030 16:24:40:671 3236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A403030 16:24:40:671 3236 DetectCureTDL3: DEVICE_OBJECT: 89EAEB70 16:24:40:671 3236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89EAEB70 16:24:40:671 3236 KLMD_ReadMem: Trying to ReadMemory 0x89EAEB70[0x38] 16:24:40:671 3236 DetectCureTDL3: DRIVER_OBJECT: 89EAEA70 16:24:40:671 3236 KLMD_ReadMem: Trying to ReadMemory 0x89EAEA70[0xA8] 16:24:40:671 3236 KLMD_ReadMem: Trying to ReadMemory 0xE17B3648[0x1E] 16:24:40:671 3236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_CREATE : BA485218 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_CLOSE : BA485218 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_READ : BA48523C 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_WRITE : BA48523C 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA485180 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA4809E6 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_POWER : BA4845F0 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA482A6E 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 16:24:40:671 3236 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 16:24:40:671 3236 TDL3_FileDetect: Processing driver: USBSTOR 16:24:40:671 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:24:40:671 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:24:40:671 3236 KLMD_ReadMem: Trying to ReadMemory 0xBA481F26[0x400] 16:24:40:671 3236 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 16:24:40:671 3236 TDL3_FileDetect: Processing driver: USBSTOR 16:24:40:671 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:24:40:671 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:24:40:687 3236 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 16:24:40:687 3236 16:24:40:687 3236 DetectCureTDL3: DEVICE_OBJECT: 8A6D1C68 16:24:40:687 3236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A6D1C68 16:24:40:687 3236 KLMD_ReadMem: Trying to ReadMemory 0x8A6D1C68[0x38] 16:24:40:687 3236 DetectCureTDL3: DRIVER_OBJECT: 8A721910 16:24:40:687 3236 KLMD_ReadMem: Trying to ReadMemory 0x8A721910[0xA8] 16:24:40:687 3236 KLMD_ReadMem: Trying to ReadMemory 0xE17BB308[0x18] 16:24:40:687 3236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 16:24:40:687 3236 TDL3_FileDetect: Processing driver: Disk 16:24:40:687 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:687 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:687 3236 TDL3_FileDetect: Processing driver: Disk 16:24:40:687 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:687 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:687 3236 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 16:24:40:687 3236 16:24:40:687 3236 DetectCureTDL3: DEVICE_OBJECT: 8A702C68 16:24:40:687 3236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A702C68 16:24:40:687 3236 KLMD_ReadMem: Trying to ReadMemory 0x8A702C68[0x38] 16:24:40:687 3236 DetectCureTDL3: DRIVER_OBJECT: 8A721910 16:24:40:687 3236 KLMD_ReadMem: Trying to ReadMemory 0x8A721910[0xA8] 16:24:40:687 3236 KLMD_ReadMem: Trying to ReadMemory 0xE17BB308[0x18] 16:24:40:687 3236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 16:24:40:687 3236 TDL3_FileDetect: Processing driver: Disk 16:24:40:687 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:687 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:687 3236 TDL3_FileDetect: Processing driver: Disk 16:24:40:687 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:687 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:687 3236 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 16:24:40:687 3236 16:24:40:687 3236 DetectCureTDL3: DEVICE_OBJECT: 8A71FC68 16:24:40:687 3236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A71FC68 16:24:40:687 3236 KLMD_ReadMem: Trying to ReadMemory 0x8A71FC68[0x38] 16:24:40:687 3236 DetectCureTDL3: DRIVER_OBJECT: 8A721910 16:24:40:687 3236 KLMD_ReadMem: Trying to ReadMemory 0x8A721910[0xA8] 16:24:40:687 3236 KLMD_ReadMem: Trying to ReadMemory 0xE17BB308[0x18] 16:24:40:687 3236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_CREATE : BA0EEBB0 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_CLOSE : BA0EEBB0 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_READ : BA0E8D1F 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_WRITE : BA0E8D1F 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : BA0E92E2 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA0E93BB 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SHUTDOWN : BA0E92E2 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_POWER : BA0EAC82 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA0EF99E 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 16:24:40:687 3236 TDL3_FileDetect: Processing driver: Disk 16:24:40:687 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:687 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:687 3236 TDL3_FileDetect: Processing driver: Disk 16:24:40:687 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:687 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 16:24:40:687 3236 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 16:24:40:687 3236 16:24:40:687 3236 DetectCureTDL3: DEVICE_OBJECT: 8A703AB8 16:24:40:687 3236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A703AB8 16:24:40:687 3236 DetectCureTDL3: DEVICE_OBJECT: 8A748160 16:24:40:687 3236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A748160 16:24:40:687 3236 DetectCureTDL3: DEVICE_OBJECT: 8A6D5D98 16:24:40:687 3236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A6D5D98 16:24:40:687 3236 KLMD_ReadMem: Trying to ReadMemory 0x8A6D5D98[0x38] 16:24:40:687 3236 DetectCureTDL3: DRIVER_OBJECT: 8A748E40 16:24:40:687 3236 KLMD_ReadMem: Trying to ReadMemory 0x8A748E40[0xA8] 16:24:40:687 3236 KLMD_ReadMem: Trying to ReadMemory 0xE101AED0[0x1A] 16:24:40:687 3236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_CREATE : B9C2D6F2 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_CLOSE : B9C2D6F2 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_READ : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_WRITE : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SET_EA : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : B9C2D712 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : B9C29852 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_POWER : B9C2D73C 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : B9C34336 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4562 16:24:40:687 3236 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4562 16:24:40:687 3236 TDL3_FileDetect: Processing driver: atapi 16:24:40:687 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys 16:24:40:687 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys 16:24:40:703 3236 KLMD_ReadMem: Trying to ReadMemory 0xB9C2A864[0x400] 16:24:40:703 3236 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 16:24:40:703 3236 TDL3_FileDetect: Processing driver: atapi 16:24:40:703 3236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys 16:24:40:703 3236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys 16:24:40:703 3236 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean 16:24:40:703 3236 16:24:40:703 3236 Completed 16:24:40:703 3236 16:24:40:703 3236 Results: 16:24:40:703 3236 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 16:24:40:703 3236 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 16:24:40:703 3236 File objects infected / cured / cured on reboot: 0 / 0 / 0 16:24:40:703 3236 16:24:40:703 3236 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000 16:24:40:703 3236 UtilityDeinit: KLMD(ARK) unloaded successfully Bon courage... Nota:Mbam m'a dit qu'il ne pouvait pas supprimer certains composants....

Bonjours à tous, Me revoilà, mais pour un ami qui désespère.... Symptômes: quasiment plus d'accès à internet, machine lente, mais pas à la mise en route. Passé les classiques: ccleaner, avira av, et enfin malware byte qui m'a trouvé un trojan (sasfix) qu'il a supprimé, et ce p...de rootkit agent kbdgjnzy.sys dans système 32. Détecté, mais rien à faire pour le virer.... "Réparé" xp avec la disquette de réinstallation, mais il me dit que "rundll: erreur de chargement de c:\windows\system32\g9xvc.dll" mais ça semble fonctionner. Voili voilou, là je ne viens pas les mains vides..... D'avance merci aux bénévoles qui nous aident... Philippe

Juste une dernière info pour mes Amis qui ont bien voulu m'aider: Il semble que, si il y a eu partitionnement du DD, la réinstallation par ctrl+F11 soit impossible. C'est certainement pour ça qu'on a galèré. Par contre, il y a bien une partition "constructeur" (avant C:) dont on n'a plus accès... peux-t-on la supprimer sans dommages ??? C'était juste une simple remarque...

Si, si, mais je me tape une réinstallation complète, et j'y suis encore pour un bout de temps.... mais tout refonctionne. Après, je nettoierai le portable qui m'a servi à me loguer avec toi....quand j'aurai récupéré (mentalement...) Amitiés Philippe

Dernières nouvelles, rien à faire pour récupérer ce noyau Microsoft. Solution "à la hache", format C: et réinstallation du système Dell que j'avais sauvegardé à la réception. C'est galère, j'en suis encore à la mise à jour et réinstallation des pilotes, mais j'ai récupéré mon son. Encore merci à tous Philippe

Aucun moyen d'accéder à recovery malgré au moins 50 essais de toutes sorte... Solution à la hache: Formatage de C: par Gparted Réinstallation du CD que j'ai fait à la réception de l'ordi ( sauvegarde de recovery sur CD bootale) Il mouline, je te tiens au courant. Encore merci Philippe

Je ne vais pas t'embêter plus longtemps, j'ai tenté au moins 20 fois ce pu..ain de CTRL+F11 en retombant chaque fois sur la console de récupé. Je vais peut-être insister... mais j'en doute, ça me gonfle. Encore merci de ta disponibilité Philippe

J'ai vraiment pas de bol, avec Gparted, je vois la partition Dell de recovery, mais au démarrage, impossible de faire Ctrl+F11 comme préconisé dans le mode d'emploi et comme tu me le conseilles. Il se boote sur la console de récupération, et passe à Windows. En lisant le mode d'emploi d PC,j'avais déjà ssayé ça sans succès, d'où mon appel au secours... A+ Philippe

Merci Zonk, Bien sûr, j'ai sauvegardé sur un DD externe tout ce qui était "fichiers de données", mais j'ai voulu d'abord essayer ta méthode pour éliminer la panne "hard" du son (puisque c'est là mon premier problème, après la désinfection) Maintenent que je sais que c'est une panne de système, je vais essayer Gparted. Pour ta question, oui, la tentative de restauration ne m'a pas touché aux fichiers personnels, et n'a pas touché (il semble) le noyau Microsoft qui mer..e puisque c'est toujours en alarme. dans le doute, j'attend confirmation... Amitiés A+ Philippe

Dernières nouvelles, je suis passé chez "soft" et on m'a conseillé d'instaler le CD de Ubuntu pour tester ma machine, hors de windows. Et bien le son fonctionne parfaitement... donc j'ai une vér..le dans le soft, que je n'arrive pas à éradiquer pour le moment. Je quitte donc temporairement ce fil du "Hard" et encore merci à ceux qui m'ont conseillé A+ Philippe

Dernières nouvelles.... Une merveile ce Ubuntu sur CD, testé le son, qui semblait en panne, c'est bien Windows qui sème la zizanie car ça fonctionne parfaitement "hors windows". Maintenent, que faire, réinstaler windows n'a rien donné (en réparation), tout casser C: ???? Je sais que c'est du soft.... (voir les symptomes plus haut.... En essais, Ubuntu est tentant..... attention à toi Bill

Merci A+ Philippe

Pour Zonck... Dans le doute, et puisque mes dossiers vérolés n'ont pas été ouverts, j'ai supprimé totalement ces fichiers et refait un test Kaspersky en ligne. Il me donne un résultat clean... Qu'en déduire ? J'ai de la chance ou me gourre-je ..... Sinon, je viens de charger Ubuntu... et je testerai de suite. Amitiés Philippe

Encore Merci, je vais gérer les priorités.... A+ Philippe

Merci ZonK de t'occuper de mon problème. Première manip, Kaspersky (ça m'a pris la journée....) Je te passe le résultat... (j'ai honte...) -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, January 12, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, January 12, 2010 09:43:29 Records in database: 3300829 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ Scan statistics: Objects scanned: 118853 Threats found: 1 Infected objects found: 1 Suspicious objects found: 0 Scan duration: 02:37:38 File name / Threat / Threats count C:\Documents and Settings\Philippe\Mes documents\Downloads\Nero 9.4.26.0 Ultra Edition + Keymaker\Nero 9.4.26.0 Ultra Edition + Keygen\Nero-9.4.26.0_trial.exe Infected: Packed.Win32.TDSS.z 1 Selected area has been scanned. Je vais aller voir Ubuntu... Merci et A+ Philippe

Merci les Amis de votre diligence.... J'ai rechargé XP par le CD d'usine, mais je pense avoir des crasses ailleurs, que la réinstallation n'a pas arrangé. Sans vous déranger, je refais une petite historique de mes problèmes: Tout d'abord, ouverture de fenêtres de X ou de casino... problème réglé par Pear. Dispartion du son, plus de periph instalé... même après réinstallation XP (réparation Sp2 et mise à jour SP3) Dans "gestionnaire de périph" des alarmes sur: mélangeur audio vidéo, noyau microsoft, sur synthétiseur de table son noyau micosoft, et sur Synthé DLS du noyau. Comme conseillé par des spécialistes du hard, j'ai supprimé tout ça et relancé... ils se sont remis en place, et toujours pas de son Maintenant, je n'ai même plus accès à "Sons et périphériques" Voilà pourquoi je pleure... Dès que possible, je fais les manips de Zonk sur la bête (bien évidemment, je vous parle d'un autre PC....) A+ Philippe

Bonsoir à tous, Suite à une attaque sérieuse de virus et autres cochonneries, réparées grâce aux animateurs de "sécurité" mon PC est devenu invivable quand même (j'avais lancé un S.O.S. dans "hard" car mon "noyau microsoft" était pourri, plus de son, des points d'interrogation ...rien de changé.) J'ai tenté de réinstaller Windows par le CD du constructeur, mis à jour Win , tout s'est bien passé sauf qu'il est toujours capricieux et en panne. En désespoir de cause, jai voulu reformater mon C: par l'invite de commande, et aussi en mode sans échec... résultat: "Format ne peut s'éxécuter car le volume est utilisé par un autre process. Format ne pourra s'éxécuter qu'après que le volume ait été démonté" Comme j'avais partitioné ce DD en deux, et sauvegardé toutes mes données sur D: j'aimerais éviter de tout formater. Je vous appelle donc au secours... Le PC est un Dell 5000, XP SP3.... Merci d'avance Philippe

J'ai rechargé SP3 et installé, espérant une réparation... Ben non, ça m'a remis toutes les alertes que j'avais supprimé sur vos conseils, et toujours pas de "periph audio" Désespoir....

Merci Thorgal... Bien suivi la manip, mais toujours pas de "périph audio" installé, et toujours cette alerte du noyau Microsoft De plus, suite aux manips, j'ai même perdu l'accès à "sons et périph" dans le panneau de configuration. Question aux spécialistes: est-il possible de "réparer" Windows XP sans tout désinstaller, car faire un"format C:" ça va m'occuper toute la semaine pour tout remettre en ordre, sans avoir la certitude que ce n'est pas une panne "hard" Merci à tous de votre gentillesse Philippe

C'est fait... Merci encore de votre disponibilité Philippe