laurentludo
-
Compteur de contenus
20 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par laurentludo
-
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
merci pr ton aide pour l eradication de ce virus je ne sais pas comment te remercier ca fait plaisir de constater qu'on peu compter sur l'entraide... merci cordialement ludo je vais voir en effet avec pierre comment on va pouvoir remédier à ce souci de matériel pour l'heure au dodo A + merci -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
je viens de laisser un message a pierre 13 encore merci pr ton aide..... on est pas couché lol A plus -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
voila le resultat de ce que tu m a demandé merci encore de ton aide 19:45:53:968 1576 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25 19:45:53:968 1576 ================================================================================ 19:45:53:968 1576 SystemInfo: 19:45:53:968 1576 OS Version: 5.1.2600 ServicePack: 3.0 19:45:53:968 1576 Product type: Workstation 19:45:53:968 1576 ComputerName: USER-02081FBA89 19:45:53:968 1576 UserName: utilisateur 19:45:53:968 1576 Windows directory: C:\WINDOWS 19:45:53:968 1576 Processor architecture: Intel x86 19:45:53:968 1576 Number of processors: 1 19:45:53:968 1576 Page size: 0x1000 19:45:53:968 1576 Boot type: Normal boot 19:45:53:968 1576 ================================================================================ 19:45:54:000 1576 UnloadDriverW: NtUnloadDriver error 2 19:45:54:000 1576 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 19:45:54:031 1576 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000 19:45:58:921 1576 UtilityInit: KLMD drop and load success 19:45:58:921 1576 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000) 19:45:58:921 1576 UtilityInit: KLMD open success 19:45:58:921 1576 UtilityInit: Initialize success 19:45:58:921 1576 19:45:58:921 1576 Scanning Services ... 19:45:58:921 1576 CreateRegParser: Registry parser init started 19:45:58:921 1576 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127 19:45:58:921 1576 CreateRegParser: DisableWow64Redirection error 19:45:58:921 1576 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system 19:45:58:921 1576 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043 19:45:58:921 1576 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 19:45:58:921 1576 wfopen_ex: Trying to KLMD file open 19:45:58:921 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system 19:45:58:921 1576 wfopen_ex: File opened ok (Flags 2) 19:45:58:921 1576 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 384930 19:45:58:921 1576 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software 19:45:58:921 1576 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043 19:45:58:921 1576 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 19:45:58:921 1576 wfopen_ex: Trying to KLMD file open 19:45:58:921 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software 19:45:58:921 1576 wfopen_ex: File opened ok (Flags 2) 19:45:58:921 1576 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 3849D8 19:45:58:921 1576 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127 19:45:58:921 1576 CreateRegParser: EnableWow64Redirection error 19:45:58:921 1576 CreateRegParser: RegParser init completed 19:45:59:250 1576 GetAdvancedServicesInfo: Raw services enum returned 384 services 19:45:59:250 1576 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system 19:45:59:250 1576 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software 19:45:59:250 1576 19:45:59:250 1576 Scanning Kernel memory ... 19:45:59:250 1576 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 19:45:59:250 1576 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 871D1A08 19:45:59:250 1576 DetectCureTDL3: KLMD_GetDeviceObjectList returned 15 DevObjects 19:45:59:250 1576 19:45:59:250 1576 DetectCureTDL3: DEVICE_OBJECT: 859FC030 19:45:59:250 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 859FC030 19:45:59:250 1576 KLMD_ReadMem: Trying to ReadMemory 0x859FC030[0x38] 19:45:59:250 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08 19:45:59:250 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8] 19:45:59:250 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18] 19:45:59:250 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 19:45:59:250 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0 19:45:59:250 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0 19:45:59:250 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F 19:45:59:250 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F 19:45:59:250 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2 19:45:59:250 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB 19:45:59:250 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28 19:45:59:250 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2 19:45:59:250 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82 19:45:59:250 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E 19:45:59:250 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:250 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:250 1576 TDL3_FileDetect: Processing driver: Disk 19:45:59:265 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:265 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:296 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 19:45:59:296 1576 19:45:59:296 1576 DetectCureTDL3: DEVICE_OBJECT: 87043030 19:45:59:296 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87043030 19:45:59:296 1576 DetectCureTDL3: DEVICE_OBJECT: 8703FA98 19:45:59:296 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8703FA98 19:45:59:296 1576 KLMD_ReadMem: Trying to ReadMemory 0x8703FA98[0x38] 19:45:59:296 1576 DetectCureTDL3: DRIVER_OBJECT: 868847B8 19:45:59:296 1576 KLMD_ReadMem: Trying to ReadMemory 0x868847B8[0xA8] 19:45:59:296 1576 KLMD_ReadMem: Trying to ReadMemory 0xE1E35390[0x1E] 19:45:59:296 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor 19:45:59:296 1576 DetectCureTDL3: IrpHandler (0) addr: F7801218 19:45:59:296 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (2) addr: F7801218 19:45:59:296 1576 DetectCureTDL3: IrpHandler (3) addr: F780123C 19:45:59:296 1576 DetectCureTDL3: IrpHandler (4) addr: F780123C 19:45:59:296 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (9) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (14) addr: F7801180 19:45:59:296 1576 DetectCureTDL3: IrpHandler (15) addr: F77FC9E6 19:45:59:296 1576 DetectCureTDL3: IrpHandler (16) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (22) addr: F78005F0 19:45:59:296 1576 DetectCureTDL3: IrpHandler (23) addr: F77FEA6E 19:45:59:296 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:296 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:296 1576 KLMD_ReadMem: Trying to ReadMemory 0xF77FDF26[0x400] 19:45:59:296 1576 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 19:45:59:296 1576 TDL3_FileDetect: Processing driver: usbstor 19:45:59:296 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:296 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:328 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 19:45:59:328 1576 19:45:59:328 1576 DetectCureTDL3: DEVICE_OBJECT: 86951140 19:45:59:328 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86951140 19:45:59:328 1576 KLMD_ReadMem: Trying to ReadMemory 0x86951140[0x38] 19:45:59:328 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08 19:45:59:328 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8] 19:45:59:328 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18] 19:45:59:328 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 19:45:59:328 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0 19:45:59:328 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0 19:45:59:328 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F 19:45:59:328 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F 19:45:59:328 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2 19:45:59:328 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB 19:45:59:328 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28 19:45:59:328 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2 19:45:59:328 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82 19:45:59:328 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E 19:45:59:328 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:328 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:328 1576 TDL3_FileDetect: Processing driver: Disk 19:45:59:328 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:328 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:359 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 19:45:59:359 1576 19:45:59:359 1576 DetectCureTDL3: DEVICE_OBJECT: 8698A920 19:45:59:359 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8698A920 19:45:59:359 1576 DetectCureTDL3: DEVICE_OBJECT: 868D77A0 19:45:59:359 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 868D77A0 19:45:59:359 1576 KLMD_ReadMem: Trying to ReadMemory 0x868D77A0[0x38] 19:45:59:359 1576 DetectCureTDL3: DRIVER_OBJECT: 868847B8 19:45:59:359 1576 KLMD_ReadMem: Trying to ReadMemory 0x868847B8[0xA8] 19:45:59:359 1576 KLMD_ReadMem: Trying to ReadMemory 0xE1E35390[0x1E] 19:45:59:359 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor 19:45:59:359 1576 DetectCureTDL3: IrpHandler (0) addr: F7801218 19:45:59:359 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (2) addr: F7801218 19:45:59:359 1576 DetectCureTDL3: IrpHandler (3) addr: F780123C 19:45:59:359 1576 DetectCureTDL3: IrpHandler (4) addr: F780123C 19:45:59:359 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (9) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (14) addr: F7801180 19:45:59:359 1576 DetectCureTDL3: IrpHandler (15) addr: F77FC9E6 19:45:59:359 1576 DetectCureTDL3: IrpHandler (16) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (22) addr: F78005F0 19:45:59:359 1576 DetectCureTDL3: IrpHandler (23) addr: F77FEA6E 19:45:59:359 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:359 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:359 1576 KLMD_ReadMem: Trying to ReadMemory 0xF77FDF26[0x400] 19:45:59:359 1576 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 19:45:59:359 1576 TDL3_FileDetect: Processing driver: usbstor 19:45:59:359 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:359 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:390 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 19:45:59:390 1576 19:45:59:390 1576 DetectCureTDL3: DEVICE_OBJECT: 86933030 19:45:59:390 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86933030 19:45:59:390 1576 KLMD_ReadMem: Trying to ReadMemory 0x86933030[0x38] 19:45:59:390 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08 19:45:59:390 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8] 19:45:59:390 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18] 19:45:59:390 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 19:45:59:390 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0 19:45:59:390 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0 19:45:59:390 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F 19:45:59:390 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F 19:45:59:390 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2 19:45:59:390 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB 19:45:59:390 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28 19:45:59:390 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2 19:45:59:390 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82 19:45:59:390 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E 19:45:59:390 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:390 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:390 1576 TDL3_FileDetect: Processing driver: Disk 19:45:59:390 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:390 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:421 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 19:45:59:421 1576 19:45:59:421 1576 DetectCureTDL3: DEVICE_OBJECT: 868FB988 19:45:59:421 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 868FB988 19:45:59:421 1576 KLMD_ReadMem: Trying to ReadMemory 0x868FB988[0x38] 19:45:59:421 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08 19:45:59:421 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8] 19:45:59:421 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18] 19:45:59:421 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 19:45:59:421 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0 19:45:59:421 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0 19:45:59:421 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F 19:45:59:421 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F 19:45:59:421 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2 19:45:59:421 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB 19:45:59:421 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28 19:45:59:421 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2 19:45:59:421 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82 19:45:59:421 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E 19:45:59:421 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:421 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:421 1576 TDL3_FileDetect: Processing driver: Disk 19:45:59:421 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:421 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:453 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 19:45:59:453 1576 19:45:59:453 1576 DetectCureTDL3: DEVICE_OBJECT: 8691A030 19:45:59:453 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8691A030 19:45:59:453 1576 KLMD_ReadMem: Trying to ReadMemory 0x8691A030[0x38] 19:45:59:453 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08 19:45:59:453 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8] 19:45:59:453 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18] 19:45:59:453 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 19:45:59:453 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0 19:45:59:453 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0 19:45:59:453 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F 19:45:59:453 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F 19:45:59:453 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2 19:45:59:453 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB 19:45:59:453 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28 19:45:59:453 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2 19:45:59:453 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82 19:45:59:453 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E 19:45:59:453 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:453 1576 TDL3_FileDetect: Processing driver: Disk 19:45:59:453 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:453 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:453 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 19:45:59:453 1576 19:45:59:453 1576 DetectCureTDL3: DEVICE_OBJECT: 8690F470 19:45:59:453 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8690F470 19:45:59:453 1576 KLMD_ReadMem: Trying to ReadMemory 0x8690F470[0x38] 19:45:59:453 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08 19:45:59:453 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8] 19:45:59:453 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18] 19:45:59:453 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 19:45:59:453 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0 19:45:59:453 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0 19:45:59:453 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F 19:45:59:453 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F 19:45:59:453 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2 19:45:59:453 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB 19:45:59:453 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28 19:45:59:453 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2 19:45:59:453 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82 19:45:59:453 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E 19:45:59:453 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:453 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:453 1576 TDL3_FileDetect: Processing driver: Disk 19:45:59:453 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:453 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:484 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 19:45:59:484 1576 19:45:59:484 1576 DetectCureTDL3: DEVICE_OBJECT: 86884AB8 19:45:59:484 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86884AB8 19:45:59:484 1576 DetectCureTDL3: DEVICE_OBJECT: 86BC0B18 19:45:59:484 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86BC0B18 19:45:59:484 1576 KLMD_ReadMem: Trying to ReadMemory 0x86BC0B18[0x38] 19:45:59:484 1576 DetectCureTDL3: DRIVER_OBJECT: 868847B8 19:45:59:484 1576 KLMD_ReadMem: Trying to ReadMemory 0x868847B8[0xA8] 19:45:59:484 1576 KLMD_ReadMem: Trying to ReadMemory 0xE1E35390[0x1E] 19:45:59:484 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor 19:45:59:484 1576 DetectCureTDL3: IrpHandler (0) addr: F7801218 19:45:59:484 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (2) addr: F7801218 19:45:59:484 1576 DetectCureTDL3: IrpHandler (3) addr: F780123C 19:45:59:484 1576 DetectCureTDL3: IrpHandler (4) addr: F780123C 19:45:59:484 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (9) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (14) addr: F7801180 19:45:59:484 1576 DetectCureTDL3: IrpHandler (15) addr: F77FC9E6 19:45:59:484 1576 DetectCureTDL3: IrpHandler (16) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (22) addr: F78005F0 19:45:59:484 1576 DetectCureTDL3: IrpHandler (23) addr: F77FEA6E 19:45:59:484 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:484 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:484 1576 KLMD_ReadMem: Trying to ReadMemory 0xF77FDF26[0x400] 19:45:59:484 1576 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 19:45:59:484 1576 TDL3_FileDetect: Processing driver: usbstor 19:45:59:484 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:484 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:515 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 19:45:59:515 1576 19:45:59:515 1576 DetectCureTDL3: DEVICE_OBJECT: 86B733F0 19:45:59:515 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86B733F0 19:45:59:515 1576 DetectCureTDL3: DEVICE_OBJECT: 86BE3030 19:45:59:515 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86BE3030 19:45:59:515 1576 KLMD_ReadMem: Trying to ReadMemory 0x86BE3030[0x38] 19:45:59:515 1576 DetectCureTDL3: DRIVER_OBJECT: 868847B8 19:45:59:515 1576 KLMD_ReadMem: Trying to ReadMemory 0x868847B8[0xA8] 19:45:59:515 1576 KLMD_ReadMem: Trying to ReadMemory 0xE1E35390[0x1E] 19:45:59:515 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor 19:45:59:515 1576 DetectCureTDL3: IrpHandler (0) addr: F7801218 19:45:59:515 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (2) addr: F7801218 19:45:59:515 1576 DetectCureTDL3: IrpHandler (3) addr: F780123C 19:45:59:515 1576 DetectCureTDL3: IrpHandler (4) addr: F780123C 19:45:59:515 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (9) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (14) addr: F7801180 19:45:59:515 1576 DetectCureTDL3: IrpHandler (15) addr: F77FC9E6 19:45:59:515 1576 DetectCureTDL3: IrpHandler (16) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (22) addr: F78005F0 19:45:59:515 1576 DetectCureTDL3: IrpHandler (23) addr: F77FEA6E 19:45:59:515 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:515 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:515 1576 KLMD_ReadMem: Trying to ReadMemory 0xF77FDF26[0x400] 19:45:59:515 1576 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 19:45:59:515 1576 TDL3_FileDetect: Processing driver: usbstor 19:45:59:515 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:515 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:546 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 19:45:59:546 1576 19:45:59:546 1576 DetectCureTDL3: DEVICE_OBJECT: 86D58030 19:45:59:546 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86D58030 19:45:59:546 1576 DetectCureTDL3: DEVICE_OBJECT: 86DAC2A0 19:45:59:546 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86DAC2A0 19:45:59:546 1576 KLMD_ReadMem: Trying to ReadMemory 0x86DAC2A0[0x38] 19:45:59:546 1576 DetectCureTDL3: DRIVER_OBJECT: 868847B8 19:45:59:546 1576 KLMD_ReadMem: Trying to ReadMemory 0x868847B8[0xA8] 19:45:59:546 1576 KLMD_ReadMem: Trying to ReadMemory 0xE1E35390[0x1E] 19:45:59:546 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor 19:45:59:546 1576 DetectCureTDL3: IrpHandler (0) addr: F7801218 19:45:59:546 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (2) addr: F7801218 19:45:59:546 1576 DetectCureTDL3: IrpHandler (3) addr: F780123C 19:45:59:546 1576 DetectCureTDL3: IrpHandler (4) addr: F780123C 19:45:59:546 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (9) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (14) addr: F7801180 19:45:59:546 1576 DetectCureTDL3: IrpHandler (15) addr: F77FC9E6 19:45:59:546 1576 DetectCureTDL3: IrpHandler (16) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (22) addr: F78005F0 19:45:59:546 1576 DetectCureTDL3: IrpHandler (23) addr: F77FEA6E 19:45:59:546 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:546 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:546 1576 KLMD_ReadMem: Trying to ReadMemory 0xF77FDF26[0x400] 19:45:59:546 1576 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 19:45:59:546 1576 TDL3_FileDetect: Processing driver: usbstor 19:45:59:546 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:546 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:578 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 19:45:59:578 1576 19:45:59:578 1576 DetectCureTDL3: DEVICE_OBJECT: 8687E650 19:45:59:578 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8687E650 19:45:59:578 1576 DetectCureTDL3: DEVICE_OBJECT: 86BD3EA0 19:45:59:578 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86BD3EA0 19:45:59:578 1576 KLMD_ReadMem: Trying to ReadMemory 0x86BD3EA0[0x38] 19:45:59:578 1576 DetectCureTDL3: DRIVER_OBJECT: 868847B8 19:45:59:578 1576 KLMD_ReadMem: Trying to ReadMemory 0x868847B8[0xA8] 19:45:59:578 1576 KLMD_ReadMem: Trying to ReadMemory 0xE1E35390[0x1E] 19:45:59:578 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor 19:45:59:578 1576 DetectCureTDL3: IrpHandler (0) addr: F7801218 19:45:59:578 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (2) addr: F7801218 19:45:59:578 1576 DetectCureTDL3: IrpHandler (3) addr: F780123C 19:45:59:578 1576 DetectCureTDL3: IrpHandler (4) addr: F780123C 19:45:59:578 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (9) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (14) addr: F7801180 19:45:59:578 1576 DetectCureTDL3: IrpHandler (15) addr: F77FC9E6 19:45:59:578 1576 DetectCureTDL3: IrpHandler (16) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (22) addr: F78005F0 19:45:59:578 1576 DetectCureTDL3: IrpHandler (23) addr: F77FEA6E 19:45:59:578 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:578 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:578 1576 KLMD_ReadMem: Trying to ReadMemory 0xF77FDF26[0x400] 19:45:59:578 1576 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 19:45:59:578 1576 TDL3_FileDetect: Processing driver: usbstor 19:45:59:578 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:578 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:45:59:593 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean 19:45:59:593 1576 19:45:59:593 1576 DetectCureTDL3: DEVICE_OBJECT: 87166C68 19:45:59:593 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87166C68 19:45:59:593 1576 KLMD_ReadMem: Trying to ReadMemory 0x87166C68[0x38] 19:45:59:593 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08 19:45:59:593 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8] 19:45:59:593 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18] 19:45:59:593 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 19:45:59:593 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0 19:45:59:593 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0 19:45:59:593 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F 19:45:59:593 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F 19:45:59:593 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2 19:45:59:593 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB 19:45:59:593 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28 19:45:59:593 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2 19:45:59:593 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82 19:45:59:593 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E 19:45:59:593 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:593 1576 TDL3_FileDetect: Processing driver: Disk 19:45:59:593 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:593 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:593 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 19:45:59:593 1576 19:45:59:593 1576 DetectCureTDL3: DEVICE_OBJECT: 87137C68 19:45:59:593 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87137C68 19:45:59:593 1576 KLMD_ReadMem: Trying to ReadMemory 0x87137C68[0x38] 19:45:59:593 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08 19:45:59:593 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8] 19:45:59:593 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18] 19:45:59:593 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 19:45:59:593 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0 19:45:59:593 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0 19:45:59:593 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F 19:45:59:593 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F 19:45:59:593 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2 19:45:59:593 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB 19:45:59:593 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28 19:45:59:593 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2 19:45:59:593 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82 19:45:59:593 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E 19:45:59:593 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:593 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:593 1576 TDL3_FileDetect: Processing driver: Disk 19:45:59:593 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:593 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys 19:45:59:625 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean 19:45:59:625 1576 19:45:59:625 1576 DetectCureTDL3: DEVICE_OBJECT: 871D0AB8 19:45:59:625 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 871D0AB8 19:45:59:625 1576 DetectCureTDL3: DEVICE_OBJECT: 871D4B00 19:45:59:625 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 871D4B00 19:45:59:625 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D4B00[0x38] 19:45:59:625 1576 DetectCureTDL3: DRIVER_OBJECT: 8713EB60 19:45:59:625 1576 KLMD_ReadMem: Trying to ReadMemory 0x8713EB60[0xA8] 19:45:59:625 1576 KLMD_ReadMem: Trying to ReadMemory 0xE18FA8D8[0x1A] 19:45:59:625 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 19:45:59:625 1576 DetectCureTDL3: IrpHandler (0) addr: F73AE6F2 19:45:59:625 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (2) addr: F73AE6F2 19:45:59:625 1576 DetectCureTDL3: IrpHandler (3) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (4) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (9) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (14) addr: F73AE712 19:45:59:625 1576 DetectCureTDL3: IrpHandler (15) addr: F73AA852 19:45:59:625 1576 DetectCureTDL3: IrpHandler (16) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (22) addr: F73AE73C 19:45:59:625 1576 DetectCureTDL3: IrpHandler (23) addr: F73B5336 19:45:59:625 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A 19:45:59:625 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A 19:45:59:625 1576 KLMD_ReadMem: Trying to ReadMemory 0xF73AB864[0x400] 19:45:59:625 1576 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0 19:45:59:625 1576 TDL3_FileDetect: Processing driver: atapi 19:45:59:625 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys 19:45:59:625 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys 19:45:59:671 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean 19:45:59:671 1576 19:45:59:671 1576 Completed 19:45:59:671 1576 19:45:59:671 1576 Results: 19:45:59:671 1576 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 19:45:59:671 1576 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 19:45:59:671 1576 File objects infected / cured / cured on reboot: 0 / 0 / 0 19:45:59:671 1576 19:45:59:875 1576 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000 19:45:59:875 1576 UtilityDeinit: KLMD(ARK) unloaded successfully -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
comme demandé voila le rapport de HijackThis j'attends tes preconisations au besoin peux tu me communiquer les coordonnées te ton pote afin d essayer de regler le probleme de matos Pour le moment je n ai toujours pas de connextion internet merci d avance pr le temps que tu consacre a plus Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:03:41, on 31/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll O4 - HKCU\..\Run: [RegDokFRT] C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.orderingmemory.com/controls/cpcScanner.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe -- End of file - 4787 bytes -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
voila le post du rapport de MBAM merci !!! pour info qd je vais ds le gestionnaire de peripheriques j ai rien comme matos... lol donc meme pas possible de les effacer!!! Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3510 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 31/01/2010 18:38:51 mbam-log-2010-01-31 (18-38-51).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 207707 Temps écoulé: 56 minute(s), 8 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 7 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\123456295511\Combo-Fix.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{484B78C8-6FEB-4DC4-9EC7-C5D1D799F32A}\RP1\A0000059.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{484B78C8-6FEB-4DC4-9EC7-C5D1D799F32A}\RP1\A0000124.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{484B78C8-6FEB-4DC4-9EC7-C5D1D799F32A}\RP1\A0000192.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{484B78C8-6FEB-4DC4-9EC7-C5D1D799F32A}\RP1\A0000348.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{484B78C8-6FEB-4DC4-9EC7-C5D1D799F32A}\RP2\A0000505.exe (Rogue.AntivirusDoktor) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\AVP 2009\1.dat (Malware.Trace) -> Quarantined and deleted successfully. -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
merci de ta reponse pr le matos mais pr le moment je n'ai pas reussi a reconditionner mas connexion intenet donc j'ai compris le message pour mon empressement et je m en excuse je vais laisser MBAM faire le scan complet qui dure qui dure... lol et je reviens vers toi ensuite et on va essayer ( surtout avec ton aide) de reconfigurer pas à pas merci de ta patience en tout cas... -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
pr le moment MBAM effectue un scan et cela dure depuis plus de 45 minutes je poste des que possible les rapports demandés encore merci de votre aide bonne soiree a plus -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
pour le moment je vais effectuer MBAM mais je reviens a ma connexion internet impossible de la restaure et visiblment il reconnais plus ma carte reseau ma carte son.... et c est qu un premier constat lol c est grave docteur -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
visiblement je n ai plus de materiel de reconnu ni ma carte son ni ma carte reseau ni mon imprimante .... dur dur -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
voila le rapport -- Report -- . D:\Guide\PanaVue ImageAssembler v3.5 Enterprise Multilingual Retail Incl Keymaker by ZWT.zip | patch.exe <-- DELETED . -- EOF -- visibement DELETED !!! que faire ensuite?? notamment pr retrouver les applications comme avt car pr le mment toujours pas de connexion internet excuse moi si suis impatient -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
voila je viens de faire un zip scan voila le resultat et d apres ce que tu viens de me dire sur la facon de se faire infecter... c est lui le coupable lol????? -- Report -- . D:\Guide\PanaVue ImageAssembler v3.5 Enterprise Multilingual Retail Incl Keymaker by ZWT.zip | patch.exe <-- FOUND . -- EOF -- -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
ok merci pr les renseignements pr le moment norton semble fonctionner voila le rapport que tu m avais demande avt je m empresse de telecharger le scan comme tu me le demande je reviens vers toi ensuite merci a plus et je suis preneur pr une autre solution anti virus lol le moment venu Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:23:09, on 31/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll O4 - HKCU\..\Run: [RegDokFRT] C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.orderingmemory.com/controls/cpcScanner.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe -- End of file - 4753 bytes -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
juste avt ton message j ai poste ce que tu m a demande ^ pour le reste... je suis en train..... de faire ce qur tu me demande merci a+ -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
voila le rapport de findykill ############################## | FindyKill V5.028 | # User : utilisateur () # USER-02081FBA89 # Update on 26/01/2010 by El Desaparecido # Start at: 15:54:33 | 31/01/2010 # Website : http://pagesperso-orange.fr/NosTools/index.html # Contact : FindyKill.Contact@gmail.com # AMD Athlon 64 Processor 3400+ # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3 # Internet Explorer 8.0.6001.18702 # Windows Firewall Status : Enabled # AV : Norton Internet Security 17.5.0.127 [ (!) Disabled | Updated ] # FW : Norton Internet Security[ Enabled ]17.5.0.127 # A:\ # Lecteur de disquettes 3 ½ pouces # C:\ # Disque fixe local # 78,13 Go (29,06 Go free) # NTFS # D:\ # Disque fixe local # 108,18 Go (50,4 Go free) # NTFS # F:\ # Disque amovible # G:\ # Disque amovible # H:\ # Disque amovible # I:\ # Disque CD-ROM # J:\ # Disque amovible # K:\ # Disque amovible ############################## | Processus actifs | C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\logonui.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE ################## | C: | ################## | C:\WINDOWS | ################## | C:\WINDOWS\Prefetch | ################## | C:\WINDOWS\system32 | ################## | C:\WINDOWS\system32\drivers | ################## | C:\Documents and Settings\utilisateur\Application Data | Supprimé ! C:\Documents and Settings\utilisateur\Application Data\drivers ################## | Autres suppressions ... | ################## | Zip File ... | ################## | Temporary Internet Files | ################## | Registre | Supprimé ! [HKLM\SYSTEM\ControlSet001\Services\sK9Ou0s] Supprimé ! [HKLM\SYSTEM\ControlSet001\Services\srosa] Supprimé ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S] Supprimé ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA] Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\patch] Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro] ################## | Etat | # Mode sans echec : OK # Affichage des fichiers cachés : OK # Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 ) # EapHost -> Start = 2 ( Good = 2 | Bad = 4 ) # Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 ) # SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 ) # wuauserv -> Start = 2 ( Good = 2 | Bad = 4 ) # wscsvc -> Start = 2 ( Good = 2 | Bad = 4 ) ################## | PEH | Corrompu : C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [Offset = 000000FC - Valeur = 0x0001] Corrompu : C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [Offset = 0000011C - Valeur = 0x0001] Corrompu : C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE [Offset = 0000011C - Valeur = 0x0001] Corrompu : C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [Offset = 00000134 - Valeur = 0x0001] Corrompu : C:\WINDOWS\SoftwareDistribution\Download\f83b9e65e848a33e802c86bb8999c36b\update\update.exe [Offset = 000000EC - Valeur = 0x0001] Tentative de réparation... Sauvegarde : update.exe.REN [Offset = 000000EC - Nouvelle valeur = 0x4C01] Fichier réparé avec succès. ################## | ! Fin du rapport # FindyKill V5.028 ! | merci a+ -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
ok je fais ce que tu dis... merci de donner de ton temps par ailleurs tu dis qu on sait comment on attrappe ce genre de virus?? et comment se fait il que mon anti virus n ai pas detecte cela? merci de ta reponse -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
oui j ai tjrs combo fix j y ai mis l application en plus pr la console de windows voila le rapport de findykill ############################## | FindyKill V5.028 | # User : utilisateur () # USER-02081FBA89 # Update on 26/01/2010 by El Desaparecido # Start at: 15:15:24 | 31/01/2010 # Website : http://pagesperso-orange.fr/NosTools/index.html # Contact : FindyKill.Contact@gmail.com # AMD Athlon 64 Processor 3400+ # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3 # Internet Explorer 8.0.6001.18702 # Windows Firewall Status : Enabled # AV : Norton Internet Security 17.5.0.127 [ (!) Disabled | Updated ] # FW : Norton Internet Security[ Enabled ]17.5.0.127 # A:\ # Lecteur de disquettes 3 ½ pouces # C:\ # Disque fixe local # 78,13 Go (28,68 Go free) # NTFS # D:\ # Disque fixe local # 108,18 Go (50,4 Go free) # NTFS # E:\ # Disque amovible # 1,89 Go (478,69 Mo free) [uDISK] # FAT32 # F:\ # Disque amovible # G:\ # Disque amovible # H:\ # Disque amovible # I:\ # Disque CD-ROM # J:\ # Disque amovible # K:\ # Disque amovible ############################## | Processus actifs | C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe ################## | C: | ################## | C:\WINDOWS | ################## | C:\WINDOWS\Prefetch | ################## | C:\WINDOWS\system32 | ################## | C:\WINDOWS\system32\drivers | ################## | C:\Documents and Settings\utilisateur\Application Data | C:\Documents and Settings\utilisateur\Application Data\drivers ################## | Zip File ... | ################## | Temporary Internet Files | ################## | Registre | [HKLM\SYSTEM\ControlSet001\Services\sK9Ou0s] [HKLM\SYSTEM\ControlSet001\Services\srosa] [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S] [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA] [HKCU\Software\Local AppWizard-Generated Applications\patch] [HKCU\Software\Local AppWizard-Generated Applications\winupgro] [HKU\S-1-5-21-725345543-1614895754-2146997909-1004\Software\Local AppWizard-Generated Applications\patch] [HKU\S-1-5-21-725345543-1614895754-2146997909-1004\Software\Local AppWizard-Generated Applications\winupgro] ################## | Etat | # Affichage des fichiers cachés : OK # Mode sans echec : OK # (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 ) # (!) EapHost -> Start = 4 ( Good = 2 | Bad = 4 ) # (!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 ) # SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 ) # wuauserv -> Start = 2 ( Good = 2 | Bad = 4 ) # wscsvc -> Start = 2 ( Good = 2 | Bad = 4 ) ################## | ! Fin du rapport # FindyKill V5.028 ! | -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
oui j ai tjrs combo fix j y ai mis l application en plus pr la console de windows -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
les degats en ce moment?? plus de connexion internet ( heureusement j ai un portable) plus de carte son visiblement plus de detection d imprimante... la merde quoi... -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a répondu à un(e) sujet de laurentludo dans Analyses et éradication malwares
merci de me venir à l'aide apollo j ai le pack trois par ailleurs je viens de faire un scan avec un autre outil ... findykill car je n y connais ps grd chose et je suis assez en colere et impatient de me debarasser de cette ........ bipppppp -
[Résolu] PC infecté par le virus Winupgro.exe
laurentludo a posté un sujet dans Analyses et éradication malwares
bonjour a tous visiblement j ai un super virus tres embetant ... que vs connaissez certainement win up gro exe le fameux W32 BEAGLE. EB Apres quelques recherches sur les forum j ai telechargé COMBO FIX et voila le rapport merci d'avance a qui peux m'aider ComboFix 10-01-30.05 - utilisateur 31/01/2010 12:51:46.2.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.612 [GMT 1:00] Lancé depuis: c:\documents and settings\utilisateur\Bureau\123456.exe AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Bureau\Registry Doktor 4.1.lnk c:\windows\system32\MSVolumeRDFr.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-28 au 2010-01-31 )))))))))))))))))))))))))))))))))))) . 2010-01-31 11:44 . 2010-01-31 11:49 -------- d-----w- c:\documents and settings\All Users\AVP 2009 2010-01-31 11:44 . 2010-01-31 11:44 -------- d-----w- c:\program files\RegistryDoktor 4.1 2010-01-29 22:32 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100128.002\Scxpx86.dll 2010-01-29 22:32 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100128.002\IDSvix86.sys 2010-01-29 22:32 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100128.002\IDSXpx86.sys 2010-01-29 22:32 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100128.002\IDSxpx86.dll 2010-01-29 22:32 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100128.002\IDSviA64.sys 2010-01-29 18:28 . 2009-08-29 09:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100129.006\NAVENG.SYS 2010-01-29 18:28 . 2009-08-29 09:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100129.006\NAVENG32.DLL 2010-01-29 18:28 . 2009-08-29 09:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100129.006\NAVEX32A.DLL 2010-01-29 18:28 . 2009-08-29 09:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100129.006\NAVEX15.SYS 2010-01-29 18:28 . 2009-12-09 22:58 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100129.006\CCERASER.DLL 2010-01-29 18:28 . 2009-10-30 15:21 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100129.006\ECMSVR32.DLL 2010-01-29 18:28 . 2009-08-29 09:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100129.006\EECTRL.SYS 2010-01-29 18:28 . 2009-08-29 09:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100129.006\ERASER.SYS 2010-01-28 19:56 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100125.001\IDSvix86.sys 2010-01-28 19:56 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100125.001\IDSXpx86.sys 2010-01-28 19:56 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100125.001\Scxpx86.dll 2010-01-28 19:56 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100125.001\IDSxpx86.dll 2010-01-28 19:56 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100125.001\IDSviA64.sys 2010-01-28 19:55 . 2009-12-05 04:54 529456 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100128.001\BHDrvx86.sys 2010-01-28 19:55 . 2009-12-05 04:54 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100128.001\BHRules.dll 2010-01-28 19:55 . 2009-12-05 04:54 1405840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100128.001\BHEngine.dll 2010-01-28 19:55 . 2009-12-05 04:54 668720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100128.001\BHDrvx64.sys 2010-01-28 19:55 . 2009-12-05 04:54 610704 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100128.001\bbRGen.dll 2010-01-28 19:50 . 2010-01-28 19:50 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Norton Utilities 14 2010-01-28 19:15 . 2010-01-31 10:04 -------- d-----w- c:\program files\Norton Utilities 14 2010-01-27 20:12 . 2010-01-27 20:12 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Windows Desktop Search 2010-01-27 20:12 . 2010-01-27 20:12 -------- d-----w- c:\program files\Windows Desktop Search 2010-01-27 20:12 . 2010-01-27 20:12 -------- d-----w- c:\windows\system32\GroupPolicy 2010-01-27 19:28 . 2010-01-27 19:28 74730 ----a-w- c:\windows\Désinstaller reparermsn.exe 2010-01-26 19:18 . 2010-01-26 19:35 -------- d-----w- c:\documents and settings\utilisateur\Application Data\PanoramaStudio2Pro 2010-01-26 19:18 . 2010-01-26 19:18 -------- d-----w- c:\program files\PanoramaStudio2Pro 2010-01-25 19:07 . 2010-01-31 11:07 -------- d--h--w- c:\documents and settings\utilisateur\Application Data\drivers 2010-01-25 12:07 . 2010-01-25 12:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-01-25 12:03 . 2010-01-25 12:05 -------- d-----w- c:\documents and settings\utilisateur\Local Settings\Application Data\Temp 2010-01-24 23:22 . 2010-01-24 23:22 -------- d-sh--w- c:\documents and settings\utilisateur\IECompatCache 2010-01-23 19:50 . 2010-01-23 19:50 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-01-23 19:48 . 2010-01-23 19:48 -------- d-sh--w- c:\documents and settings\utilisateur\PrivacIE 2010-01-23 19:46 . 2010-01-23 19:46 -------- d-sh--w- c:\documents and settings\utilisateur\IETldCache 2010-01-23 19:26 . 2010-01-23 19:26 -------- d--h--w- c:\windows\msdownld.tmp 2010-01-23 19:22 . 2010-01-25 02:01 -------- d-----w- c:\windows\ie8updates 2010-01-23 19:18 . 2010-01-23 19:19 -------- dc-h--w- c:\windows\ie8 2010-01-23 19:14 . 2009-12-21 19:06 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-01-23 19:14 . 2009-12-21 19:07 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-01-23 19:12 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-01-20 00:10 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100119.001\Scxpx86.dll 2010-01-20 00:10 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100119.001\IDSvix86.sys 2010-01-20 00:10 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100119.001\IDSXpx86.sys 2010-01-20 00:10 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100119.001\IDSxpx86.dll 2010-01-20 00:10 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100119.001\IDSviA64.sys 2010-01-18 17:31 . 2010-01-18 17:31 -------- d-----w- c:\program files\iPod 2010-01-18 17:31 . 2010-01-18 17:32 -------- d-----w- c:\program files\iTunes 2010-01-18 17:31 . 2010-01-18 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-01-18 17:27 . 2010-01-18 17:29 -------- d-----w- c:\program files\QuickTime 2010-01-13 07:33 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-01-10 11:55 . 2010-01-10 11:55 -------- d-----w- c:\documents and settings\utilisateur\Local Settings\Application Data\PanaVue 2010-01-10 11:52 . 2010-01-10 11:52 -------- d-----w- c:\program files\PanaVue 2010-01-03 00:57 . 2010-01-28 18:06 -------- d-----w- c:\documents and settings\utilisateur\Application Data\vlc 2010-01-02 20:44 . 2010-01-02 20:44 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Panasonic 2010-01-02 20:44 . 2010-01-02 20:44 -------- d-----w- C:\MC_TMP 2010-01-02 20:38 . 2010-01-02 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Panasonic 2010-01-02 20:27 . 2006-02-20 18:17 33408 ----a-w- c:\windows\system32\drivers\cdrbsdrv.sys 2010-01-02 20:27 . 2007-06-15 11:57 59488 ----a-w- c:\windows\system32\GenSvcInst.exe 2010-01-02 20:27 . 2007-06-15 11:57 145504 ----a-w- c:\windows\system32\bgsvcgen.exe 2010-01-02 20:26 . 2010-01-02 20:26 -------- d-----w- c:\program files\Fichiers communs\Panasonic 2010-01-02 20:26 . 2010-01-02 20:26 -------- d-----w- c:\program files\Panasonic . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-31 11:16 . 2004-08-05 12:00 93648 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-31 11:16 . 2004-08-05 12:00 533246 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-31 10:54 . 2008-08-24 15:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-30 15:15 . 2008-05-22 05:09 -------- d-----w- c:\documents and settings\utilisateur\Application Data\OpenOffice.org2 2010-01-30 15:15 . 2008-05-22 05:09 1 ----a-w- c:\documents and settings\utilisateur\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2010-01-30 07:45 . 2009-05-14 05:26 -------- d-----w- c:\program files\SPAMfighter 2010-01-25 12:06 . 2008-05-25 16:17 -------- d-----w- c:\program files\Google 2010-01-25 09:27 . 2008-09-29 05:20 -------- d-----w- c:\documents and settings\utilisateur\Application Data\dvdcss 2010-01-23 19:27 . 2009-09-09 18:19 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Apple Computer 2010-01-18 17:31 . 2009-09-09 18:14 -------- d-----w- c:\program files\Fichiers communs\Apple 2010-01-02 20:26 . 2008-05-25 21:14 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-24 17:36 . 2008-06-01 14:55 -------- d-----w- c:\program files\Free Easy Burner 2009-12-23 17:48 . 2009-12-22 23:39 -------- d-----w- c:\program files\Movavi Video Editor 5 2009-12-23 14:08 . 2009-12-23 14:08 -------- d-----w- c:\documents and settings\utilisateur\Application Data\MOVAVI 2009-12-21 19:07 . 2004-08-05 12:00 916480 ------w- c:\windows\system32\wininet.dll 2009-12-11 10:33 . 2009-12-11 10:33 -------- d-----w- c:\program files\PIXELA 2009-12-11 09:48 . 2009-10-14 18:48 -------- d-----w- c:\program files\FACTOURE 2009-12-10 03:16 . 2009-10-30 15:13 784752 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll 2009-12-06 16:48 . 2009-12-06 16:48 20299200 ----a-w- c:\documents and settings\utilisateur\Application Data\TomTom\HOME\Profiles\9lxmd17c.default\Updates\v2_7_3_1894_win.exe 2009-11-21 15:58 . 2004-08-05 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-12 16:07 . 2009-11-12 16:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-11-06 08:38 . 2008-05-07 16:53 45912 ----a-w- c:\documents and settings\utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-11-25 17:41 . 2008-11-25 17:41 23 --sha-w- c:\windows\system32\dbcdafdf_g.dll . ((((((((((((((((((((((((((((( SnapShot@2010-01-31_11.12.17 ))))))))))))))))))))))))))))))))))))))))) . + 2010-01-31 11:36 . 2010-01-31 11:36 16384 c:\windows\Temp\Perflib_Perfdata_3c0.dat + 2004-08-05 12:00 . 2010-01-31 11:16 71196 c:\windows\system32\perfc009.dat - 2004-08-05 12:00 . 2010-01-27 22:31 71196 c:\windows\system32\perfc009.dat + 2004-08-05 12:00 . 2010-01-31 11:16 441260 c:\windows\system32\perfh009.dat - 2004-08-05 12:00 . 2010-01-27 22:31 441260 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] 2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RegDokFRT"="c:\program files\RegistryDoktor 4.1\RegistryDoktor.exe" [2010-01-29 14445664] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk] backup=c:\windows\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HD Writer AE.lnk] backup=c:\windows\pss\HD Writer AE.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rupsmon Daemon.lnk] backup=c:\windows\pss\Rupsmon Daemon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin710.exe.lnk] backup=c:\windows\pss\TrayMin710.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk] backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^utilisateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk] backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-09-20 13:35 202024 ----a-w- c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 02:33 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig] 2008-04-14 02:34 172544 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-09-20 07:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 ----a-w- c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NIS] 2010-01-28 19:02 726912 ----a-w- c:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\17.0.0.136\InstStub.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonUtilities] 2009-09-23 09:15 4105576 ----a-w- c:\program files\Norton Utilities 14\nu.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-09-17 22:55 13574144 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-09-17 22:55 86016 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2008-09-17 22:55 1657376 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phc710] 2005-07-20 17:56 339968 ----a-w- c:\windows\vphc700.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2005-05-17 16:48 77824 ----a-w- c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent] 2009-03-12 08:43 326792 ----a-w- c:\program files\SPAMfighter\SFAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-06-10 02:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng] 2010-01-26 20:38 583048 ----a-w- c:\program files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2008-11-09 08:16 185872 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2009-08-27 15:05 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "xmlprov"=3 (0x3) "WZCSVC"=2 (0x2) "WudfSvc"=3 (0x3) "WSearch"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "WmiApSrv"=3 (0x3) "WmdmPmSN"=3 (0x3) "WLSetupSvc"=3 (0x3) "winmgmt"=2 (0x2) "WebClient"=2 (0x2) "W32Time"=2 (0x2) "VSS"=3 (0x3) "USBMate"=2 (0x2) "UPS"=3 (0x3) "upnphost"=3 (0x3) "TrkWks"=2 (0x2) "TomTomHOMEService"=2 (0x2) "Themes"=2 (0x2) "TermService"=3 (0x3) "TapiSrv"=3 (0x3) "SysmonLog"=3 (0x3) "SwPrv"=3 (0x3) "stisvc"=2 (0x2) "SSDPSRV"=3 (0x3) "srservice"=2 (0x2) "Spooler"=2 (0x2) "SPAMfighter Update Service"=2 (0x2) "SLService"=2 (0x2) "ShellHWDetection"=2 (0x2) "SENS"=2 (0x2) "seclogon"=2 (0x2) "Schedule"=2 (0x2) "SCardSvr"=3 (0x3) "SamSs"=2 (0x2) "Rupsmon"=2 (0x2) "RSVP"=3 (0x3) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "ProtectedStorage"=2 (0x2) "PolicyAgent"=2 (0x2) "Pml Driver HPZ12"=2 (0x2) "PlugPlay"=2 (0x2) "Planificateur LiveUpdate automatique"=2 (0x2) "NVSvc"=2 (0x2) "NtmsSvc"=3 (0x3) "NtLmSsp"=3 (0x3) "NMIndexingService"=3 (0x3) "Nla"=3 (0x3) "NIS"=2 (0x2) "Netman"=3 (0x3) "Netlogon"=3 (0x3) "Nero BackItUp Scheduler 3"=2 (0x2) "napagent"=3 (0x3) "MSIServer"=3 (0x3) "MSDTC"=3 (0x3) "mnmsrvc"=3 (0x3) "MioNet"=2 (0x2) "LmHosts"=2 (0x2) "LiveUpdate Notice Service"=2 (0x2) "LiveUpdate Notice Ex"=2 (0x2) "LiveUpdate"=3 (0x3) "lanmanworkstation"=2 (0x2) "lanmanserver"=2 (0x2) "iPod Service"=3 (0x3) "ImapiService"=3 (0x3) "idsvc"=3 (0x3) "IDriverT"=3 (0x3) "HTTPFilter"=3 (0x3) "hkmsvc"=3 (0x3) "helpsvc"=2 (0x2) "gusvc"=3 (0x3) "gupdate"=2 (0x2) "FontCache3.0.0.0"=3 (0x3) "FastUserSwitchingCompatibility"=3 (0x3) "EventSystem"=3 (0x3) "Eventlog"=2 (0x2) "ERSvc"=2 (0x2) "EapHost"=3 (0x3) "Dot3svc"=3 (0x3) "Dnscache"=2 (0x2) "dmserver"=3 (0x3) "dmadmin"=3 (0x3) "Dhcp"=2 (0x2) "CryptSvc"=2 (0x2) "COMSysApp"=3 (0x3) "clr_optimization_v2.0.50727_32"=3 (0x3) "CiSvc"=3 (0x3) "Browser"=2 (0x2) "Bonjour Service"=2 (0x2) "BITS"=2 (0x2) "bgsvcgen"=2 (0x2) "AudioSrv"=2 (0x2) "aspnet_state"=3 (0x3) "AppMgmt"=3 (0x3) "Apple Mobile Device"=2 (0x2) "ALG"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1700:TCP"= 1700:TCP:MioNet Remote Drive Access "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1105000.07F\symds.sys [21/01/2010 22:18 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1105000.07F\symefa.sys [21/01/2010 22:18 172592] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100128.001\BHDrvx86.sys [28/01/2010 20:55 529456] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1105000.07F\cchpx86.sys [21/01/2010 22:18 501888] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1105000.07F\ironx86.sys [21/01/2010 22:18 116272] R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe [21/01/2010 22:17 126392] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/01/2010 02:28 102448] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100128.002\IDSXpx86.sys [29/01/2010 23:32 329592] S2 turtqmps;turtqmps;\??\c:\windows\system32\drivers\turtqmps.sys --> c:\windows\system32\drivers\turtqmps.sys [?] S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [03/05/2005 10:25 710144] S3 phc700;USB PC Camera (phc710);c:\windows\system32\drivers\phc700.sys [19/09/2008 12:46 541568] S3 PIXMC10;JVC Communication PIX-MC10 Driver;c:\windows\system32\drivers\pixmc10c.sys [11/12/2009 11:48 31232] S3 PIXMC10A;JVC PIX-MC10 Audio Capture;c:\windows\system32\drivers\pixmc10a.sys [11/12/2009 11:49 28060] S3 PIXMC10V;JVC PIX-MC10 Video Capture;c:\windows\system32\drivers\pixmc10v.sys [11/12/2009 11:49 22652] S4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21/06/2009 00:10 133104] S4 MioNet;MioNet Service;c:\program files\MioNet\MioNetManager.exe [15/07/2005 21:38 139264] S4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12/03/2009 09:44 184968] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 16:05 92008] . Contenu du dossier 'Tâches planifiées' 2010-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 23:10] 2010-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 23:10] 2010-01-30 c:\windows\Tasks\User_Feed_Synchronization-{4E5C5605-7896-431B-B778-E257854C9F67}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-31 12:59 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(544) c:\windows\system32\sirenacm.dll . Heure de fin: 2010-01-31 13:01:54 ComboFix-quarantined-files.txt 2010-01-31 12:01 ComboFix2.txt 2010-01-31 11:16 Avant-CF: 30 824 792 064 octets libres Après-CF: 30 781 423 616 octets libres - - End Of File - - 9610BDF6430DA93ED3607DAAC85C09B0 j attends vos solutions...