laurentludo
-
Compteur de contenus
20 -
Inscription
-
Dernière visite
laurentludo's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
merci pr ton aide pour l eradication de ce virus je ne sais pas comment te remercier ca fait plaisir de constater qu'on peu compter sur l'entraide... merci cordialement ludo je vais voir en effet avec pierre comment on va pouvoir remédier à ce souci de matériel pour l'heure au dodo A + merci -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
je viens de laisser un message a pierre 13 encore merci pr ton aide..... on est pas couché lol A plus -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
voila le resultat de ce que tu m a demandé merci encore de ton aide 19:45:53:968 1576 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25 19:45:53:968 1576 ================================================================================ 19:45:53:968 1576 SystemInfo: 19:45:53:968 1576 OS Version: 5.1.2600 ServicePack: 3.0 19:45:53:968 1576 Product type: Workstation 19:45:53:968 1576 ComputerName: USER-02081FBA89 19:45:53:968 1576 UserName: utilisateur 19:45:53:968 1576 Windows directory: C:\WINDOWS 19:45:53:968 1576 Processor architecture: Intel x86 19:45:53:968 1576 Number of processors: 1 19:45:53:968 1576 Page size: 0x1000 19:45:53:968 1576 Boot type: Normal boot 19:45:53:968 1576 ================================================================================ 19:45:54:000 1576 UnloadDriverW: NtUnloadDriver error 2 19:45:54:000 1576 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 19:45:54:031 1576 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000 19:45:58:921 1576 UtilityInit: KLMD drop and load success 19:45:58:921 1576 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000) 19:45:58:921 1576 UtilityInit: KLMD open success 19:45:58:921 1576 UtilityInit: Initialize success 19:45:58:921 1576 19:45:58:921 1576 Scanning Services ... 19:45:58:921 1576 CreateRegParser: Registry parser init started 19:45:58:921 1576 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127 19:45:58:921 1576 CreateRegParser: DisableWow64Redirection error 19:45:58:921 1576 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system 19:45:58:921 1576 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043 19:45:58:921 1576 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 19:45:58:921 1576 wfopen_ex: Trying to KLMD file open 19:45:58:921 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system 19:45:58:921 1576 wfopen_ex: File opened ok (Flags 2) 19:45:58:921 1576 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 384930 19:45:58:921 1576 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software 19:45:58:921 1576 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043 19:45:58:921 1576 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 19:45:58:921 1576 wfopen_ex: Trying to KLMD file open 19:45:58:921 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software 19:45:58:921 1576 wfopen_ex: File opened ok (Flags 2) 19:45:58:921 1576 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 3849D8 19:45:58:921 1576 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127 19:45:58:921 1576 CreateRegParser: EnableWow64Redirection error 19:45:58:921 1576 CreateRegParser: RegParser init completed 19:45:59:250 1576 GetAdvancedServicesInfo: Raw services enum returned 384 services 19:45:59:250 1576 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system 19:45:59:250 1576 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software 19:45:59:250 1576 19:45:59:250 1576 Scanning Kernel memory ... 19:45:59:250 1576 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 19:45:59:250 1576 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 871D1A08 19:45:59:250 1576 DetectCureTDL3: KLMD_GetDeviceObjectList returned 15 DevObjects 19:45:59:250 1576 19:45:59:250 1576 DetectCureTDL3: DEVICE_OBJECT: 859FC030 19:45:59:250 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 859FC030 19:45:59:250 1576 KLMD_ReadMem: Trying to ReadMemory 0x859FC030[0x38] 19:45:59:250 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08 19:45:59:250 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8] 19:45:59:250 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18] 19:45:59:250 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 19:45:59:250 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0 19:45:59:250 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0 19:45:59:250 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F 19:45:59:250 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F 19:45:59:250 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2 19:45:59:250 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB 19:45:59:250 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28 19:45:59:250 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2 19:45:59:250 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82 19:45:59:250 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E 19:45:59:250 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:250 1576 TDL3_FileDetect: Processing driver: Disk 19:45:59:265 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:265 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:296 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 19:45:59:296 1576 19:45:59:296 1576 DetectCureTDL3: DEVICE_OBJECT: 87043030 19:45:59:296 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87043030 19:45:59:296 1576 DetectCureTDL3: DEVICE_OBJECT: 8703FA98 19:45:59:296 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8703FA98 19:45:59:296 1576 KLMD_ReadMem: Trying to ReadMemory 0x8703FA98[0x38] 19:45:59:296 1576 DetectCureTDL3: DRIVER_OBJECT: 868847B8 19:45:59:296 1576 KLMD_ReadMem: Trying to ReadMemory 0x868847B8[0xA8] 19:45:59:296 1576 KLMD_ReadMem: Trying to ReadMemory 0xE1E35390[0x1E] 19:45:59:296 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor 19:45:59:296 1576 DetectCureTDL3: IrpHandler (0) addr: F7801218 19:45:59:296 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (2) addr: F7801218 19:45:59:296 1576 DetectCureTDL3: IrpHandler (3) addr: F780123C 19:45:59:296 1576 DetectCureTDL3: IrpHandler (4) addr: F780123C 19:45:59:296 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (9) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (14) addr: F7801180 19:45:59:296 1576 DetectCureTDL3: IrpHandler (15) addr: F77FC9E6 19:45:59:296 1576 DetectCureTDL3: IrpHandler (16) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (22) addr: F78005F0 19:45:59:296 1576 DetectCureTDL3: IrpHandler (23) addr: F77FEA6E 19:45:59:296 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:296 1576 KLMD_ReadMem: Trying to ReadMemory 0xF77FDF26[0x400] 19:45:59:296 1576 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 19:45:59:296 1576 TDL3_FileDetect: Processing driver: usbstor 19:45:59:296 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:296 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:328 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 19:45:59:328 1576 19:45:59:328 1576 DetectCureTDL3: DEVICE_OBJECT: 86951140 19:45:59:328 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86951140 19:45:59:328 1576 KLMD_ReadMem: Trying to ReadMemory 0x86951140[0x38] 19:45:59:328 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08 19:45:59:328 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8] 19:45:59:328 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18] 19:45:59:328 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 19:45:59:328 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0 19:45:59:328 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0 19:45:59:328 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F 19:45:59:328 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F 19:45:59:328 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2 19:45:59:328 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB 19:45:59:328 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28 19:45:59:328 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2 19:45:59:328 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82 19:45:59:328 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E 19:45:59:328 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:328 1576 TDL3_FileDetect: Processing driver: Disk 19:45:59:328 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:328 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:359 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 19:45:59:359 1576 19:45:59:359 1576 DetectCureTDL3: DEVICE_OBJECT: 8698A920 19:45:59:359 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8698A920 19:45:59:359 1576 DetectCureTDL3: DEVICE_OBJECT: 868D77A0 19:45:59:359 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 868D77A0 19:45:59:359 1576 KLMD_ReadMem: Trying to ReadMemory 0x868D77A0[0x38] 19:45:59:359 1576 DetectCureTDL3: DRIVER_OBJECT: 868847B8 19:45:59:359 1576 KLMD_ReadMem: Trying to ReadMemory 0x868847B8[0xA8] 19:45:59:359 1576 KLMD_ReadMem: Trying to ReadMemory 0xE1E35390[0x1E] 19:45:59:359 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor 19:45:59:359 1576 DetectCureTDL3: IrpHandler (0) addr: F7801218 19:45:59:359 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (2) addr: F7801218 19:45:59:359 1576 DetectCureTDL3: IrpHandler (3) addr: F780123C 19:45:59:359 1576 DetectCureTDL3: IrpHandler (4) addr: F780123C 19:45:59:359 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (9) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (14) addr: F7801180 19:45:59:359 1576 DetectCureTDL3: IrpHandler (15) addr: F77FC9E6 19:45:59:359 1576 DetectCureTDL3: IrpHandler (16) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (22) addr: F78005F0 19:45:59:359 1576 DetectCureTDL3: IrpHandler (23) addr: F77FEA6E 19:45:59:359 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:359 1576 KLMD_ReadMem: Trying to ReadMemory 0xF77FDF26[0x400] 19:45:59:359 1576 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 19:45:59:359 1576 TDL3_FileDetect: Processing driver: usbstor 19:45:59:359 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:359 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:390 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 19:45:59:390 1576 19:45:59:390 1576 DetectCureTDL3: DEVICE_OBJECT: 86933030 19:45:59:390 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86933030 19:45:59:390 1576 KLMD_ReadMem: Trying to ReadMemory 0x86933030[0x38] 19:45:59:390 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08 19:45:59:390 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8] 19:45:59:390 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18] 19:45:59:390 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 19:45:59:390 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0 19:45:59:390 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0 19:45:59:390 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F 19:45:59:390 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F 19:45:59:390 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2 19:45:59:390 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB 19:45:59:390 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28 19:45:59:390 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2 19:45:59:390 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82 19:45:59:390 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E 19:45:59:390 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:390 1576 TDL3_FileDetect: Processing driver: Disk 19:45:59:390 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:390 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:421 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 19:45:59:421 1576 19:45:59:421 1576 DetectCureTDL3: DEVICE_OBJECT: 868FB988 19:45:59:421 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 868FB988 19:45:59:421 1576 KLMD_ReadMem: Trying to ReadMemory 0x868FB988[0x38] 19:45:59:421 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08 19:45:59:421 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8] 19:45:59:421 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18] 19:45:59:421 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 19:45:59:421 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0 19:45:59:421 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0 19:45:59:421 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F 19:45:59:421 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F 19:45:59:421 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2 19:45:59:421 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB 19:45:59:421 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28 19:45:59:421 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2 19:45:59:421 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82 19:45:59:421 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E 19:45:59:421 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:421 1576 TDL3_FileDetect: Processing driver: Disk 19:45:59:421 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:421 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:453 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 19:45:59:453 1576 19:45:59:453 1576 DetectCureTDL3: DEVICE_OBJECT: 8691A030 19:45:59:453 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8691A030 19:45:59:453 1576 KLMD_ReadMem: Trying to ReadMemory 0x8691A030[0x38] 19:45:59:453 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08 19:45:59:453 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8] 19:45:59:453 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18] 19:45:59:453 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 19:45:59:453 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0 19:45:59:453 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0 19:45:59:453 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F 19:45:59:453 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F 19:45:59:453 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2 19:45:59:453 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB 19:45:59:453 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28 19:45:59:453 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2 19:45:59:453 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82 19:45:59:453 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E 19:45:59:453 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:453 1576 TDL3_FileDetect: Processing driver: Disk 19:45:59:453 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:453 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:453 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 19:45:59:453 1576 19:45:59:453 1576 DetectCureTDL3: DEVICE_OBJECT: 8690F470 19:45:59:453 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8690F470 19:45:59:453 1576 KLMD_ReadMem: Trying to ReadMemory 0x8690F470[0x38] 19:45:59:453 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08 19:45:59:453 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8] 19:45:59:453 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18] 19:45:59:453 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 19:45:59:453 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0 19:45:59:453 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0 19:45:59:453 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F 19:45:59:453 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F 19:45:59:453 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2 19:45:59:453 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB 19:45:59:453 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28 19:45:59:453 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2 19:45:59:453 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82 19:45:59:453 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E 19:45:59:453 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:453 1576 TDL3_FileDetect: Processing driver: Disk 19:45:59:453 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:453 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:484 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 19:45:59:484 1576 19:45:59:484 1576 DetectCureTDL3: DEVICE_OBJECT: 86884AB8 19:45:59:484 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86884AB8 19:45:59:484 1576 DetectCureTDL3: DEVICE_OBJECT: 86BC0B18 19:45:59:484 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86BC0B18 19:45:59:484 1576 KLMD_ReadMem: Trying to ReadMemory 0x86BC0B18[0x38] 19:45:59:484 1576 DetectCureTDL3: DRIVER_OBJECT: 868847B8 19:45:59:484 1576 KLMD_ReadMem: Trying to ReadMemory 0x868847B8[0xA8] 19:45:59:484 1576 KLMD_ReadMem: Trying to ReadMemory 0xE1E35390[0x1E] 19:45:59:484 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor 19:45:59:484 1576 DetectCureTDL3: IrpHandler (0) addr: F7801218 19:45:59:484 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (2) addr: F7801218 19:45:59:484 1576 DetectCureTDL3: IrpHandler (3) addr: F780123C 19:45:59:484 1576 DetectCureTDL3: IrpHandler (4) addr: F780123C 19:45:59:484 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (9) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (14) addr: F7801180 19:45:59:484 1576 DetectCureTDL3: IrpHandler (15) addr: F77FC9E6 19:45:59:484 1576 DetectCureTDL3: IrpHandler (16) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (22) addr: F78005F0 19:45:59:484 1576 DetectCureTDL3: IrpHandler (23) addr: F77FEA6E 19:45:59:484 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:484 1576 KLMD_ReadMem: Trying to ReadMemory 0xF77FDF26[0x400] 19:45:59:484 1576 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 19:45:59:484 1576 TDL3_FileDetect: Processing driver: usbstor 19:45:59:484 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:484 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:515 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 19:45:59:515 1576 19:45:59:515 1576 DetectCureTDL3: DEVICE_OBJECT: 86B733F0 19:45:59:515 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86B733F0 19:45:59:515 1576 DetectCureTDL3: DEVICE_OBJECT: 86BE3030 19:45:59:515 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86BE3030 19:45:59:515 1576 KLMD_ReadMem: Trying to ReadMemory 0x86BE3030[0x38] 19:45:59:515 1576 DetectCureTDL3: DRIVER_OBJECT: 868847B8 19:45:59:515 1576 KLMD_ReadMem: Trying to ReadMemory 0x868847B8[0xA8] 19:45:59:515 1576 KLMD_ReadMem: Trying to ReadMemory 0xE1E35390[0x1E] 19:45:59:515 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor 19:45:59:515 1576 DetectCureTDL3: IrpHandler (0) addr: F7801218 19:45:59:515 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (2) addr: F7801218 19:45:59:515 1576 DetectCureTDL3: IrpHandler (3) addr: F780123C 19:45:59:515 1576 DetectCureTDL3: IrpHandler (4) addr: F780123C 19:45:59:515 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (9) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (14) addr: F7801180 19:45:59:515 1576 DetectCureTDL3: IrpHandler (15) addr: F77FC9E6 19:45:59:515 1576 DetectCureTDL3: IrpHandler (16) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (22) addr: F78005F0 19:45:59:515 1576 DetectCureTDL3: IrpHandler (23) addr: F77FEA6E 19:45:59:515 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:515 1576 KLMD_ReadMem: Trying to ReadMemory 0xF77FDF26[0x400] 19:45:59:515 1576 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 19:45:59:515 1576 TDL3_FileDetect: Processing driver: usbstor 19:45:59:515 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:515 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:546 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 19:45:59:546 1576 19:45:59:546 1576 DetectCureTDL3: DEVICE_OBJECT: 86D58030 19:45:59:546 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86D58030 19:45:59:546 1576 DetectCureTDL3: DEVICE_OBJECT: 86DAC2A0 19:45:59:546 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86DAC2A0 19:45:59:546 1576 KLMD_ReadMem: Trying to ReadMemory 0x86DAC2A0[0x38] 19:45:59:546 1576 DetectCureTDL3: DRIVER_OBJECT: 868847B8 19:45:59:546 1576 KLMD_ReadMem: Trying to ReadMemory 0x868847B8[0xA8] 19:45:59:546 1576 KLMD_ReadMem: Trying to ReadMemory 0xE1E35390[0x1E] 19:45:59:546 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor 19:45:59:546 1576 DetectCureTDL3: IrpHandler (0) addr: F7801218 19:45:59:546 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (2) addr: F7801218 19:45:59:546 1576 DetectCureTDL3: IrpHandler (3) addr: F780123C 19:45:59:546 1576 DetectCureTDL3: IrpHandler (4) addr: F780123C 19:45:59:546 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (9) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (14) addr: F7801180 19:45:59:546 1576 DetectCureTDL3: IrpHandler (15) addr: F77FC9E6 19:45:59:546 1576 DetectCureTDL3: IrpHandler (16) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (22) addr: F78005F0 19:45:59:546 1576 DetectCureTDL3: IrpHandler (23) addr: F77FEA6E 19:45:59:546 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:546 1576 KLMD_ReadMem: Trying to ReadMemory 0xF77FDF26[0x400] 19:45:59:546 1576 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 19:45:59:546 1576 TDL3_FileDetect: Processing driver: usbstor 19:45:59:546 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:546 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:578 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 19:45:59:578 1576 19:45:59:578 1576 DetectCureTDL3: DEVICE_OBJECT: 8687E650 19:45:59:578 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8687E650 19:45:59:578 1576 DetectCureTDL3: DEVICE_OBJECT: 86BD3EA0 19:45:59:578 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86BD3EA0 19:45:59:578 1576 KLMD_ReadMem: Trying to ReadMemory 0x86BD3EA0[0x38] 19:45:59:578 1576 DetectCureTDL3: DRIVER_OBJECT: 868847B8 19:45:59:578 1576 KLMD_ReadMem: Trying to ReadMemory 0x868847B8[0xA8] 19:45:59:578 1576 KLMD_ReadMem: Trying to ReadMemory 0xE1E35390[0x1E] 19:45:59:578 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor 19:45:59:578 1576 DetectCureTDL3: IrpHandler (0) addr: F7801218 19:45:59:578 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (2) addr: F7801218 19:45:59:578 1576 DetectCureTDL3: IrpHandler (3) addr: F780123C 19:45:59:578 1576 DetectCureTDL3: IrpHandler (4) addr: F780123C 19:45:59:578 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (9) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (14) addr: F7801180 19:45:59:578 1576 DetectCureTDL3: IrpHandler (15) addr: F77FC9E6 19:45:59:578 1576 DetectCureTDL3: IrpHandler (16) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (22) addr: F78005F0 19:45:59:578 1576 DetectCureTDL3: IrpHandler (23) addr: F77FEA6E 19:45:59:578 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:578 1576 KLMD_ReadMem: Trying to ReadMemory 0xF77FDF26[0x400] 19:45:59:578 1576 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 19:45:59:578 1576 TDL3_FileDetect: Processing driver: usbstor 19:45:59:578 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:578 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:593 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 19:45:59:593 1576 19:45:59:593 1576 DetectCureTDL3: DEVICE_OBJECT: 87166C68 19:45:59:593 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87166C68 19:45:59:593 1576 KLMD_ReadMem: Trying to ReadMemory 0x87166C68[0x38] 19:45:59:593 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08 19:45:59:593 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8] 19:45:59:593 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18] 19:45:59:593 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 19:45:59:593 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0 19:45:59:593 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0 19:45:59:593 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F 19:45:59:593 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F 19:45:59:593 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2 19:45:59:593 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB 19:45:59:593 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28 19:45:59:593 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2 19:45:59:593 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82 19:45:59:593 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E 19:45:59:593 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:593 1576 TDL3_FileDetect: Processing driver: Disk 19:45:59:593 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:593 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:593 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 19:45:59:593 1576 19:45:59:593 1576 DetectCureTDL3: DEVICE_OBJECT: 87137C68 19:45:59:593 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87137C68 19:45:59:593 1576 KLMD_ReadMem: Trying to ReadMemory 0x87137C68[0x38] 19:45:59:593 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08 19:45:59:593 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8] 19:45:59:593 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18] 19:45:59:593 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 19:45:59:593 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0 19:45:59:593 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0 19:45:59:593 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F 19:45:59:593 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F 19:45:59:593 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2 19:45:59:593 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB 19:45:59:593 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28 19:45:59:593 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2 19:45:59:593 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82 19:45:59:593 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E 19:45:59:593 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:593 1576 TDL3_FileDetect: Processing driver: Disk 19:45:59:593 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:593 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:625 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 19:45:59:625 1576 19:45:59:625 1576 DetectCureTDL3: DEVICE_OBJECT: 871D0AB8 19:45:59:625 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 871D0AB8 19:45:59:625 1576 DetectCureTDL3: DEVICE_OBJECT: 871D4B00 19:45:59:625 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 871D4B00 19:45:59:625 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D4B00[0x38] 19:45:59:625 1576 DetectCureTDL3: DRIVER_OBJECT: 8713EB60 19:45:59:625 1576 KLMD_ReadMem: Trying to ReadMemory 0x8713EB60[0xA8] 19:45:59:625 1576 KLMD_ReadMem: Trying to ReadMemory 0xE18FA8D8[0x1A] 19:45:59:625 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 19:45:59:625 1576 DetectCureTDL3: IrpHandler (0) addr: F73AE6F2 19:45:59:625 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (2) addr: F73AE6F2 19:45:59:625 1576 DetectCureTDL3: IrpHandler (3) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (4) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (9) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (14) addr: F73AE712 19:45:59:625 1576 DetectCureTDL3: IrpHandler (15) addr: F73AA852 19:45:59:625 1576 DetectCureTDL3: IrpHandler (16) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (22) addr: F73AE73C 19:45:59:625 1576 DetectCureTDL3: IrpHandler (23) addr: F73B5336 19:45:59:625 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:625 1576 KLMD_ReadMem: Trying to ReadMemory 0xF73AB864[0x400] 19:45:59:625 1576 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 19:45:59:625 1576 TDL3_FileDetect: Processing driver: atapi 19:45:59:625 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys 19:45:59:625 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys 19:45:59:671 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean 19:45:59:671 1576 19:45:59:671 1576 Completed 19:45:59:671 1576 19:45:59:671 1576 Results: 19:45:59:671 1576 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 19:45:59:671 1576 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 19:45:59:671 1576 File objects infected / cured / cured on reboot: 0 / 0 / 0 19:45:59:671 1576 19:45:59:875 1576 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000 19:45:59:875 1576 UtilityDeinit: KLMD(ARK) unloaded successfully -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
comme demandé voila le rapport de HijackThis j'attends tes preconisations au besoin peux tu me communiquer les coordonnées te ton pote afin d essayer de regler le probleme de matos Pour le moment je n ai toujours pas de connextion internet merci d avance pr le temps que tu consacre a plus Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:03:41, on 31/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll O4 - HKCU\..\Run: [RegDokFRT] C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.orderingmemory.com/controls/cpcScanner.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe -- End of file - 4787 bytes -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
voila le post du rapport de MBAM merci !!! pour info qd je vais ds le gestionnaire de peripheriques j ai rien comme matos... lol donc meme pas possible de les effacer!!! Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3510 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 31/01/2010 18:38:51 mbam-log-2010-01-31 (18-38-51).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 207707 Temps écoulé: 56 minute(s), 8 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 7 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\123456295511\Combo-Fix.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{484B78C8-6FEB-4DC4-9EC7-C5D1D799F32A}\RP1\A0000059.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{484B78C8-6FEB-4DC4-9EC7-C5D1D799F32A}\RP1\A0000124.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{484B78C8-6FEB-4DC4-9EC7-C5D1D799F32A}\RP1\A0000192.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{484B78C8-6FEB-4DC4-9EC7-C5D1D799F32A}\RP1\A0000348.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{484B78C8-6FEB-4DC4-9EC7-C5D1D799F32A}\RP2\A0000505.exe (Rogue.AntivirusDoktor) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\AVP 2009\1.dat (Malware.Trace) -> Quarantined and deleted successfully. -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
merci de ta reponse pr le matos mais pr le moment je n'ai pas reussi a reconditionner mas connexion intenet donc j'ai compris le message pour mon empressement et je m en excuse je vais laisser MBAM faire le scan complet qui dure qui dure... lol et je reviens vers toi ensuite et on va essayer ( surtout avec ton aide) de reconfigurer pas à pas merci de ta patience en tout cas... -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
pr le moment MBAM effectue un scan et cela dure depuis plus de 45 minutes je poste des que possible les rapports demandés encore merci de votre aide bonne soiree a plus -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
pour le moment je vais effectuer MBAM mais je reviens a ma connexion internet impossible de la restaure et visiblment il reconnais plus ma carte reseau ma carte son.... et c est qu un premier constat lol c est grave docteur -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
visiblement je n ai plus de materiel de reconnu ni ma carte son ni ma carte reseau ni mon imprimante .... dur dur -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
voila le rapport -- Report -- . D:\Guide\PanaVue ImageAssembler v3.5 Enterprise Multilingual Retail Incl Keymaker by ZWT.zip | patch.exe <-- DELETED . -- EOF -- visibement DELETED !!! que faire ensuite?? notamment pr retrouver les applications comme avt car pr le mment toujours pas de connexion internet excuse moi si suis impatient -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
voila je viens de faire un zip scan voila le resultat et d apres ce que tu viens de me dire sur la facon de se faire infecter... c est lui le coupable lol????? -- Report -- . D:\Guide\PanaVue ImageAssembler v3.5 Enterprise Multilingual Retail Incl Keymaker by ZWT.zip | patch.exe <-- FOUND . -- EOF -- -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
ok merci pr les renseignements pr le moment norton semble fonctionner voila le rapport que tu m avais demande avt je m empresse de telecharger le scan comme tu me le demande je reviens vers toi ensuite merci a plus et je suis preneur pr une autre solution anti virus lol le moment venu Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:23:09, on 31/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll O4 - HKCU\..\Run: [RegDokFRT] C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.orderingmemory.com/controls/cpcScanner.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe -- End of file - 4753 bytes -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
juste avt ton message j ai poste ce que tu m a demande ^ pour le reste... je suis en train..... de faire ce qur tu me demande merci a+ -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
voila le rapport de findykill ############################## | FindyKill V5.028 | # User : utilisateur () # USER-02081FBA89 # Update on 26/01/2010 by El Desaparecido # Start at: 15:54:33 | 31/01/2010 # Website : http://pagesperso-orange.fr/NosTools/index.html # Contact : FindyKill.Contact@gmail.com # AMD Athlon 64 Processor 3400+ # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3 # Internet Explorer 8.0.6001.18702 # Windows Firewall Status : Enabled # AV : Norton Internet Security 17.5.0.127 [ (!) Disabled | Updated ] # FW : Norton Internet Security[ Enabled ]17.5.0.127 # A:\ # Lecteur de disquettes 3 ½ pouces # C:\ # Disque fixe local # 78,13 Go (29,06 Go free) # NTFS # D:\ # Disque fixe local # 108,18 Go (50,4 Go free) # NTFS # F:\ # Disque amovible # G:\ # Disque amovible # H:\ # Disque amovible # I:\ # Disque CD-ROM # J:\ # Disque amovible # K:\ # Disque amovible ############################## | Processus actifs | C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\logonui.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE ################## | C: | ################## | C:\WINDOWS | ################## | C:\WINDOWS\Prefetch | ################## | C:\WINDOWS\system32 | ################## | C:\WINDOWS\system32\drivers | ################## | C:\Documents and Settings\utilisateur\Application Data | Supprimé ! C:\Documents and Settings\utilisateur\Application Data\drivers ################## | Autres suppressions ... | ################## | Zip File ... | ################## | Temporary Internet Files | ################## | Registre | Supprimé ! [HKLM\SYSTEM\ControlSet001\Services\sK9Ou0s] Supprimé ! [HKLM\SYSTEM\ControlSet001\Services\srosa] Supprimé ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S] Supprimé ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA] Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\patch] Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro] ################## | Etat | # Mode sans echec : OK # Affichage des fichiers cachés : OK # Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 ) # EapHost -> Start = 2 ( Good = 2 | Bad = 4 ) # Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 ) # SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 ) # wuauserv -> Start = 2 ( Good = 2 | Bad = 4 ) # wscsvc -> Start = 2 ( Good = 2 | Bad = 4 ) ################## | PEH | Corrompu : C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [Offset = 000000FC - Valeur = 0x0001] Corrompu : C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [Offset = 0000011C - Valeur = 0x0001] Corrompu : C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE [Offset = 0000011C - Valeur = 0x0001] Corrompu : C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [Offset = 00000134 - Valeur = 0x0001] Corrompu : C:\WINDOWS\SoftwareDistribution\Download\f83b9e65e848a33e802c86bb8999c36b\update\update.exe [Offset = 000000EC - Valeur = 0x0001] Tentative de réparation... Sauvegarde : update.exe.REN [Offset = 000000EC - Nouvelle valeur = 0x4C01] Fichier réparé avec succès. ################## | ! Fin du rapport # FindyKill V5.028 ! | merci a+ -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
ok je fais ce que tu dis... merci de donner de ton temps par ailleurs tu dis qu on sait comment on attrappe ce genre de virus?? et comment se fait il que mon anti virus n ai pas detecte cela? merci de ta reponse