[Résolu] PC infecté par le virus Winupgro.exe

[Apollo]

Il y a eu un petit problème, c'est que tu es un "homme pressé", et ce n'est pas la meilleure façon de faire.

 

Comme on le prévient assez souvent, ComboFix n'est pas un outil comme les autres...

 

Je crois que pour la reconnaissance matérielle, ce n'est pas très compliqué de prime abord.

La première chose à tenter serait de virer les périphériques concernés via le gestionnaire de périphériques, de redémarrer le pc et Windows devrait proposer de les réinstaller.

 

Pour y arriver, presser les touches Windows et Pause/matériel/gestionnaire de périphériques.

 

Je te donne un exemple: si je dois virer le périph de la carte son, je fais comme ceci avant de rebooter le pc. (tu devras répéter cette opération pour chaque matos à problème). Windows devrait alors proposer l'installation d'un "nouveau matériel).

 

 

 

Si cela ne s'arrangeait pas comme ça, je t'enverrais vers un ami dont le matos est la spécialité (voir le lien Vista/seven dans ma signature) je l'ai déjà mis au parfum au cas où cela serait nécessaire.

 

@++

[laurentludo]

pr le moment MBAM effectue un scan et cela dure depuis plus de 45 minutes

je poste des que possible les rapports demandés

encore merci de votre aide

bonne soiree

a plus

[laurentludo]

merci de ta reponse pr le matos mais pr le moment je n'ai pas reussi a reconditionner mas connexion intenet

 

donc j'ai compris le message pour mon empressement et je m en excuse

 

je vais laisser MBAM faire le scan complet qui dure qui dure... lol

et je reviens vers toi ensuite

et on va essayer ( surtout avec ton aide) de reconfigurer pas à pas

merci de ta patience en tout cas...

[laurentludo]

voila le post du rapport de MBAM

 

merci !!!

pour info qd je vais ds le gestionnaire de peripheriques

j ai rien comme matos... lol

donc meme pas possible de les effacer!!!

 

 

Malwarebytes' Anti-Malware 1.44

Version de la base de données: 3510

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

31/01/2010 18:38:51

mbam-log-2010-01-31 (18-38-51).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 207707

Temps écoulé: 56 minute(s), 8 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 1

Fichier(s) infecté(s): 7

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\123456295511\Combo-Fix.sys (Malware.Trace) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{484B78C8-6FEB-4DC4-9EC7-C5D1D799F32A}\RP1\A0000059.sys (Malware.Trace) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{484B78C8-6FEB-4DC4-9EC7-C5D1D799F32A}\RP1\A0000124.sys (Malware.Trace) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{484B78C8-6FEB-4DC4-9EC7-C5D1D799F32A}\RP1\A0000192.sys (Malware.Trace) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{484B78C8-6FEB-4DC4-9EC7-C5D1D799F32A}\RP1\A0000348.sys (Malware.Trace) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{484B78C8-6FEB-4DC4-9EC7-C5D1D799F32A}\RP2\A0000505.exe (Rogue.AntivirusDoktor) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\AVP 2009\1.dat (Malware.Trace) -> Quarantined and deleted successfully.

[laurentludo]

comme demandé voila le rapport de HijackThis

j'attends tes preconisations

au besoin peux tu me communiquer les coordonnées te ton pote afin d essayer de regler le probleme de matos

Pour le moment je n ai toujours pas de connextion internet

 

merci d avance pr le temps que tu consacre

a plus

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:03:41, on 31/01/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll

O4 - HKCU\..\Run: [RegDokFRT] C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.orderingmemory.com/controls/cpcScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

 

--

End of file - 4787 bytes

[Apollo]

pour info qd je vais ds le gestionnaire de peripheriques

j ai rien comme matos... lol

donc meme pas possible de les effacer!!!

 

Qu'est ce que c'est que pour une histoire ça? J'en crois pas mes noeils lol.

 

Relance Hijackthis avec Do a system scan only et coche les cases devant les lignes suivantes: SOUS VISTA: Clic droit sur Hijackthis/exécuter en temps qu'administrateur!

 

O4 - HKCU\..\Run: [RegDokFRT] C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe

 

Ferme toutes les applications ouvertes et les navigateurs et clique sur Fix Checked

 

Supprime ce dossier indiqué en gras: C:\Program Files\RegistryDoktor 4.1

 

-----------------------------------------

 

Fais ceci pour voir: cela m'étonnerait mais bon...

 

Télécharge TDSSKiller.zip de Kaspersky et enregistre le sur ton bureau.

 

• Clique droit sur le fichier et choisis Extraire tout.
  Un dossier va s'ouvrir à l'écran contenant le fichier TDSSkiller.exe.
  
• Double-clique sur tdsskiller.exe pour le lancer.
  
• Une fenêtre noire va s'ouvrir et le scan va commencer. Laisse le faire sans l'interrompre.
  
• A la fin il te sera demandé d'appuyer sur une touche pour continuer.
  Appuie sur une touche du clavier et la fenêtre noire va se fermer.
  
• Double-clique sur Ordinateur ou Poste de travail puis sur C: et recherche un fichier dont le nom commence par TDSSKiller...
  Double-clique dessus pour l'ouvrir et copie-colle l'intégralité de son contenu dans ta prochaine réponse.
   
  NB: Pendant la procédure, si TDSSKiller fait apparaître ce message:

  Hidden service detected: H8SRTd.sys
  Type "delete" (without quotes) to delete it: 14:30:08:000 0256

  , tape delete et valide.
   
  
  

 

-------------------------------------------

Va toujours voir mon pote Pierre13 pour le problème matériel, je vais suivre ça en même temps, reviens ici après.

 

http://forum-vista-seven.1fr1.net/materiel...ipheriques-f28/

 

Il a suivi ce sujet-ci donc il est au courant de l'affaire

 

@++

[laurentludo]

voila le resultat de ce que tu m a demandé

merci encore de ton aide

 

19:45:53:968 1576 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25

19:45:53:968 1576 ================================================================================

19:45:53:968 1576 SystemInfo:

 

19:45:53:968 1576 OS Version: 5.1.2600 ServicePack: 3.0

19:45:53:968 1576 Product type: Workstation

19:45:53:968 1576 ComputerName: USER-02081FBA89

19:45:53:968 1576 UserName: utilisateur

19:45:53:968 1576 Windows directory: C:\WINDOWS

19:45:53:968 1576 Processor architecture: Intel x86

19:45:53:968 1576 Number of processors: 1

19:45:53:968 1576 Page size: 0x1000

19:45:53:968 1576 Boot type: Normal boot

19:45:53:968 1576 ================================================================================

19:45:54:000 1576 UnloadDriverW: NtUnloadDriver error 2

19:45:54:000 1576 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

19:45:54:031 1576 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000

19:45:58:921 1576 UtilityInit: KLMD drop and load success

19:45:58:921 1576 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)

19:45:58:921 1576 UtilityInit: KLMD open success

19:45:58:921 1576 UtilityInit: Initialize success

19:45:58:921 1576

19:45:58:921 1576 Scanning Services ...

19:45:58:921 1576 CreateRegParser: Registry parser init started

19:45:58:921 1576 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127

19:45:58:921 1576 CreateRegParser: DisableWow64Redirection error

19:45:58:921 1576 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system

19:45:58:921 1576 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043

19:45:58:921 1576 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

19:45:58:921 1576 wfopen_ex: Trying to KLMD file open

19:45:58:921 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system

19:45:58:921 1576 wfopen_ex: File opened ok (Flags 2)

19:45:58:921 1576 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 384930

19:45:58:921 1576 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software

19:45:58:921 1576 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043

19:45:58:921 1576 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

19:45:58:921 1576 wfopen_ex: Trying to KLMD file open

19:45:58:921 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software

19:45:58:921 1576 wfopen_ex: File opened ok (Flags 2)

19:45:58:921 1576 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 3849D8

19:45:58:921 1576 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127

19:45:58:921 1576 CreateRegParser: EnableWow64Redirection error

19:45:58:921 1576 CreateRegParser: RegParser init completed

19:45:59:250 1576 GetAdvancedServicesInfo: Raw services enum returned 384 services

19:45:59:250 1576 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system

19:45:59:250 1576 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software

19:45:59:250 1576

19:45:59:250 1576 Scanning Kernel memory ...

19:45:59:250 1576 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk

19:45:59:250 1576 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 871D1A08

19:45:59:250 1576 DetectCureTDL3: KLMD_GetDeviceObjectList returned 15 DevObjects

19:45:59:250 1576

19:45:59:250 1576 DetectCureTDL3: DEVICE_OBJECT: 859FC030

19:45:59:250 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 859FC030

19:45:59:250 1576 KLMD_ReadMem: Trying to ReadMemory 0x859FC030[0x38]

19:45:59:250 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08

19:45:59:250 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8]

19:45:59:250 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18]

19:45:59:250 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

19:45:59:250 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0

19:45:59:250 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A

19:45:59:250 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0

19:45:59:250 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F

19:45:59:250 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F

19:45:59:250 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A

19:45:59:250 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A

19:45:59:250 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A

19:45:59:250 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A

19:45:59:250 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2

19:45:59:250 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A

19:45:59:250 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A

19:45:59:250 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A

19:45:59:250 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A

19:45:59:250 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB

19:45:59:250 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28

19:45:59:250 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2

19:45:59:250 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A

19:45:59:250 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A

19:45:59:250 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A

19:45:59:250 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A

19:45:59:250 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A

19:45:59:250 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82

19:45:59:250 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E

19:45:59:250 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A

19:45:59:250 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A

19:45:59:250 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A

19:45:59:250 1576 TDL3_FileDetect: Processing driver: Disk

19:45:59:265 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

19:45:59:265 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

19:45:59:296 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

19:45:59:296 1576

19:45:59:296 1576 DetectCureTDL3: DEVICE_OBJECT: 87043030

19:45:59:296 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87043030

19:45:59:296 1576 DetectCureTDL3: DEVICE_OBJECT: 8703FA98

19:45:59:296 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8703FA98

19:45:59:296 1576 KLMD_ReadMem: Trying to ReadMemory 0x8703FA98[0x38]

19:45:59:296 1576 DetectCureTDL3: DRIVER_OBJECT: 868847B8

19:45:59:296 1576 KLMD_ReadMem: Trying to ReadMemory 0x868847B8[0xA8]

19:45:59:296 1576 KLMD_ReadMem: Trying to ReadMemory 0xE1E35390[0x1E]

19:45:59:296 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor

19:45:59:296 1576 DetectCureTDL3: IrpHandler (0) addr: F7801218

19:45:59:296 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A

19:45:59:296 1576 DetectCureTDL3: IrpHandler (2) addr: F7801218

19:45:59:296 1576 DetectCureTDL3: IrpHandler (3) addr: F780123C

19:45:59:296 1576 DetectCureTDL3: IrpHandler (4) addr: F780123C

19:45:59:296 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A

19:45:59:296 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A

19:45:59:296 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A

19:45:59:296 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A

19:45:59:296 1576 DetectCureTDL3: IrpHandler (9) addr: 804F355A

19:45:59:296 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A

19:45:59:296 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A

19:45:59:296 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A

19:45:59:296 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A

19:45:59:296 1576 DetectCureTDL3: IrpHandler (14) addr: F7801180

19:45:59:296 1576 DetectCureTDL3: IrpHandler (15) addr: F77FC9E6

19:45:59:296 1576 DetectCureTDL3: IrpHandler (16) addr: 804F355A

19:45:59:296 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A

19:45:59:296 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A

19:45:59:296 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A

19:45:59:296 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A

19:45:59:296 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A

19:45:59:296 1576 DetectCureTDL3: IrpHandler (22) addr: F78005F0

19:45:59:296 1576 DetectCureTDL3: IrpHandler (23) addr: F77FEA6E

19:45:59:296 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A

19:45:59:296 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A

19:45:59:296 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A

19:45:59:296 1576 KLMD_ReadMem: Trying to ReadMemory 0xF77FDF26[0x400]

19:45:59:296 1576 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

19:45:59:296 1576 TDL3_FileDetect: Processing driver: usbstor

19:45:59:296 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:45:59:296 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:45:59:328 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

19:45:59:328 1576

19:45:59:328 1576 DetectCureTDL3: DEVICE_OBJECT: 86951140

19:45:59:328 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86951140

19:45:59:328 1576 KLMD_ReadMem: Trying to ReadMemory 0x86951140[0x38]

19:45:59:328 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08

19:45:59:328 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8]

19:45:59:328 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18]

19:45:59:328 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

19:45:59:328 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0

19:45:59:328 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A

19:45:59:328 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0

19:45:59:328 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F

19:45:59:328 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F

19:45:59:328 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A

19:45:59:328 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A

19:45:59:328 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A

19:45:59:328 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A

19:45:59:328 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2

19:45:59:328 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A

19:45:59:328 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A

19:45:59:328 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A

19:45:59:328 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A

19:45:59:328 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB

19:45:59:328 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28

19:45:59:328 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2

19:45:59:328 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A

19:45:59:328 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A

19:45:59:328 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A

19:45:59:328 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A

19:45:59:328 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A

19:45:59:328 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82

19:45:59:328 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E

19:45:59:328 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A

19:45:59:328 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A

19:45:59:328 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A

19:45:59:328 1576 TDL3_FileDetect: Processing driver: Disk

19:45:59:328 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

19:45:59:328 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

19:45:59:359 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

19:45:59:359 1576

19:45:59:359 1576 DetectCureTDL3: DEVICE_OBJECT: 8698A920

19:45:59:359 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8698A920

19:45:59:359 1576 DetectCureTDL3: DEVICE_OBJECT: 868D77A0

19:45:59:359 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 868D77A0

19:45:59:359 1576 KLMD_ReadMem: Trying to ReadMemory 0x868D77A0[0x38]

19:45:59:359 1576 DetectCureTDL3: DRIVER_OBJECT: 868847B8

19:45:59:359 1576 KLMD_ReadMem: Trying to ReadMemory 0x868847B8[0xA8]

19:45:59:359 1576 KLMD_ReadMem: Trying to ReadMemory 0xE1E35390[0x1E]

19:45:59:359 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor

19:45:59:359 1576 DetectCureTDL3: IrpHandler (0) addr: F7801218

19:45:59:359 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A

19:45:59:359 1576 DetectCureTDL3: IrpHandler (2) addr: F7801218

19:45:59:359 1576 DetectCureTDL3: IrpHandler (3) addr: F780123C

19:45:59:359 1576 DetectCureTDL3: IrpHandler (4) addr: F780123C

19:45:59:359 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A

19:45:59:359 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A

19:45:59:359 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A

19:45:59:359 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A

19:45:59:359 1576 DetectCureTDL3: IrpHandler (9) addr: 804F355A

19:45:59:359 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A

19:45:59:359 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A

19:45:59:359 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A

19:45:59:359 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A

19:45:59:359 1576 DetectCureTDL3: IrpHandler (14) addr: F7801180

19:45:59:359 1576 DetectCureTDL3: IrpHandler (15) addr: F77FC9E6

19:45:59:359 1576 DetectCureTDL3: IrpHandler (16) addr: 804F355A

19:45:59:359 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A

19:45:59:359 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A

19:45:59:359 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A

19:45:59:359 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A

19:45:59:359 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A

19:45:59:359 1576 DetectCureTDL3: IrpHandler (22) addr: F78005F0

19:45:59:359 1576 DetectCureTDL3: IrpHandler (23) addr: F77FEA6E

19:45:59:359 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A

19:45:59:359 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A

19:45:59:359 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A

19:45:59:359 1576 KLMD_ReadMem: Trying to ReadMemory 0xF77FDF26[0x400]

19:45:59:359 1576 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

19:45:59:359 1576 TDL3_FileDetect: Processing driver: usbstor

19:45:59:359 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:45:59:359 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:45:59:390 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

19:45:59:390 1576

19:45:59:390 1576 DetectCureTDL3: DEVICE_OBJECT: 86933030

19:45:59:390 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86933030

19:45:59:390 1576 KLMD_ReadMem: Trying to ReadMemory 0x86933030[0x38]

19:45:59:390 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08

19:45:59:390 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8]

19:45:59:390 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18]

19:45:59:390 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

19:45:59:390 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0

19:45:59:390 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A

19:45:59:390 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0

19:45:59:390 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F

19:45:59:390 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F

19:45:59:390 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A

19:45:59:390 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A

19:45:59:390 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A

19:45:59:390 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A

19:45:59:390 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2

19:45:59:390 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A

19:45:59:390 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A

19:45:59:390 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A

19:45:59:390 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A

19:45:59:390 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB

19:45:59:390 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28

19:45:59:390 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2

19:45:59:390 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A

19:45:59:390 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A

19:45:59:390 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A

19:45:59:390 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A

19:45:59:390 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A

19:45:59:390 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82

19:45:59:390 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E

19:45:59:390 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A

19:45:59:390 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A

19:45:59:390 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A

19:45:59:390 1576 TDL3_FileDetect: Processing driver: Disk

19:45:59:390 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

19:45:59:390 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

19:45:59:421 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

19:45:59:421 1576

19:45:59:421 1576 DetectCureTDL3: DEVICE_OBJECT: 868FB988

19:45:59:421 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 868FB988

19:45:59:421 1576 KLMD_ReadMem: Trying to ReadMemory 0x868FB988[0x38]

19:45:59:421 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08

19:45:59:421 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8]

19:45:59:421 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18]

19:45:59:421 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

19:45:59:421 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0

19:45:59:421 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A

19:45:59:421 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0

19:45:59:421 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F

19:45:59:421 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F

19:45:59:421 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A

19:45:59:421 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A

19:45:59:421 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A

19:45:59:421 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A

19:45:59:421 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2

19:45:59:421 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A

19:45:59:421 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A

19:45:59:421 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A

19:45:59:421 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A

19:45:59:421 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB

19:45:59:421 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28

19:45:59:421 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2

19:45:59:421 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A

19:45:59:421 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A

19:45:59:421 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A

19:45:59:421 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A

19:45:59:421 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A

19:45:59:421 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82

19:45:59:421 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E

19:45:59:421 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A

19:45:59:421 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A

19:45:59:421 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A

19:45:59:421 1576 TDL3_FileDetect: Processing driver: Disk

19:45:59:421 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

19:45:59:421 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

19:45:59:453 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

19:45:59:453 1576

19:45:59:453 1576 DetectCureTDL3: DEVICE_OBJECT: 8691A030

19:45:59:453 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8691A030

19:45:59:453 1576 KLMD_ReadMem: Trying to ReadMemory 0x8691A030[0x38]

19:45:59:453 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08

19:45:59:453 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8]

19:45:59:453 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18]

19:45:59:453 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

19:45:59:453 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0

19:45:59:453 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0

19:45:59:453 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F

19:45:59:453 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F

19:45:59:453 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2

19:45:59:453 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB

19:45:59:453 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28

19:45:59:453 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2

19:45:59:453 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82

19:45:59:453 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E

19:45:59:453 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A

19:45:59:453 1576 TDL3_FileDetect: Processing driver: Disk

19:45:59:453 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

19:45:59:453 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

19:45:59:453 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

19:45:59:453 1576

19:45:59:453 1576 DetectCureTDL3: DEVICE_OBJECT: 8690F470

19:45:59:453 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8690F470

19:45:59:453 1576 KLMD_ReadMem: Trying to ReadMemory 0x8690F470[0x38]

19:45:59:453 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08

19:45:59:453 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8]

19:45:59:453 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18]

19:45:59:453 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

19:45:59:453 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0

19:45:59:453 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0

19:45:59:453 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F

19:45:59:453 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F

19:45:59:453 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2

19:45:59:453 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB

19:45:59:453 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28

19:45:59:453 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2

19:45:59:453 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82

19:45:59:453 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E

19:45:59:453 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A

19:45:59:453 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A

19:45:59:453 1576 TDL3_FileDetect: Processing driver: Disk

19:45:59:453 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

19:45:59:453 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

19:45:59:484 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

19:45:59:484 1576

19:45:59:484 1576 DetectCureTDL3: DEVICE_OBJECT: 86884AB8

19:45:59:484 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86884AB8

19:45:59:484 1576 DetectCureTDL3: DEVICE_OBJECT: 86BC0B18

19:45:59:484 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86BC0B18

19:45:59:484 1576 KLMD_ReadMem: Trying to ReadMemory 0x86BC0B18[0x38]

19:45:59:484 1576 DetectCureTDL3: DRIVER_OBJECT: 868847B8

19:45:59:484 1576 KLMD_ReadMem: Trying to ReadMemory 0x868847B8[0xA8]

19:45:59:484 1576 KLMD_ReadMem: Trying to ReadMemory 0xE1E35390[0x1E]

19:45:59:484 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor

19:45:59:484 1576 DetectCureTDL3: IrpHandler (0) addr: F7801218

19:45:59:484 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A

19:45:59:484 1576 DetectCureTDL3: IrpHandler (2) addr: F7801218

19:45:59:484 1576 DetectCureTDL3: IrpHandler (3) addr: F780123C

19:45:59:484 1576 DetectCureTDL3: IrpHandler (4) addr: F780123C

19:45:59:484 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A

19:45:59:484 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A

19:45:59:484 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A

19:45:59:484 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A

19:45:59:484 1576 DetectCureTDL3: IrpHandler (9) addr: 804F355A

19:45:59:484 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A

19:45:59:484 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A

19:45:59:484 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A

19:45:59:484 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A

19:45:59:484 1576 DetectCureTDL3: IrpHandler (14) addr: F7801180

19:45:59:484 1576 DetectCureTDL3: IrpHandler (15) addr: F77FC9E6

19:45:59:484 1576 DetectCureTDL3: IrpHandler (16) addr: 804F355A

19:45:59:484 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A

19:45:59:484 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A

19:45:59:484 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A

19:45:59:484 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A

19:45:59:484 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A

19:45:59:484 1576 DetectCureTDL3: IrpHandler (22) addr: F78005F0

19:45:59:484 1576 DetectCureTDL3: IrpHandler (23) addr: F77FEA6E

19:45:59:484 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A

19:45:59:484 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A

19:45:59:484 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A

19:45:59:484 1576 KLMD_ReadMem: Trying to ReadMemory 0xF77FDF26[0x400]

19:45:59:484 1576 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

19:45:59:484 1576 TDL3_FileDetect: Processing driver: usbstor

19:45:59:484 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:45:59:484 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:45:59:515 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

19:45:59:515 1576

19:45:59:515 1576 DetectCureTDL3: DEVICE_OBJECT: 86B733F0

19:45:59:515 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86B733F0

19:45:59:515 1576 DetectCureTDL3: DEVICE_OBJECT: 86BE3030

19:45:59:515 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86BE3030

19:45:59:515 1576 KLMD_ReadMem: Trying to ReadMemory 0x86BE3030[0x38]

19:45:59:515 1576 DetectCureTDL3: DRIVER_OBJECT: 868847B8

19:45:59:515 1576 KLMD_ReadMem: Trying to ReadMemory 0x868847B8[0xA8]

19:45:59:515 1576 KLMD_ReadMem: Trying to ReadMemory 0xE1E35390[0x1E]

19:45:59:515 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor

19:45:59:515 1576 DetectCureTDL3: IrpHandler (0) addr: F7801218

19:45:59:515 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A

19:45:59:515 1576 DetectCureTDL3: IrpHandler (2) addr: F7801218

19:45:59:515 1576 DetectCureTDL3: IrpHandler (3) addr: F780123C

19:45:59:515 1576 DetectCureTDL3: IrpHandler (4) addr: F780123C

19:45:59:515 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A

19:45:59:515 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A

19:45:59:515 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A

19:45:59:515 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A

19:45:59:515 1576 DetectCureTDL3: IrpHandler (9) addr: 804F355A

19:45:59:515 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A

19:45:59:515 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A

19:45:59:515 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A

19:45:59:515 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A

19:45:59:515 1576 DetectCureTDL3: IrpHandler (14) addr: F7801180

19:45:59:515 1576 DetectCureTDL3: IrpHandler (15) addr: F77FC9E6

19:45:59:515 1576 DetectCureTDL3: IrpHandler (16) addr: 804F355A

19:45:59:515 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A

19:45:59:515 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A

19:45:59:515 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A

19:45:59:515 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A

19:45:59:515 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A

19:45:59:515 1576 DetectCureTDL3: IrpHandler (22) addr: F78005F0

19:45:59:515 1576 DetectCureTDL3: IrpHandler (23) addr: F77FEA6E

19:45:59:515 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A

19:45:59:515 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A

19:45:59:515 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A

19:45:59:515 1576 KLMD_ReadMem: Trying to ReadMemory 0xF77FDF26[0x400]

19:45:59:515 1576 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

19:45:59:515 1576 TDL3_FileDetect: Processing driver: usbstor

19:45:59:515 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:45:59:515 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:45:59:546 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

19:45:59:546 1576

19:45:59:546 1576 DetectCureTDL3: DEVICE_OBJECT: 86D58030

19:45:59:546 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86D58030

19:45:59:546 1576 DetectCureTDL3: DEVICE_OBJECT: 86DAC2A0

19:45:59:546 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86DAC2A0

19:45:59:546 1576 KLMD_ReadMem: Trying to ReadMemory 0x86DAC2A0[0x38]

19:45:59:546 1576 DetectCureTDL3: DRIVER_OBJECT: 868847B8

19:45:59:546 1576 KLMD_ReadMem: Trying to ReadMemory 0x868847B8[0xA8]

19:45:59:546 1576 KLMD_ReadMem: Trying to ReadMemory 0xE1E35390[0x1E]

19:45:59:546 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor

19:45:59:546 1576 DetectCureTDL3: IrpHandler (0) addr: F7801218

19:45:59:546 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A

19:45:59:546 1576 DetectCureTDL3: IrpHandler (2) addr: F7801218

19:45:59:546 1576 DetectCureTDL3: IrpHandler (3) addr: F780123C

19:45:59:546 1576 DetectCureTDL3: IrpHandler (4) addr: F780123C

19:45:59:546 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A

19:45:59:546 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A

19:45:59:546 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A

19:45:59:546 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A

19:45:59:546 1576 DetectCureTDL3: IrpHandler (9) addr: 804F355A

19:45:59:546 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A

19:45:59:546 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A

19:45:59:546 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A

19:45:59:546 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A

19:45:59:546 1576 DetectCureTDL3: IrpHandler (14) addr: F7801180

19:45:59:546 1576 DetectCureTDL3: IrpHandler (15) addr: F77FC9E6

19:45:59:546 1576 DetectCureTDL3: IrpHandler (16) addr: 804F355A

19:45:59:546 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A

19:45:59:546 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A

19:45:59:546 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A

19:45:59:546 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A

19:45:59:546 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A

19:45:59:546 1576 DetectCureTDL3: IrpHandler (22) addr: F78005F0

19:45:59:546 1576 DetectCureTDL3: IrpHandler (23) addr: F77FEA6E

19:45:59:546 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A

19:45:59:546 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A

19:45:59:546 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A

19:45:59:546 1576 KLMD_ReadMem: Trying to ReadMemory 0xF77FDF26[0x400]

19:45:59:546 1576 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

19:45:59:546 1576 TDL3_FileDetect: Processing driver: usbstor

19:45:59:546 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:45:59:546 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:45:59:578 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

19:45:59:578 1576

19:45:59:578 1576 DetectCureTDL3: DEVICE_OBJECT: 8687E650

19:45:59:578 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8687E650

19:45:59:578 1576 DetectCureTDL3: DEVICE_OBJECT: 86BD3EA0

19:45:59:578 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86BD3EA0

19:45:59:578 1576 KLMD_ReadMem: Trying to ReadMemory 0x86BD3EA0[0x38]

19:45:59:578 1576 DetectCureTDL3: DRIVER_OBJECT: 868847B8

19:45:59:578 1576 KLMD_ReadMem: Trying to ReadMemory 0x868847B8[0xA8]

19:45:59:578 1576 KLMD_ReadMem: Trying to ReadMemory 0xE1E35390[0x1E]

19:45:59:578 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor

19:45:59:578 1576 DetectCureTDL3: IrpHandler (0) addr: F7801218

19:45:59:578 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A

19:45:59:578 1576 DetectCureTDL3: IrpHandler (2) addr: F7801218

19:45:59:578 1576 DetectCureTDL3: IrpHandler (3) addr: F780123C

19:45:59:578 1576 DetectCureTDL3: IrpHandler (4) addr: F780123C

19:45:59:578 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A

19:45:59:578 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A

19:45:59:578 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A

19:45:59:578 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A

19:45:59:578 1576 DetectCureTDL3: IrpHandler (9) addr: 804F355A

19:45:59:578 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A

19:45:59:578 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A

19:45:59:578 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A

19:45:59:578 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A

19:45:59:578 1576 DetectCureTDL3: IrpHandler (14) addr: F7801180

19:45:59:578 1576 DetectCureTDL3: IrpHandler (15) addr: F77FC9E6

19:45:59:578 1576 DetectCureTDL3: IrpHandler (16) addr: 804F355A

19:45:59:578 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A

19:45:59:578 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A

19:45:59:578 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A

19:45:59:578 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A

19:45:59:578 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A

19:45:59:578 1576 DetectCureTDL3: IrpHandler (22) addr: F78005F0

19:45:59:578 1576 DetectCureTDL3: IrpHandler (23) addr: F77FEA6E

19:45:59:578 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A

19:45:59:578 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A

19:45:59:578 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A

19:45:59:578 1576 KLMD_ReadMem: Trying to ReadMemory 0xF77FDF26[0x400]

19:45:59:578 1576 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

19:45:59:578 1576 TDL3_FileDetect: Processing driver: usbstor

19:45:59:578 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:45:59:578 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:45:59:593 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean

19:45:59:593 1576

19:45:59:593 1576 DetectCureTDL3: DEVICE_OBJECT: 87166C68

19:45:59:593 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87166C68

19:45:59:593 1576 KLMD_ReadMem: Trying to ReadMemory 0x87166C68[0x38]

19:45:59:593 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08

19:45:59:593 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8]

19:45:59:593 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18]

19:45:59:593 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

19:45:59:593 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0

19:45:59:593 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0

19:45:59:593 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F

19:45:59:593 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F

19:45:59:593 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2

19:45:59:593 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB

19:45:59:593 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28

19:45:59:593 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2

19:45:59:593 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82

19:45:59:593 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E

19:45:59:593 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A

19:45:59:593 1576 TDL3_FileDetect: Processing driver: Disk

19:45:59:593 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

19:45:59:593 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

19:45:59:593 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

19:45:59:593 1576

19:45:59:593 1576 DetectCureTDL3: DEVICE_OBJECT: 87137C68

19:45:59:593 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87137C68

19:45:59:593 1576 KLMD_ReadMem: Trying to ReadMemory 0x87137C68[0x38]

19:45:59:593 1576 DetectCureTDL3: DRIVER_OBJECT: 871D1A08

19:45:59:593 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D1A08[0xA8]

19:45:59:593 1576 KLMD_ReadMem: Trying to ReadMemory 0xE195F9C0[0x18]

19:45:59:593 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk

19:45:59:593 1576 DetectCureTDL3: IrpHandler (0) addr: F7582BB0

19:45:59:593 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (2) addr: F7582BB0

19:45:59:593 1576 DetectCureTDL3: IrpHandler (3) addr: F757CD1F

19:45:59:593 1576 DetectCureTDL3: IrpHandler (4) addr: F757CD1F

19:45:59:593 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (9) addr: F757D2E2

19:45:59:593 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (14) addr: F757D3BB

19:45:59:593 1576 DetectCureTDL3: IrpHandler (15) addr: F7580F28

19:45:59:593 1576 DetectCureTDL3: IrpHandler (16) addr: F757D2E2

19:45:59:593 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (22) addr: F757EC82

19:45:59:593 1576 DetectCureTDL3: IrpHandler (23) addr: F758399E

19:45:59:593 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A

19:45:59:593 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A

19:45:59:593 1576 TDL3_FileDetect: Processing driver: Disk

19:45:59:593 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys

19:45:59:593 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys

19:45:59:625 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean

19:45:59:625 1576

19:45:59:625 1576 DetectCureTDL3: DEVICE_OBJECT: 871D0AB8

19:45:59:625 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 871D0AB8

19:45:59:625 1576 DetectCureTDL3: DEVICE_OBJECT: 871D4B00

19:45:59:625 1576 KLMD_GetLowerDeviceObject: Trying to get lower device object for 871D4B00

19:45:59:625 1576 KLMD_ReadMem: Trying to ReadMemory 0x871D4B00[0x38]

19:45:59:625 1576 DetectCureTDL3: DRIVER_OBJECT: 8713EB60

19:45:59:625 1576 KLMD_ReadMem: Trying to ReadMemory 0x8713EB60[0xA8]

19:45:59:625 1576 KLMD_ReadMem: Trying to ReadMemory 0xE18FA8D8[0x1A]

19:45:59:625 1576 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi

19:45:59:625 1576 DetectCureTDL3: IrpHandler (0) addr: F73AE6F2

19:45:59:625 1576 DetectCureTDL3: IrpHandler (1) addr: 804F355A

19:45:59:625 1576 DetectCureTDL3: IrpHandler (2) addr: F73AE6F2

19:45:59:625 1576 DetectCureTDL3: IrpHandler (3) addr: 804F355A

19:45:59:625 1576 DetectCureTDL3: IrpHandler (4) addr: 804F355A

19:45:59:625 1576 DetectCureTDL3: IrpHandler (5) addr: 804F355A

19:45:59:625 1576 DetectCureTDL3: IrpHandler (6) addr: 804F355A

19:45:59:625 1576 DetectCureTDL3: IrpHandler (7) addr: 804F355A

19:45:59:625 1576 DetectCureTDL3: IrpHandler ( addr: 804F355A

19:45:59:625 1576 DetectCureTDL3: IrpHandler (9) addr: 804F355A

19:45:59:625 1576 DetectCureTDL3: IrpHandler (10) addr: 804F355A

19:45:59:625 1576 DetectCureTDL3: IrpHandler (11) addr: 804F355A

19:45:59:625 1576 DetectCureTDL3: IrpHandler (12) addr: 804F355A

19:45:59:625 1576 DetectCureTDL3: IrpHandler (13) addr: 804F355A

19:45:59:625 1576 DetectCureTDL3: IrpHandler (14) addr: F73AE712

19:45:59:625 1576 DetectCureTDL3: IrpHandler (15) addr: F73AA852

19:45:59:625 1576 DetectCureTDL3: IrpHandler (16) addr: 804F355A

19:45:59:625 1576 DetectCureTDL3: IrpHandler (17) addr: 804F355A

19:45:59:625 1576 DetectCureTDL3: IrpHandler (18) addr: 804F355A

19:45:59:625 1576 DetectCureTDL3: IrpHandler (19) addr: 804F355A

19:45:59:625 1576 DetectCureTDL3: IrpHandler (20) addr: 804F355A

19:45:59:625 1576 DetectCureTDL3: IrpHandler (21) addr: 804F355A

19:45:59:625 1576 DetectCureTDL3: IrpHandler (22) addr: F73AE73C

19:45:59:625 1576 DetectCureTDL3: IrpHandler (23) addr: F73B5336

19:45:59:625 1576 DetectCureTDL3: IrpHandler (24) addr: 804F355A

19:45:59:625 1576 DetectCureTDL3: IrpHandler (25) addr: 804F355A

19:45:59:625 1576 DetectCureTDL3: IrpHandler (26) addr: 804F355A

19:45:59:625 1576 KLMD_ReadMem: Trying to ReadMemory 0xF73AB864[0x400]

19:45:59:625 1576 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0

19:45:59:625 1576 TDL3_FileDetect: Processing driver: atapi

19:45:59:625 1576 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys

19:45:59:625 1576 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys

19:45:59:671 1576 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean

19:45:59:671 1576

19:45:59:671 1576 Completed

19:45:59:671 1576

19:45:59:671 1576 Results:

19:45:59:671 1576 Memory objects infected / cured / cured on reboot: 0 / 0 / 0

19:45:59:671 1576 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

19:45:59:671 1576 File objects infected / cured / cured on reboot: 0 / 0 / 0

19:45:59:671 1576

19:45:59:875 1576 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000

19:45:59:875 1576 UtilityDeinit: KLMD(ARK) unloaded successfully

[Apollo]

Non, ouf, il n'aurait plus manqué que cette sale bête, mais je l'ai demandé par précaution.

 

Va voir Pierre pour ton matos; on verra bien de quoi il retourne un peu.

 

J'avoue que je n'ai jamais vu ça...

 

@++

[laurentludo]

je viens de laisser un message a pierre 13

encore merci pr ton aide.....

 

on est pas couché lol

A plus

[Apollo]

Ok j'ai vu qu'il t'a pris en charge.

 

Tu peux le suivre, c'est un professionnel du matériel.

J'espère que tu vas retrouver tes périphériques avec les manoeuvres qu'il t'a demandé de faire.

 

@++