Re- Malware defense

[TitWawa]

Voilà le rapport d'HijackThis! Merci de m'aider dans ma démarche.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:21:56, on 28/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duxet.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S19B.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\richtx64.exe

O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

 

--

End of file - 7031 bytes

[Apollo]

Bonsoir,

 

J'imagine que tu as déjà tenté l'analyse avec MBAM?

 

S'il ne se lance pas, fais ceci:

 

ComboFix ne doit pas être utilisé comme un outil de diagnostic, il ne doit être employé que sur demande expresse d'un conseiller formé à cet outil et sous son contrôle. Cet outil peut être dangereux!

 

Désactiver les protections (antivirus, firewall, antispyware).

 

Connecter les supports amovibles (clé usb et autres) avant de procéder.

 

TUTO Officiel

 

Fais un clic droit ICI

• Dans le menu qui se déroule, choisis "Enregistrer la cible du lien sous" (si tu utilises Firefox) et "Enregistrer la cible sous" (si tu utilises Internet Explorer)
  
• Une fenêtre va s'ouvrir: dans le champs Nom du fichier (en bas ), tape ceci > bardaf01
  
• On va enregistrer ce fichier sur le Bureau: pour cela, sur le panneau de gauche, clique sur le Bureau.
   
  
• Clique enfin sur le bouton Enregistrer en bas de page à droite.
  
• Assure toi que tous les programmes sont fermés avant de lancer le fix!
  
• Fait un double clique sur bardaf01.
  
• Si la console de récupération n'est pas installée sur un XP, ComboFix va proposer de l'installer: Accepte!
  
• Clique sur Oui au message de Limitation de Garantie qui s'affiche.
  
• Il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sure: accepte!
  
• Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !
  
• Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message.
  

 

Si tu perds la connexion après le passage de ComboFix, voici comment la réparer ICI.

 

NB: Si malgré tout, tu ne parviens pas à réparer la connexion, lis ce sujet stp.

 

 

 

@++

[TitWawa]

Voici le rapport.

 

ComboFix 09-12-27.04 - HP_Propriétaire 28/12/2009 23:46:06.1.1 - x86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.958.579 [GMT 1:00]

Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\bardaf01.exe

.

Les fichiers ci-dessous ont été désactivés pendant l'exécution:

c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

 

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\docume~1\HP_PRO~1\LOCALS~1\Temp\wscsvc32.exe

c:\documents and settings\All Star\RavMonLog

c:\documents and settings\HP_Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareXP2009.lnk

c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\uekrhhd.dat

c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\uekrhhd_nav.dat

c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\uekrhhd_navps.dat

c:\program files\AntiSpywareXP2009

c:\program files\AntiSpywareXP2009\data\daily.cvd

c:\program files\AntiSpywareXP2009\htmlayout.dll

c:\program files\AntiSpywareXP2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest

c:\program files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcm80.dll

c:\program files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcp80.dll

c:\program files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcr80.dll

c:\program files\AntiSpywareXP2009\pthreadVC2.dll

c:\program files\BChanger

c:\program files\BChanger\data.dat

c:\program files\BChanger\Uninstall.exe

c:\program files\CPV

c:\program files\Eroca

c:\program files\GrandPack

c:\program files\Insider

c:\program files\Insider\Insider.exe

c:\program files\Insider\UnInstall.exe

c:\program files\Mozilla Firefox\Components\9e06dd49-1aea-e964-da63-58b3b4292f18.dll

c:\program files\NoDNS

c:\program files\NoDNS\UnInstall.exe

c:\program files\nvcoi

c:\program files\nvcoi\mst.stt

c:\program files\RcvSystem

c:\program files\smbols~1

c:\program files\Temporary

c:\program files\WinAble

c:\program files\Words

c:\program files\Words\script.txt

c:\recycler\S-1-5-21-4141595813-2295377448-1625402431-1008

c:\recycler\S-1-5-21-4141595813-2295377448-1625402431-1009

c:\recycler\S-1-5-21-958653642-812838196-4078779400-1008

c:\windows\cookies.ini

c:\windows\ssembl~1

c:\windows\system32\drivers\H8SRTabrsnvmyrj.sys

c:\windows\system32\H8SRTkylqxmtyqj.dll

c:\windows\system32\H8SRTpyuvndqemu.dat

c:\windows\system32\H8SRTwbejxuxnmb.dll

c:\windows\system32\krl32mainweq.dll

c:\windows\system32\ps2.bat

c:\windows\system32\srcr.dat

D:\Autorun.inf

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_H8SRTd.sys

-------\Service_H8SRTd.sys

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-11-28 au 2009-12-28 ))))))))))))))))))))))))))))))))))))

.

 

2009-12-28 21:26 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-28 21:26 . 2009-12-28 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-12-28 21:26 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-28 20:39 . 2009-12-28 20:39 -------- d-----w- c:\program files\Enigma Software Group

2009-12-28 20:32 . 2009-12-28 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-27 18:49 . 2009-12-27 18:49 -------- d-----w- c:\windows\system32\drivers\NSS

2009-12-27 18:49 . 2009-12-27 18:49 -------- d-----w- c:\program files\Norton Security Scan

2009-12-27 18:49 . 2009-12-27 18:49 -------- d-----w- c:\program files\NortonInstaller

2009-12-27 15:49 . 2009-12-27 15:49 -------- d-----w- c:\program files\Fichiers communs\DivX Shared

2009-12-27 14:11 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-12-26 22:21 . 2009-12-26 22:21 -------- d-----w- C:\SystemRoot

2009-12-26 22:20 . 2009-12-26 22:20 -------- d-----w- c:\windows\Hewlett-Packard

2009-12-26 14:13 . 2009-12-26 14:13 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-11 18:56 . 2009-12-11 18:58 -------- d-----w- c:\program files\Windows Live Safety Center

2009-12-09 14:18 . 2009-12-09 14:24 -------- d-----w- c:\program files\Warrior Epic

2009-12-04 18:20 . 2006-08-10 01:02 75264 ----a-w- c:\windows\system32\E_FLBBEE.DLL

2009-12-04 18:20 . 2006-04-19 01:00 62976 ----a-w- c:\windows\system32\E_FD4BBEE.DLL

2009-12-04 18:20 . 2004-09-10 19:12 49152 ----a-w- c:\windows\system32\E_DCINST.DLL

2009-12-04 18:19 . 2009-12-04 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON

2009-12-04 13:49 . 2009-12-04 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2009-12-04 09:31 . 2004-08-04 21:00 1677824 ----a-w- c:\windows\system32\chsbrkr.dll

2009-12-04 09:31 . 2004-08-04 21:00 98304 ----a-w- c:\windows\system32\msir3jp.dll

2009-12-04 09:31 . 2004-08-04 21:00 838144 ----a-w- c:\windows\system32\chtbrkr.dll

2009-12-04 09:31 . 2004-08-04 21:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll

2009-12-04 09:30 . 2004-08-04 21:00 218112 ----a-w- c:\windows\system32\c_g18030.dll

2009-12-04 09:30 . 2004-08-04 21:00 6144 ----a-w- c:\windows\system32\kbd101a.dll

2009-12-04 09:30 . 2004-08-04 21:00 6144 ----a-w- c:\windows\system32\kbdlk41j.dll

2009-12-04 09:30 . 2004-08-04 21:00 9216 ----a-w- c:\windows\system32\kbdnecAT.dll

2009-12-04 09:30 . 2004-08-04 21:00 7680 ----a-w- c:\windows\system32\kbdnecNT.dll

2009-12-04 09:30 . 2004-08-04 21:00 7168 ----a-w- c:\windows\system32\kbdnec95.dll

2009-12-04 09:30 . 2004-08-04 21:00 7168 ----a-w- c:\windows\system32\f3ahvoas.dll

2009-12-04 09:30 . 2004-08-04 21:00 6656 ----a-w- c:\windows\system32\kbdlk41a.dll

2009-12-04 09:30 . 2004-08-04 21:00 7168 ----a-w- c:\windows\system32\kbdibm02.dll

2009-12-04 09:30 . 2004-08-04 21:00 6144 ----a-w- c:\windows\system32\kbdax2.dll

2009-12-04 09:30 . 2004-08-04 21:00 6144 ----a-w- c:\windows\system32\kbd106n.dll

2009-12-04 09:30 . 2004-08-04 21:00 6144 ----a-w- c:\windows\system32\kbd101.dll

2009-12-04 09:29 . 2004-08-04 21:00 6656 ----a-w- c:\windows\system32\c_is2022.dll

2009-12-04 09:29 . 2004-08-04 21:00 76288 ----a-w- c:\windows\system32\uniime.dll

2009-12-04 09:29 . 2004-08-04 21:00 811064 ----a-w- c:\windows\system32\imjp81k.dll

2009-12-04 09:29 . 2001-08-23 16:47 8704 ----a-w- c:\windows\system32\kbdjpn.dll

2009-12-04 09:29 . 2001-08-23 16:47 8192 ----a-w- c:\windows\system32\kbdkor.dll

2009-12-04 09:29 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd106.dll

2009-12-04 09:29 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101c.dll

2009-12-04 09:29 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\kbd103.dll

2009-12-04 09:29 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101b.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-28 19:32 . 2007-08-01 16:44 -------- d-----w- c:\program files\Metin2_France

2009-12-27 22:55 . 2008-04-01 10:54 -------- d-----w- c:\program files\Avira

2009-12-27 19:42 . 2005-01-02 01:15 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared

2009-12-27 18:49 . 2009-10-12 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2009-12-27 15:49 . 2007-07-22 12:04 -------- d-----w- c:\program files\DivX

2009-12-26 22:38 . 2004-11-23 14:26 65112 ----a-w- c:\windows\system32\perfc00C.dat

2009-12-26 22:38 . 2004-11-23 14:26 447780 ----a-w- c:\windows\system32\perfh00C.dat

2009-12-26 22:36 . 2007-03-10 20:01 -------- d-----w- c:\program files\WinAVI MP4 Converter

2009-12-26 22:32 . 2007-03-02 18:45 -------- d-----w- c:\program files\Cyanide

2009-12-26 22:30 . 2007-03-10 19:57 -------- d-----w- c:\program files\3GP Converter 2007

2009-12-26 22:21 . 2005-01-02 00:44 -------- d-----w- c:\program files\HP

2009-12-26 22:21 . 2005-01-02 00:59 -------- d-----w- c:\program files\Hewlett-Packard

2009-12-21 18:05 . 2009-11-22 16:26 -------- d-----w- c:\program files\RevolutionMT2

2009-12-18 22:17 . 2009-11-17 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2009-11-19 19:44 . 2009-11-19 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-11-19 19:44 . 2008-10-17 15:45 -------- d-----w- c:\program files\iTunes

2009-11-19 19:43 . 2009-11-19 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-11-19 19:40 . 2009-11-19 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2009-11-19 19:39 . 2008-10-17 15:43 -------- d-----w- c:\program files\QuickTime

2009-11-17 19:54 . 2009-11-17 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2009-11-17 19:53 . 2008-07-24 22:55 -------- d-----w- c:\program files\AVG

2009-11-13 15:37 . 2009-11-13 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\HP

2009-11-13 15:35 . 2009-11-13 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Cyberlink

2009-11-01 20:08 . 2009-10-24 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-10-31 18:06 . 2007-08-06 12:27 22 ----a-w- c:\windows\photos01.zip

2009-10-31 16:36 . 2007-08-29 08:45 -------- d-----w- c:\program files\Fichiers communs\Error Safe

2009-10-31 16:30 . 2007-10-25 17:36 -------- d--h--w- c:\program files\Fichiers communs\Carlson

2009-10-29 05:46 . 2004-08-05 11:00 666112 ----a-w- c:\windows\system32\wininet.dll

2009-10-21 06:03 . 2004-08-05 11:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 06:03 . 2004-08-05 11:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 14:58 . 2004-08-05 11:00 263552 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:52 . 2004-08-05 11:00 267776 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:52 . 2004-08-05 11:00 69632 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:52 . 2004-08-05 11:00 113152 ----a-w- c:\windows\system32\rastls.dll

2007-10-29 07:08 . 2007-10-29 07:08 10 ----a-w- c:\program files\.autoreg

2007-10-29 07:08 . 2007-10-29 07:08 69632 ----a-w- c:\program files\mozilla firefox\components\ffwt.dll

2009-01-10 13:03 . 2007-07-22 12:04 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2009-01-10 13:03 . 2007-07-22 12:04 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2009-01-10 13:03 . 2007-07-22 12:04 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2009-01-06 18:03 . 2008-11-19 21:23 654336 ----a-w- c:\program files\mozilla firefox\components\nsadsoftinc.dll

2008-12-29 16:48 . 2009-02-03 11:13 653824 ----a-w- c:\program files\mozilla firefox\components\nsworldadmarketplace.dll

2009-01-10 13:03 . 2007-07-22 12:04 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2009-01-10 13:03 . 2007-07-22 12:04 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

.

 

------- Sigcheck -------

 

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\atapi.sys

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\atapi.sys

[-] 2004-08-05 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys

[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys

 

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\asyncmac.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\asyncmac.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\asyncmac.sys

[-] 2004-08-05 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys

[-] 2004-08-05 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

 

[-] 2004-08-05 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

[-] 2004-08-05 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

 

[-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\kbdclass.sys

[-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\kbdclass.sys

[-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\kbdclass.sys

[-] 2004-08-04 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\kbdclass.sys

[-] 2004-08-03 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2004-08-03 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\kbdclass.sys

 

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ndis.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ndis.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ndis.sys

[-] 2004-08-05 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys

[-] 2004-08-05 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

 

[-] 2004-08-05 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

[-] 2004-08-05 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

 

[-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\browser.dll

[-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\browser.dll

[-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\browser.dll

[-] 2004-08-05 . CE9DC7CC6D75515EE62CA341473EC5F3 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll

[-] 2004-08-05 . CE9DC7CC6D75515EE62CA341473EC5F3 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\browser.dll

 

[-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\lsass.exe

[-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\lsass.exe

[-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\lsass.exe

[-] 2004-08-05 . 9F3744A5C6F49291A7A685040A013399 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

[-] 2004-08-05 . 9F3744A5C6F49291A7A685040A013399 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe

 

[-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\qmgr.dll

[-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\qmgr.dll

[-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\qmgr.dll

[-] 2004-08-05 . 87424817F82CF6A7F55DAC01A20111A3 . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll

[-] 2004-08-05 . 87424817F82CF6A7F55DAC01A20111A3 . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll

 

[-] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\winlogon.exe

[-] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\winlogon.exe

[-] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\winlogon.exe

[-] 2004-08-05 . D2DE785AEAB0BB8CA4C14A8A199DBE4E . 506368 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2004-08-05 . D2DE785AEAB0BB8CA4C14A8A199DBE4E . 506368 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe

 

[-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\cryptsvc.dll

[-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\cryptsvc.dll

[-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\cryptsvc.dll

[-] 2004-08-05 . BDDF3723D95DC28D78B1E93119E0E6AB . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll

[-] 2004-08-05 . BDDF3723D95DC28D78B1E93119E0E6AB . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\cryptsvc.dll

 

[-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\imm32.dll

[-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\imm32.dll

[-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\imm32.dll

[-] 2004-08-05 . 39EE5FAF56260EBB8D77A08F525EBBB4 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll

[-] 2004-08-05 . 39EE5FAF56260EBB8D77A08F525EBBB4 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll

 

[-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\lpk.dll

[-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\lpk.dll

[-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\lpk.dll

[-] 2004-08-05 . 8C97E0E3DAA99659D4F4B44CC1F282A6 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll

[-] 2004-08-05 . 8C97E0E3DAA99659D4F4B44CC1F282A6 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll

 

[-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\msvcrt.dll

[-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\msvcrt.dll

[-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\msvcrt.dll

[-] 2008-04-14 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\asms\70\msft\windows\mswincrt\msvcrt.dll

[-] 2008-04-14 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\asms\70\msft\windows\mswincrt\msvcrt.dll

[-] 2008-04-14 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\asms\70\msft\windows\mswincrt\msvcrt.dll

[-] 2004-08-05 . 351B1AD22FD0EC70D889766E0B4F72ED . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll

[-] 2004-08-05 . 351B1AD22FD0EC70D889766E0B4F72ED . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll

[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL

 

[-] 2009-02-06 . ECD7791E0E9246CA5F218A19F3911EB9 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[-] 2009-02-06 . ECD7791E0E9246CA5F218A19F3911EB9 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll

[-] 2009-02-06 . ECD7791E0E9246CA5F218A19F3911EB9 . 408064 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\97b111600286d152fcefc716b84582eb\sp2qfe\netlogon.dll

[-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\netlogon.dll

[-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\netlogon.dll

[-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\netlogon.dll

[-] 2004-08-05 . FAF07FDCDE76000621A28D19F8E2E8EB . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll

[-] 2004-08-05 . FAF07FDCDE76000621A28D19F8E2E8EB . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll

 

[-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\powrprof.dll

[-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\powrprof.dll

[-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\powrprof.dll

[-] 2004-08-05 . B02E4DDBE0E98F42F3B61292DDB3A104 . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll

[-] 2004-08-05 . B02E4DDBE0E98F42F3B61292DDB3A104 . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll

 

[-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\scecli.dll

[-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\scecli.dll

[-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\scecli.dll

[-] 2004-08-05 . DEC0397F35D027874804EC72979D03CC . 186368 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll

[-] 2004-08-05 . DEC0397F35D027874804EC72979D03CC . 186368 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll

 

[-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\sfc.dll

[-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\sfc.dll

[-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\sfc.dll

[-] 2004-08-05 . 94559DE281DADCB58E6A3919C7EAC0B4 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll

[-] 2004-08-05 . 94559DE281DADCB58E6A3919C7EAC0B4 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll

 

[-] 2008-04-14 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\svchost.exe

[-] 2008-04-14 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\svchost.exe

[-] 2008-04-14 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\svchost.exe

[-] 2004-08-05 . 1BD6C2F707A275CB7C16FD99FE0F31CA . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[-] 2004-08-05 . 1BD6C2F707A275CB7C16FD99FE0F31CA . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe

 

[-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\userinit.exe

[-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\userinit.exe

[-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\userinit.exe

[-] 2004-08-05 . D6D65EA32B190401B57EDB6706F29669 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe

[-] 2004-08-05 . D6D65EA32B190401B57EDB6706F29669 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe

 

[-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ws2_32.dll

[-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ws2_32.dll

[-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ws2_32.dll

[-] 2004-08-05 . BC41F51A39D3B255805FDB759B7814AE . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll

[-] 2004-08-05 . BC41F51A39D3B255805FDB759B7814AE . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll

 

[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\srsvc.dll

[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\srsvc.dll

[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\srsvc.dll

[-] 2004-08-05 . 6469C53F4D16FA6055CCA265BC03DB66 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll

[-] 2004-08-05 . 6469C53F4D16FA6055CCA265BC03DB66 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll

 

[-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\wscntfy.exe

[-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\wscntfy.exe

[-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\wscntfy.exe

[-] 2004-08-05 . 54CDDAD404557ED98433D6ECBFC92691 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2004-08-05 . 54CDDAD404557ED98433D6ECBFC92691 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe

 

[-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\xmlprov.dll

[-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\xmlprov.dll

[-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\xmlprov.dll

[-] 2004-08-05 . 21056AEF44322C3E2DD5391B6AEFA75A . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2004-08-05 . 21056AEF44322C3E2DD5391B6AEFA75A . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll

 

[-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\eventlog.dll

[-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\eventlog.dll

[-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\eventlog.dll

[-] 2004-08-05 . 21E83876A6287F15538EF187D286FE11 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll

[-] 2004-08-05 . 21E83876A6287F15538EF187D286FE11 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll

 

[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\sfcfiles.dll

[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\sfcfiles.dll

[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\sfcfiles.dll

[-] 2004-08-05 . ACF04FB3448D2C2CD3A851C138EC8AB6 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

[-] 2004-08-05 . ACF04FB3448D2C2CD3A851C138EC8AB6 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll

 

[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ctfmon.exe

[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ctfmon.exe

[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ctfmon.exe

[-] 2004-08-05 . 5584247B568C2E53934873F4B655FE6A . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe

[-] 2004-08-05 . 5584247B568C2E53934873F4B655FE6A . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe

 

[-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\regsvc.dll

[-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\regsvc.dll

[-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\regsvc.dll

[-] 2004-08-05 . 345D02087F5696749C6120359B1E2988 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll

[-] 2004-08-05 . 345D02087F5696749C6120359B1E2988 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll

 

[-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\schedsvc.dll

[-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\schedsvc.dll

[-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\schedsvc.dll

[-] 2004-08-05 . 4612EC6DAF695B87A2529FCBB95B75DE . 193024 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll

[-] 2004-08-05 . 4612EC6DAF695B87A2529FCBB95B75DE . 193024 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll

 

[-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ssdpsrv.dll

[-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ssdpsrv.dll

[-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ssdpsrv.dll

[-] 2004-08-05 . B636478A2569AE69CAF003254022A742 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll

[-] 2004-08-05 . B636478A2569AE69CAF003254022A742 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll

 

[-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\termsrv.dll

[-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\termsrv.dll

[-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\termsrv.dll

[-] 2004-08-05 . 7D521B8CF926459E270D18C559323815 . 297984 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll

[-] 2004-08-05 . 7D521B8CF926459E270D18C559323815 . 297984 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\termsrv.dll

 

[-] 2004-08-05 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

 

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ip6fw.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ip6fw.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ip6fw.sys

[-] 2004-08-05 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys

[-] 2004-08-05 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

 

[-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\msgsvc.dll

[-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\msgsvc.dll

[-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\msgsvc.dll

[-] 2004-08-05 . 97939358ED4487CBB4A0D743CE958266 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll

[-] 2004-08-05 . 97939358ED4487CBB4A0D743CE958266 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll

 

[-] 2005-01-28 19:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] 2005-01-28 19:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2005-01-28 19:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll

[-] 2005-01-28 19:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2004-08-05 11:00 . 762B2A5F0E8B0164A5DB6741959DFB0C . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

 

[-] 2008-04-14 02:33 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ntmssvc.dll

[-] 2008-04-14 02:33 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ntmssvc.dll

[-] 2008-04-14 02:33 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ntmssvc.dll

[-] 2004-08-05 11:00 . 3F82A4226289510DF300813B9B87F0E5 . 438272 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll

[-] 2004-08-05 11:00 . 3F82A4226289510DF300813B9B87F0E5 . 438272 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"Google Update"="c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-24 133104]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-17 2010904]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-26 149280]

 

c:\documents and settings\All Star\Menu D‚marrer\Programmes\D‚marrage\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136]

 

c:\documents and settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\

Xfire.lnk - c:\program files\Xfire\Xfire.exe [2006-1-5 3469448]

 

c:\documents and settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\

Xfire.lnk - c:\program files\Xfire\Xfire.exe [2006-1-5 3469448]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=

"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

"2479:TCP"= 2479:TCP:Services

"2551:TCP"= 2551:TCP:Services

 

R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/11/2009 20:53 285392]

S3 EraserUtilDrvI9;EraserUtilDrvI9;\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrvI9.sys --> c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

------- Examen supplémentaire -------

.

uStart Page = google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.duxet.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKCU-Run-Malware Defense - c:\program files\Malware Defense\mdefense.exe

HKLM-Run-PCDrProfiler - (no file)

Notify-avgrsstarter - avgrsstx.dll

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-28 23:56

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(668)

c:\windows\system32\Ati2evxx.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\LightScribe\LSSrvc.exe

c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

c:\program files\HP\Digital Imaging\bin\hpqtra08.exe

c:\windows\system32\wdfmgr.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

c:\hp\KBD\KBD.EXE

.

**************************************************************************

.

Heure de fin: 2009-12-29 00:06:29 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-12-28 23:06

 

Avant-CF: 187 531 382 784 octets libres

Après-CF: 188 657 315 840 octets libres

 

- - End Of File - - 8FF5274BA76FF8F7FF5C41EBD0CB0626

[Apollo]

Re,

 

Lance une analyse avec MBAM et s'il ne se lance pas, désinstalle celui que tu as et installe un nouveau.

 

Procédure:

 

Télécharger ATF Cleaner par Atribune.

• Installe-le sur le bureau. (A conserver car très utile après chaque séance de surf)
   
  Double-clique ATF-Cleaner.exe afin de lancer le programme.
  --> Sous Vista/Seven: Clic droit/exécuter en temps qu'administrateur.
   
  Sous l'onglet Main, choisis : Select All
  Cliquer sur le bouton Empty Selected
  

Si tu utilises le navigateur Firefox :

• Clique Firefox au haut et choisis : Select All
  Cliquer le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
  

Si tu utilises le navigateur Opera :

• Clique Opera au haut et choisis : Select All
  Cliquer le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, cliquer No à l'invite.
  

Clique Exit, du menu principal, afin de fermer le programme.

Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.

 

--------------------

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

Ce logiciel est à garder.

 

Uniquement en cas de problème de mise à jour:

 

Télécharger mises à jour MBAM

 

Exécute le fichier après l'installation de MBAM

 

Connecter les supports amovibles (clés usb etc.) avant de lancer l'analyse.

 

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen complet"
  
• Clique sur "Rechercher"
  
• L'analyse démarre, le scan est relativement long, c'est normal.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
  

Si MBAM demande à redémarrer le pc, fais-le.

 

!!! Ne pas vider la quarantaine de MBAM sans avis !!! (en cas de faux-positifs toujours possibles.)

 

Poste également un nouveau log Hijackthis stp.

 

@++

[Apollo]

Bonjour,

 

N'hésite pas à me dire si tu rencontres des problèmes et lesquels.

 

Fais ceci:

 

Télécharge load_tdsskiller de Loup Blanc sur ton Bureau en cliquant sur ce lien :

 

http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe

 

Cet outil est conçu pour automatiser différentes tâches proposées par TDSSKiller, un fix de Kaspersky.

• Lance load_tdsskiller en double-cliquant dessus : l'outil va se connecter au Net pour télécharger une copie à jour de TDSSKiller, puis va lancer le scan
  
• A la fin du scan, appuie sur une touche pour continuer, comme l'indique le message dans la fenêtre noire d'invite de commande
  
• Le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (le fichier est également présent ici : C:\tdsskiller\report.txt)
  
• Fais redémarrer ton PC
  

 

@++

Modifié le 29 décembre 2009 par Apollo

[TitWawa]

Bonjour, désolé pour pour l'attente mais l'analyse était longue ^^"

 

Voici le rapport MBAM :

 

Malwarebytes' Anti-Malware 1.42

Version de la base de données: 3449

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

 

29/12/2009 15:03:44

mbam-log-2009-12-29 (15-03-44).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 264291

Temps écoulé: 1 hour(s), 44 minute(s), 16 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 8

Fichier(s) infecté(s): 15

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\Documents and Settings\HelpAssistant\Application Data\AntiVirus (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Propriétaire\Application Data\AntiVirus (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Propriétaire\Application Data\SystemDoctor Free (Rogue.SystemDoctor) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Propriétaire\Application Data\SystemDoctor Free\Logs (Rogue.SystemDoctor) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Propriétaire\Application Data\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully.

C:\Program Files\Fichiers communs\Carlson (Trojan.Dialer) -> Quarantined and deleted successfully.

C:\Program Files\DebroPack (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\AntiSpywareXP2009 (Rogue.AntiSpywareXP) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Qoobox\Quarantine\C\Program Files\AntiSpywareXP2009\htmlayout.dll.vir (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTkylqxmtyqj.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTwbejxuxnmb.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\H8SRTabrsnvmyrj.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\Documents and Settings\HelpAssistant\Application Data\AntiVirus\antvrs.exe (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Propriétaire\Application Data\AntiVirus\antvrs.exe (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Propriétaire\Application Data\SystemDoctor Free\Logs\update.log (Rogue.SystemDoctor) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Propriétaire\Application Data\WinTouch\wintouch.cfg (Adware.WinPop) -> Quarantined and deleted successfully.

C:\Program Files\DebroPack\Uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\AntiSpywareXP2009\AntiSpywareXP2009.lnk (Rogue.AntiSpywareXP) -> Quarantined and deleted successfully.

C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\AntiSpywareXP2009\Uninstall.lnk (Rogue.AntiSpywareXP) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\components\nsadsoftinc.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\components\nsworldadmarketplace.dll (Adware.AdRotator) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Menu Démarrer\carlton (Trojan.Dialer) -> Quarantined and deleted successfully.

C:\WINDOWS\photos01.zip (Backdoor.Bot) -> Quarantined and deleted successfully.

 

Merci.

[Apollo]

Ouf, je suis content que tu aies pu lancer MBAM; cela doit aller mieux?

 

Comment va le pc?

 

Passe quand-même l'outil Load_TDSS Killer cité juste au-dessus.

 

@++

[TitWawa]

Re,

 

Oui tout à fais, plus de problème avec les fenêtre Malware défense. Le Pc ne rame plus, donc je pense que j'en ai fini avec cette bestiole ^^"

Un grand merci à toi, pour cette aide précieuse.

Je vais tout de même passer Load_TDSS killer.

 

+++

[Apollo]

Tiens-moi au jus hein car tu devras désinstaller les outils spéciaux.

 

@++

[TitWawa]

Voici le rapport de Load_TDSS Killer.

 

23:14:52:593 1196 TDSSKiller 2.1.1 Dec 20 2009 02:40:02

23:14:52:593 1196 ================================================================================

23:14:52:593 1196 SystemInfo:

 

23:14:52:593 1196 OS Version: 5.1.2600 ServicePack: 2.0

23:14:52:593 1196 Product type: Workstation

23:14:52:593 1196 ComputerName: NOM-EB85C523610

23:14:52:609 1196 UserName: HP_Propriétaire

23:14:52:609 1196 Windows directory: C:\WINDOWS

23:14:52:609 1196 Processor architecture: Intel x86

23:14:52:609 1196 Number of processors: 1

23:14:52:609 1196 Page size: 0x1000

23:14:52:609 1196 Boot type: Normal boot

23:14:52:609 1196 ================================================================================

23:14:52:750 1196 ForceUnloadDriver: NtUnloadDriver error 2

23:14:52:750 1196 ForceUnloadDriver: NtUnloadDriver error 2

23:14:52:750 1196 ForceUnloadDriver: NtUnloadDriver error 2

23:14:52:750 1196 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0

23:14:52:750 1196 main: Driver KLMD successfully dropped

23:14:53:265 1196 main: Driver KLMD successfully loaded

23:14:53:265 1196

Scanning Registry ...

23:14:53:281 1196 ScanServices: Searching service UACd.sys

23:14:53:281 1196 ScanServices: Open/Create key error 2

23:14:53:281 1196 ScanServices: Searching service TDSSserv.sys

23:14:53:281 1196 ScanServices: Open/Create key error 2

23:14:53:281 1196 ScanServices: Searching service gaopdxserv.sys

23:14:53:281 1196 ScanServices: Open/Create key error 2

23:14:53:281 1196 ScanServices: Searching service gxvxcserv.sys

23:14:53:281 1196 ScanServices: Open/Create key error 2

23:14:53:281 1196 ScanServices: Searching service MSIVXserv.sys

23:14:53:281 1196 ScanServices: Open/Create key error 2

23:14:53:312 1196 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000

23:14:53:312 1196 UnhookRegistry: Kernel local addr: A20000

23:14:53:312 1196 UnhookRegistry: KeServiceDescriptorTable addr: A9B400

23:14:53:359 1196 UnhookRegistry: KiServiceTable addr: A4A21C

23:14:53:375 1196 UnhookRegistry: NtEnumerateKey service number (local): 47

23:14:53:375 1196 UnhookRegistry: NtEnumerateKey local addr: B62772

23:14:53:375 1196 KLMD_OpenDevice: Trying to open KLMD device

23:14:53:375 1196 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey

23:14:53:375 1196 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey

23:14:53:375 1196 KLMD_ReadMem: Trying to ReadMemory 0x804FD9ED[0x4]

23:14:53:375 1196 UnhookRegistry: NtEnumerateKey service number (kernel): 47

23:14:53:375 1196 KLMD_ReadMem: Trying to ReadMemory 0x80501338[0x4]

23:14:53:375 1196 UnhookRegistry: NtEnumerateKey real addr: 80619772

23:14:53:375 1196 UnhookRegistry: NtEnumerateKey calc addr: 80619772

23:14:53:375 1196 UnhookRegistry: No SDT hooks found on NtEnumerateKey

23:14:53:375 1196 KLMD_ReadMem: Trying to ReadMemory 0x80619772[0xA]

23:14:53:375 1196 UnhookRegistry: No splicing found on NtEnumerateKey

23:14:53:375 1196

Scanning Kernel memory ...

23:14:53:375 1196 KLMD_OpenDevice: Trying to open KLMD device

23:14:53:375 1196 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk

23:14:53:375 1196 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk

23:14:53:375 1196 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 85724F38

23:14:53:375 1196 DetectCureTDL3: KLMD_GetDeviceObjectList returned 11 DevObjects

23:14:53:375 1196 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 851296F0

23:14:53:375 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 851296F0

23:14:53:375 1196 KLMD_ReadMem: Trying to ReadMemory 0x851296F0[0x38]

23:14:53:375 1196 DetectCureTDL3: DRIVER_OBJECT addr: 85724F38

23:14:53:375 1196 KLMD_ReadMem: Trying to ReadMemory 0x85724F38[0xA8]

23:14:53:375 1196 KLMD_ReadMem: Trying to ReadMemory 0xE13CDE30[0x208]

23:14:53:375 1196 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

23:14:53:375 1196 DetectCureTDL3: IrpHandler (0) addr: F75D6C30

23:14:53:375 1196 DetectCureTDL3: IrpHandler (1) addr: 804F3418

23:14:53:375 1196 DetectCureTDL3: IrpHandler (2) addr: F75D6C30

23:14:53:375 1196 DetectCureTDL3: IrpHandler (3) addr: F75D0D9B

23:14:53:375 1196 DetectCureTDL3: IrpHandler (4) addr: F75D0D9B

23:14:53:375 1196 DetectCureTDL3: IrpHandler (5) addr: 804F3418

23:14:53:375 1196 DetectCureTDL3: IrpHandler (6) addr: 804F3418

23:14:53:375 1196 DetectCureTDL3: IrpHandler (7) addr: 804F3418

23:14:53:375 1196 DetectCureTDL3: IrpHandler ( addr: 804F3418

23:14:53:375 1196 DetectCureTDL3: IrpHandler (9) addr: F75D1366

23:14:53:375 1196 DetectCureTDL3: IrpHandler (10) addr: 804F3418

23:14:53:375 1196 DetectCureTDL3: IrpHandler (11) addr: 804F3418

23:14:53:375 1196 DetectCureTDL3: IrpHandler (12) addr: 804F3418

23:14:53:375 1196 DetectCureTDL3: IrpHandler (13) addr: 804F3418

23:14:53:375 1196 DetectCureTDL3: IrpHandler (14) addr: F75D144D

23:14:53:375 1196 DetectCureTDL3: IrpHandler (15) addr: F75D4FC3

23:14:53:375 1196 DetectCureTDL3: IrpHandler (16) addr: F75D1366

23:14:53:375 1196 DetectCureTDL3: IrpHandler (17) addr: 804F3418

23:14:53:375 1196 DetectCureTDL3: IrpHandler (18) addr: 804F3418

23:14:53:375 1196 DetectCureTDL3: IrpHandler (19) addr: 804F3418

23:14:53:375 1196 DetectCureTDL3: IrpHandler (20) addr: 804F3418

23:14:53:375 1196 DetectCureTDL3: IrpHandler (21) addr: 804F3418

23:14:53:375 1196 DetectCureTDL3: IrpHandler (22) addr: F75D2EF3

23:14:53:375 1196 DetectCureTDL3: IrpHandler (23) addr: F75D7A24

23:14:53:375 1196 DetectCureTDL3: IrpHandler (24) addr: 804F3418

23:14:53:375 1196 DetectCureTDL3: IrpHandler (25) addr: 804F3418

23:14:53:375 1196 DetectCureTDL3: IrpHandler (26) addr: 804F3418

23:14:53:375 1196 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]

23:14:53:375 1196 KLMD_ReadMem: DeviceIoControl error 1

23:14:53:375 1196 TDL3_StartIoHookDetect: Unable to get StartIo handler code

23:14:53:375 1196 TDL3_FileDetect: Processing driver: Disk

23:14:53:375 1196 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk

23:14:53:375 1196 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys

23:14:53:375 1196 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys

23:14:53:437 1196 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 853AE250

23:14:53:437 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 853AE250

23:14:53:437 1196 KLMD_ReadMem: Trying to ReadMemory 0x853AE250[0x38]

23:14:53:437 1196 DetectCureTDL3: DRIVER_OBJECT addr: 85724F38

23:14:53:437 1196 KLMD_ReadMem: Trying to ReadMemory 0x85724F38[0xA8]

23:14:53:437 1196 KLMD_ReadMem: Trying to ReadMemory 0xE13CDE30[0x208]

23:14:53:437 1196 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

23:14:53:437 1196 DetectCureTDL3: IrpHandler (0) addr: F75D6C30

23:14:53:437 1196 DetectCureTDL3: IrpHandler (1) addr: 804F3418

23:14:53:437 1196 DetectCureTDL3: IrpHandler (2) addr: F75D6C30

23:14:53:437 1196 DetectCureTDL3: IrpHandler (3) addr: F75D0D9B

23:14:53:437 1196 DetectCureTDL3: IrpHandler (4) addr: F75D0D9B

23:14:53:437 1196 DetectCureTDL3: IrpHandler (5) addr: 804F3418

23:14:53:437 1196 DetectCureTDL3: IrpHandler (6) addr: 804F3418

23:14:53:437 1196 DetectCureTDL3: IrpHandler (7) addr: 804F3418

23:14:53:437 1196 DetectCureTDL3: IrpHandler ( addr: 804F3418

23:14:53:437 1196 DetectCureTDL3: IrpHandler (9) addr: F75D1366

23:14:53:437 1196 DetectCureTDL3: IrpHandler (10) addr: 804F3418

23:14:53:437 1196 DetectCureTDL3: IrpHandler (11) addr: 804F3418

23:14:53:437 1196 DetectCureTDL3: IrpHandler (12) addr: 804F3418

23:14:53:437 1196 DetectCureTDL3: IrpHandler (13) addr: 804F3418

23:14:53:437 1196 DetectCureTDL3: IrpHandler (14) addr: F75D144D

23:14:53:437 1196 DetectCureTDL3: IrpHandler (15) addr: F75D4FC3

23:14:53:453 1196 DetectCureTDL3: IrpHandler (16) addr: F75D1366

23:14:53:453 1196 DetectCureTDL3: IrpHandler (17) addr: 804F3418

23:14:53:453 1196 DetectCureTDL3: IrpHandler (18) addr: 804F3418

23:14:53:453 1196 DetectCureTDL3: IrpHandler (19) addr: 804F3418

23:14:53:453 1196 DetectCureTDL3: IrpHandler (20) addr: 804F3418

23:14:53:453 1196 DetectCureTDL3: IrpHandler (21) addr: 804F3418

23:14:53:453 1196 DetectCureTDL3: IrpHandler (22) addr: F75D2EF3

23:14:53:453 1196 DetectCureTDL3: IrpHandler (23) addr: F75D7A24

23:14:53:453 1196 DetectCureTDL3: IrpHandler (24) addr: 804F3418

23:14:53:453 1196 DetectCureTDL3: IrpHandler (25) addr: 804F3418

23:14:53:453 1196 DetectCureTDL3: IrpHandler (26) addr: 804F3418

23:14:53:453 1196 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]

23:14:53:453 1196 KLMD_ReadMem: DeviceIoControl error 1

23:14:53:453 1196 TDL3_StartIoHookDetect: Unable to get StartIo handler code

23:14:53:453 1196 TDL3_FileDetect: Processing driver: Disk

23:14:53:453 1196 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk

23:14:53:453 1196 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys

23:14:53:453 1196 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys

23:14:53:468 1196 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8565DAD0

23:14:53:468 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8565DAD0

23:14:53:468 1196 KLMD_ReadMem: Trying to ReadMemory 0x8565DAD0[0x38]

23:14:53:468 1196 DetectCureTDL3: DRIVER_OBJECT addr: 85724F38

23:14:53:468 1196 KLMD_ReadMem: Trying to ReadMemory 0x85724F38[0xA8]

23:14:53:468 1196 KLMD_ReadMem: Trying to ReadMemory 0xE13CDE30[0x208]

23:14:53:468 1196 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

23:14:53:468 1196 DetectCureTDL3: IrpHandler (0) addr: F75D6C30

23:14:53:468 1196 DetectCureTDL3: IrpHandler (1) addr: 804F3418

23:14:53:468 1196 DetectCureTDL3: IrpHandler (2) addr: F75D6C30

23:14:53:468 1196 DetectCureTDL3: IrpHandler (3) addr: F75D0D9B

23:14:53:468 1196 DetectCureTDL3: IrpHandler (4) addr: F75D0D9B

23:14:53:468 1196 DetectCureTDL3: IrpHandler (5) addr: 804F3418

23:14:53:468 1196 DetectCureTDL3: IrpHandler (6) addr: 804F3418

23:14:53:468 1196 DetectCureTDL3: IrpHandler (7) addr: 804F3418

23:14:53:468 1196 DetectCureTDL3: IrpHandler ( addr: 804F3418

23:14:53:468 1196 DetectCureTDL3: IrpHandler (9) addr: F75D1366

23:14:53:468 1196 DetectCureTDL3: IrpHandler (10) addr: 804F3418

23:14:53:468 1196 DetectCureTDL3: IrpHandler (11) addr: 804F3418

23:14:53:468 1196 DetectCureTDL3: IrpHandler (12) addr: 804F3418

23:14:53:468 1196 DetectCureTDL3: IrpHandler (13) addr: 804F3418

23:14:53:468 1196 DetectCureTDL3: IrpHandler (14) addr: F75D144D

23:14:53:468 1196 DetectCureTDL3: IrpHandler (15) addr: F75D4FC3

23:14:53:468 1196 DetectCureTDL3: IrpHandler (16) addr: F75D1366

23:14:53:468 1196 DetectCureTDL3: IrpHandler (17) addr: 804F3418

23:14:53:468 1196 DetectCureTDL3: IrpHandler (18) addr: 804F3418

23:14:53:468 1196 DetectCureTDL3: IrpHandler (19) addr: 804F3418

23:14:53:468 1196 DetectCureTDL3: IrpHandler (20) addr: 804F3418

23:14:53:468 1196 DetectCureTDL3: IrpHandler (21) addr: 804F3418

23:14:53:468 1196 DetectCureTDL3: IrpHandler (22) addr: F75D2EF3

23:14:53:468 1196 DetectCureTDL3: IrpHandler (23) addr: F75D7A24

23:14:53:468 1196 DetectCureTDL3: IrpHandler (24) addr: 804F3418

23:14:53:468 1196 DetectCureTDL3: IrpHandler (25) addr: 804F3418

23:14:53:468 1196 DetectCureTDL3: IrpHandler (26) addr: 804F3418

23:14:53:468 1196 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]

23:14:53:468 1196 KLMD_ReadMem: DeviceIoControl error 1

23:14:53:468 1196 TDL3_StartIoHookDetect: Unable to get StartIo handler code

23:14:53:468 1196 TDL3_FileDetect: Processing driver: Disk

23:14:53:468 1196 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk

23:14:53:468 1196 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys

23:14:53:468 1196 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys

23:14:53:484 1196 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 854557D8

23:14:53:484 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 854557D8

23:14:53:484 1196 KLMD_ReadMem: Trying to ReadMemory 0x854557D8[0x38]

23:14:53:484 1196 DetectCureTDL3: DRIVER_OBJECT addr: 85724F38

23:14:53:484 1196 KLMD_ReadMem: Trying to ReadMemory 0x85724F38[0xA8]

23:14:53:484 1196 KLMD_ReadMem: Trying to ReadMemory 0xE13CDE30[0x208]

23:14:53:484 1196 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

23:14:53:484 1196 DetectCureTDL3: IrpHandler (0) addr: F75D6C30

23:14:53:484 1196 DetectCureTDL3: IrpHandler (1) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (2) addr: F75D6C30

23:14:53:484 1196 DetectCureTDL3: IrpHandler (3) addr: F75D0D9B

23:14:53:484 1196 DetectCureTDL3: IrpHandler (4) addr: F75D0D9B

23:14:53:484 1196 DetectCureTDL3: IrpHandler (5) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (6) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (7) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler ( addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (9) addr: F75D1366

23:14:53:484 1196 DetectCureTDL3: IrpHandler (10) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (11) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (12) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (13) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (14) addr: F75D144D

23:14:53:484 1196 DetectCureTDL3: IrpHandler (15) addr: F75D4FC3

23:14:53:484 1196 DetectCureTDL3: IrpHandler (16) addr: F75D1366

23:14:53:484 1196 DetectCureTDL3: IrpHandler (17) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (18) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (19) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (20) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (21) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (22) addr: F75D2EF3

23:14:53:484 1196 DetectCureTDL3: IrpHandler (23) addr: F75D7A24

23:14:53:484 1196 DetectCureTDL3: IrpHandler (24) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (25) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (26) addr: 804F3418

23:14:53:484 1196 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]

23:14:53:484 1196 KLMD_ReadMem: DeviceIoControl error 1

23:14:53:484 1196 TDL3_StartIoHookDetect: Unable to get StartIo handler code

23:14:53:484 1196 TDL3_FileDetect: Processing driver: Disk

23:14:53:484 1196 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk

23:14:53:484 1196 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys

23:14:53:484 1196 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys

23:14:53:484 1196 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 851B9AB8

23:14:53:484 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 851B9AB8

23:14:53:484 1196 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 851A1360

23:14:53:484 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 851A1360

23:14:53:484 1196 KLMD_ReadMem: Trying to ReadMemory 0x851A1360[0x38]

23:14:53:484 1196 DetectCureTDL3: DRIVER_OBJECT addr: 855E8030

23:14:53:484 1196 KLMD_ReadMem: Trying to ReadMemory 0x855E8030[0xA8]

23:14:53:484 1196 KLMD_ReadMem: Trying to ReadMemory 0xE1729E60[0x208]

23:14:53:484 1196 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

23:14:53:484 1196 DetectCureTDL3: IrpHandler (0) addr: F7875218

23:14:53:484 1196 DetectCureTDL3: IrpHandler (1) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (2) addr: F7875218

23:14:53:484 1196 DetectCureTDL3: IrpHandler (3) addr: F787523C

23:14:53:484 1196 DetectCureTDL3: IrpHandler (4) addr: F787523C

23:14:53:484 1196 DetectCureTDL3: IrpHandler (5) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (6) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (7) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler ( addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (9) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (10) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (11) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (12) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (13) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (14) addr: F7875180

23:14:53:484 1196 DetectCureTDL3: IrpHandler (15) addr: F78709E6

23:14:53:484 1196 DetectCureTDL3: IrpHandler (16) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (17) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (18) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (19) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (20) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (21) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (22) addr: F78745F0

23:14:53:484 1196 DetectCureTDL3: IrpHandler (23) addr: F7872A6E

23:14:53:484 1196 DetectCureTDL3: IrpHandler (24) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (25) addr: 804F3418

23:14:53:484 1196 DetectCureTDL3: IrpHandler (26) addr: 804F3418

23:14:53:484 1196 KLMD_ReadMem: Trying to ReadMemory 0xF7871F26[0x400]

23:14:53:484 1196 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0

23:14:53:484 1196 TDL3_FileDetect: Processing driver: USBSTOR

23:14:53:500 1196 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk

23:14:53:500 1196 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys

23:14:53:500 1196 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys

23:14:53:531 1196 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 851A8AB8

23:14:53:531 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 851A8AB8

23:14:53:531 1196 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 854B6030

23:14:53:531 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 854B6030

23:14:53:531 1196 KLMD_ReadMem: Trying to ReadMemory 0x854B6030[0x38]

23:14:53:531 1196 DetectCureTDL3: DRIVER_OBJECT addr: 855E8030

23:14:53:531 1196 KLMD_ReadMem: Trying to ReadMemory 0x855E8030[0xA8]

23:14:53:531 1196 KLMD_ReadMem: Trying to ReadMemory 0xE1729E60[0x208]

23:14:53:531 1196 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

23:14:53:531 1196 DetectCureTDL3: IrpHandler (0) addr: F7875218

23:14:53:531 1196 DetectCureTDL3: IrpHandler (1) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (2) addr: F7875218

23:14:53:531 1196 DetectCureTDL3: IrpHandler (3) addr: F787523C

23:14:53:531 1196 DetectCureTDL3: IrpHandler (4) addr: F787523C

23:14:53:531 1196 DetectCureTDL3: IrpHandler (5) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (6) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (7) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler ( addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (9) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (10) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (11) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (12) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (13) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (14) addr: F7875180

23:14:53:531 1196 DetectCureTDL3: IrpHandler (15) addr: F78709E6

23:14:53:531 1196 DetectCureTDL3: IrpHandler (16) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (17) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (18) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (19) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (20) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (21) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (22) addr: F78745F0

23:14:53:531 1196 DetectCureTDL3: IrpHandler (23) addr: F7872A6E

23:14:53:531 1196 DetectCureTDL3: IrpHandler (24) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (25) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (26) addr: 804F3418

23:14:53:531 1196 KLMD_ReadMem: Trying to ReadMemory 0xF7871F26[0x400]

23:14:53:531 1196 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0

23:14:53:531 1196 TDL3_FileDetect: Processing driver: USBSTOR

23:14:53:531 1196 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk

23:14:53:531 1196 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys

23:14:53:531 1196 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys

23:14:53:531 1196 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 8519FAB8

23:14:53:531 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8519FAB8

23:14:53:531 1196 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 85159D08

23:14:53:531 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85159D08

23:14:53:531 1196 KLMD_ReadMem: Trying to ReadMemory 0x85159D08[0x38]

23:14:53:531 1196 DetectCureTDL3: DRIVER_OBJECT addr: 855E8030

23:14:53:531 1196 KLMD_ReadMem: Trying to ReadMemory 0x855E8030[0xA8]

23:14:53:531 1196 KLMD_ReadMem: Trying to ReadMemory 0xE1729E60[0x208]

23:14:53:531 1196 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

23:14:53:531 1196 DetectCureTDL3: IrpHandler (0) addr: F7875218

23:14:53:531 1196 DetectCureTDL3: IrpHandler (1) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (2) addr: F7875218

23:14:53:531 1196 DetectCureTDL3: IrpHandler (3) addr: F787523C

23:14:53:531 1196 DetectCureTDL3: IrpHandler (4) addr: F787523C

23:14:53:531 1196 DetectCureTDL3: IrpHandler (5) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (6) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (7) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler ( addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (9) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (10) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (11) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (12) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (13) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (14) addr: F7875180

23:14:53:531 1196 DetectCureTDL3: IrpHandler (15) addr: F78709E6

23:14:53:531 1196 DetectCureTDL3: IrpHandler (16) addr: 804F3418

23:14:53:531 1196 DetectCureTDL3: IrpHandler (17) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (18) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (19) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (20) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (21) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (22) addr: F78745F0

23:14:53:546 1196 DetectCureTDL3: IrpHandler (23) addr: F7872A6E

23:14:53:546 1196 DetectCureTDL3: IrpHandler (24) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (25) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (26) addr: 804F3418

23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0xF7871F26[0x400]

23:14:53:546 1196 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0

23:14:53:546 1196 TDL3_FileDetect: Processing driver: USBSTOR

23:14:53:546 1196 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk

23:14:53:546 1196 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys

23:14:53:546 1196 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys

23:14:53:546 1196 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 851A2AB8

23:14:53:546 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 851A2AB8

23:14:53:546 1196 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 85151D08

23:14:53:546 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85151D08

23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0x85151D08[0x38]

23:14:53:546 1196 DetectCureTDL3: DRIVER_OBJECT addr: 855E8030

23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0x855E8030[0xA8]

23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0xE1729E60[0x208]

23:14:53:546 1196 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

23:14:53:546 1196 DetectCureTDL3: IrpHandler (0) addr: F7875218

23:14:53:546 1196 DetectCureTDL3: IrpHandler (1) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (2) addr: F7875218

23:14:53:546 1196 DetectCureTDL3: IrpHandler (3) addr: F787523C

23:14:53:546 1196 DetectCureTDL3: IrpHandler (4) addr: F787523C

23:14:53:546 1196 DetectCureTDL3: IrpHandler (5) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (6) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (7) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler ( addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (9) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (10) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (11) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (12) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (13) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (14) addr: F7875180

23:14:53:546 1196 DetectCureTDL3: IrpHandler (15) addr: F78709E6

23:14:53:546 1196 DetectCureTDL3: IrpHandler (16) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (17) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (18) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (19) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (20) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (21) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (22) addr: F78745F0

23:14:53:546 1196 DetectCureTDL3: IrpHandler (23) addr: F7872A6E

23:14:53:546 1196 DetectCureTDL3: IrpHandler (24) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (25) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (26) addr: 804F3418

23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0xF7871F26[0x400]

23:14:53:546 1196 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0

23:14:53:546 1196 TDL3_FileDetect: Processing driver: USBSTOR

23:14:53:546 1196 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk

23:14:53:546 1196 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys

23:14:53:546 1196 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys

23:14:53:546 1196 DetectCureTDL3: 8 Curr stack PDEVICE_OBJECT: 85721C68

23:14:53:546 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85721C68

23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0x85721C68[0x38]

23:14:53:546 1196 DetectCureTDL3: DRIVER_OBJECT addr: 85724F38

23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0x85724F38[0xA8]

23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0xE13CDE30[0x208]

23:14:53:546 1196 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

23:14:53:546 1196 DetectCureTDL3: IrpHandler (0) addr: F75D6C30

23:14:53:546 1196 DetectCureTDL3: IrpHandler (1) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (2) addr: F75D6C30

23:14:53:546 1196 DetectCureTDL3: IrpHandler (3) addr: F75D0D9B

23:14:53:546 1196 DetectCureTDL3: IrpHandler (4) addr: F75D0D9B

23:14:53:546 1196 DetectCureTDL3: IrpHandler (5) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (6) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (7) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler ( addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (9) addr: F75D1366

23:14:53:546 1196 DetectCureTDL3: IrpHandler (10) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (11) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (12) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (13) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (14) addr: F75D144D

23:14:53:546 1196 DetectCureTDL3: IrpHandler (15) addr: F75D4FC3

23:14:53:546 1196 DetectCureTDL3: IrpHandler (16) addr: F75D1366

23:14:53:546 1196 DetectCureTDL3: IrpHandler (17) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (18) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (19) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (20) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (21) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (22) addr: F75D2EF3

23:14:53:546 1196 DetectCureTDL3: IrpHandler (23) addr: F75D7A24

23:14:53:546 1196 DetectCureTDL3: IrpHandler (24) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (25) addr: 804F3418

23:14:53:546 1196 DetectCureTDL3: IrpHandler (26) addr: 804F3418

23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]

23:14:53:546 1196 KLMD_ReadMem: DeviceIoControl error 1

23:14:53:546 1196 TDL3_StartIoHookDetect: Unable to get StartIo handler code

23:14:53:546 1196 TDL3_FileDetect: Processing driver: Disk

23:14:53:546 1196 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk

23:14:53:546 1196 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys

23:14:53:546 1196 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys

23:14:53:546 1196 DetectCureTDL3: 9 Curr stack PDEVICE_OBJECT: 857512C0

23:14:53:546 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 857512C0

23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0x857512C0[0x38]

23:14:53:546 1196 DetectCureTDL3: DRIVER_OBJECT addr: 85724F38

23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0x85724F38[0xA8]

23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0xE13CDE30[0x208]

23:14:53:546 1196 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

23:14:53:546 1196 DetectCureTDL3: IrpHandler (0) addr: F75D6C30

23:14:53:562 1196 DetectCureTDL3: IrpHandler (1) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (2) addr: F75D6C30

23:14:53:562 1196 DetectCureTDL3: IrpHandler (3) addr: F75D0D9B

23:14:53:562 1196 DetectCureTDL3: IrpHandler (4) addr: F75D0D9B

23:14:53:562 1196 DetectCureTDL3: IrpHandler (5) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (6) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (7) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler ( addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (9) addr: F75D1366

23:14:53:562 1196 DetectCureTDL3: IrpHandler (10) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (11) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (12) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (13) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (14) addr: F75D144D

23:14:53:562 1196 DetectCureTDL3: IrpHandler (15) addr: F75D4FC3

23:14:53:562 1196 DetectCureTDL3: IrpHandler (16) addr: F75D1366

23:14:53:562 1196 DetectCureTDL3: IrpHandler (17) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (18) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (19) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (20) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (21) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (22) addr: F75D2EF3

23:14:53:562 1196 DetectCureTDL3: IrpHandler (23) addr: F75D7A24

23:14:53:562 1196 DetectCureTDL3: IrpHandler (24) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (25) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (26) addr: 804F3418

23:14:53:562 1196 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]

23:14:53:562 1196 KLMD_ReadMem: DeviceIoControl error 1

23:14:53:562 1196 TDL3_StartIoHookDetect: Unable to get StartIo handler code

23:14:53:562 1196 TDL3_FileDetect: Processing driver: Disk

23:14:53:562 1196 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk

23:14:53:562 1196 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys

23:14:53:562 1196 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys

23:14:53:562 1196 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 85720AB8

23:14:53:562 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85720AB8

23:14:53:562 1196 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 8578DF18

23:14:53:562 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8578DF18

23:14:53:562 1196 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 8574FB00

23:14:53:562 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8574FB00

23:14:53:562 1196 KLMD_ReadMem: Trying to ReadMemory 0x8574FB00[0x38]

23:14:53:562 1196 DetectCureTDL3: DRIVER_OBJECT addr: 85751C28

23:14:53:562 1196 KLMD_ReadMem: Trying to ReadMemory 0x85751C28[0xA8]

23:14:53:562 1196 KLMD_ReadMem: Trying to ReadMemory 0xE1008B90[0x208]

23:14:53:562 1196 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi

23:14:53:562 1196 DetectCureTDL3: IrpHandler (0) addr: F7402572

23:14:53:562 1196 DetectCureTDL3: IrpHandler (1) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (2) addr: F7402572

23:14:53:562 1196 DetectCureTDL3: IrpHandler (3) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (4) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (5) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (6) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (7) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler ( addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (9) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (10) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (11) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (12) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (13) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (14) addr: F7402592

23:14:53:562 1196 DetectCureTDL3: IrpHandler (15) addr: F73FE7B4

23:14:53:562 1196 DetectCureTDL3: IrpHandler (16) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (17) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (18) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (19) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (20) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (21) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (22) addr: F74025BC

23:14:53:562 1196 DetectCureTDL3: IrpHandler (23) addr: F7409164

23:14:53:562 1196 DetectCureTDL3: IrpHandler (24) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (25) addr: 804F3418

23:14:53:562 1196 DetectCureTDL3: IrpHandler (26) addr: 804F3418

23:14:53:562 1196 KLMD_ReadMem: Trying to ReadMemory 0xF73FF7C6[0x400]

23:14:53:562 1196 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 229, 0

23:14:53:562 1196 TDL3_FileDetect: Processing driver: atapi

23:14:53:562 1196 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk

23:14:53:562 1196 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys

23:14:53:562 1196 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys

23:14:53:609 1196

Completed

 

Results:

23:14:53:609 1196 Infected objects in memory: 0

23:14:53:609 1196 Cured objects in memory: 0

23:14:53:609 1196 Infected objects on disk: 0

23:14:53:609 1196 Objects on disk cured on reboot: 0

23:14:53:609 1196 Objects on disk deleted on reboot: 0

23:14:53:609 1196 Registry nodes deleted on reboot: 0

23:14:53:609 1196