Comment me débarrasser de MALWARE DEFENSE

jeunenovice Messages postés 39 Statut Membre -  
jfkpresident Messages postés 13877 Statut Contributeur sécurité -
Bonjour,
J'ai récupérer de Malware defense et d'autres nuisibles. Je cherche de l'aide pour m'en débarrasser. SVP venez à mon secours, c'est l'horreur. Impossible d'utiliser AVG ou Kapersky ( version d'essai). L'accès internet est régulièrement bloqué. des fenêtres avec messages d'erreur s'ouvrent régulièrement. Merci d'avance !!!
Voici mon rapport HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:48, on 22/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\Acer TV-FM\PCMService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brctrcen.exe
C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\dumprep.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\dwwin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer TV-FM\PCMService.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing)
O20 - AppInit_DLLs: aldyjf.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Service Google Update (gupdate1ca022f9f64b058) (gupdate1ca022f9f64b058) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 14383 bytes
Configuration: Windows XP Internet Explorer 7.0

38 réponses

  • 1
  • 2
Résumé de la discussion

Une infection complexe par Malware Defense et d'autres nuisibles gêne gravement l'accès à Internet et bloque les antivirus sur Windows XP, avec un rapport HijackThis expliquant les processus et les services suspects. Des solutions proposées incluent l’usage de MBAM (Malwarebytes) et TDSSKiller pour éliminer les composants malveillants, puis l’analyse des rapports et leur partage sur VirusTotal pour vérification. D'autres échanges évoquent la gestion des démarrages et des extensions de navigateur, l'importance de ne pas supprimer des éléments système ou cracks, et des étapes intermédiaires comme désactiver le réseau puis relancer les outils. En cas de difficulté, il est recommandé de partager des rapports complémentaires (TDSSKiller, MBAM) et de vérifier les emplacements critiques cités dans HijackThis, afin d'orienter les étapes suivantes.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    Hello ;)

    Télécharge SEAF.exe de C_XX .

    *Double clique sur SEAF.exe ("éxécuter en tant qu'administrateur pour vista) .

    *Une fenetre Cmd va s'ouvrir .

    *Tape mdefense,Malware Defense dans cette fenetre et "entrée" .

    *Patiente pendant la recherche .

    *Une fenetre avec un log .txt va s'afficher .

    *Copie/colle ce rapport dans ta prochaine réponse .
    0
  2. jeunenovice Messages postés 39 Statut Membre
     
    Désolée, mais impossible de télécharger l'adresse est introuvable
    Et merci pour l'aide j'en ai vraiment besoin !!

    Rectificatif : j'ai trouvé la page, la recherche est en cours
    0
  3. flo-91 Messages postés 5973 Statut Contributeur sécurité 1 120
     
    Bonjour,

    je viens juste signaler à jfkpresident que son lien envoi sur un site "rouge" = dangereux par WOT.

    Tu t'es trompé ? lol
    0
  4. jeunenovice Messages postés 39 Statut Membre
     
    Apparemment j'ai du réussir à le virer, mais, j'ai toujours ces messages d'erreurs et l'ordi rame.
    Mais voilà déjà le post:

    1. ========================= SEAF 1.0.0.6 - C_XX | 20:47:27,51
    2.
    3. Valeur(s) recherchée(s):
    4.
    5. Malware Defense
    6. mdefense
    7.
    8.
    9. ========================= Fichier(s)/Dossier(s):
    10.
    11. Aucun fichier/Dossier trouvé.
    12.
    13. ========================= Registre:
    14.
    15.
    16.
    17. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    18. "{5E2121EE-0300-11D4-8D3B-444553540000}"="Malware Defense extension"
    19.
    20.
    21.
    22.
    23. ========================= E.O.F | 21:02:22,84
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    je viens juste signaler à jfkpresident que son lien envoi sur un site "rouge" = dangereux par WOT.
    
    Tu t'es trompé ? lol 


    Le lien a du changé mais c'était bien un hébergement chez Orange a l'origine ..

    Jeune novice : on va approfondir les recherches :

    Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

    ==>Double-clique sur RSIT.exe afin de lancer RSIT.

    ==>Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

    ==>Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    ==>Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront :

    log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit

    ==>Rend toi sur ce site: http://www.cijoint.fr/index.php

    ==>Clique sur "parcourir" et sélectionne ces fichiers ,un lien va etre créer .

    ==>Copie/colle ce lien dans ta prochaine réponse .

    Aide en images si besoin

    0
    1. jeunenovice Messages postés 39 Statut Membre
       
      Voici les deux liens proposés :
      log
      http://www.cijoint.fr/cjlink.php?file=cj200912/cijgtZNEyD.txt

      info
      http://www.cijoint.fr/cjlink.php?file=cj200912/cijuxZFNES.txt
      0
    2. jeunenovice Messages postés 39 Statut Membre
       
      Voici les deux liens proposés :
      log
      http://www.cijoint.fr/cjlink.php?file=cj200912/cijgtZNEyD.tx­t

      info
      http://www.cijoint.fr/cjlink.php?file=cj200912/cijuxZFNES.tx­t

      Après vérification de la mise à jour de hijackthis :
      log
      http://www.cijoint.fr/cjlink.php?file=cj200912/cijPSsZhAm.tx­t

      info
      http://www.cijoint.fr/cjlink.php?file=cj200912/cijiH379BR.tx­t


      Je dois retourner à mes obligations familiales, On peut réprendre plus tard ( demain !) ?
      0
  7. jeunenovice Messages postés 39 Statut Membre
     
    après vérification de la mise à jour de hijackthis :
    log
    http://www.cijoint.fr/cjlink.php?file=cj200912/cijPSsZhAm.txt

    info
    http://www.cijoint.fr/cjlink.php?file=cj200912/cijiH379BR.txt
    0
  8. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    Je dois retourner à mes obligations familiales, On peut réprendre plus tard ( demain !) ?


    Aucuns soucis ,je regarde ton rapport .
    0
    1. jeunenovice Messages postés 39 Statut Membre
       
      Merci et à +
      0
  9. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    Ton disque dur est pratiquement plein et ta RAM est tres faible !

    • Télécharge et install UsbFix par Chiquitine29

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

    • Double clic sur le raccourci UsbFix présent sur ton bureau .

    • Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    • Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

    • Laisse travailler l'outil.

    • Ensuite post le rapport UsbFix.txt qui apparaitra.

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    • Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    • Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html

    0
    1. jeunenovice Messages postés 39 Statut Membre
       
      Bonjour JFK Président

      Voici le rapport usbfix :


      ############################## | UsbFix V6.066 |

      User : Béda (Administrateurs) # ACER-FE8B363750
      Update on 20/12/2009 by Chiquitine29, C_XX & Chimay8
      Start at: 18:32:42 | 23/12/2009
      Website : http://pagesperso-orange.fr/NosTools/index.html
      Contact : FindyKill.Contact@gmail.com

      Intel(R) Celeron(R) CPU 3.06GHz
      Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
      Internet Explorer 7.0.5730.11
      Windows Firewall Status : Disabled
      AV : Malware Defense 1.0 [ Enabled | (!) Outdated ]

      C:\ -> Disque fixe local # 113,76 Go (20,5 Go free) [ACER] # NTFS
      D:\ -> Disque fixe local # 114,22 Go (114,22 Go free) [ACERDATA] # FAT32
      E:\ -> Disque CD-ROM
      F:\ -> Disque amovible
      G:\ -> Disque amovible
      H:\ -> Disque amovible
      I:\ -> Disque amovible
      J:\ -> Disque amovible
      K:\ -> Disque fixe local # 931,51 Go (398,45 Go free) [Iomega ScreenPlay HD] # NTFS

      ############################## | Processus actifs |

      C:\WINDOWS\System32\smss.exe 716
      C:\WINDOWS\system32\csrss.exe 792
      C:\WINDOWS\system32\winlogon.exe 816
      C:\WINDOWS\system32\services.exe 872
      C:\WINDOWS\system32\lsass.exe 884
      C:\WINDOWS\system32\svchost.exe 1068
      C:\WINDOWS\system32\svchost.exe 1176
      C:\WINDOWS\System32\svchost.exe 1284
      C:\WINDOWS\system32\svchost.exe 1348
      C:\WINDOWS\system32\svchost.exe 1440
      C:\WINDOWS\system32\spoolsv.exe 1688
      C:\WINDOWS\system32\svchost.exe 1832
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe 1872
      C:\Program Files\Acer\Acer eConsole\MediaServerService.exe 1896
      C:\Acer\Empowering Technology\ePerformance\MemCheck.exe 1932
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 192
      C:\WINDOWS\system32\bgsvcgen.exe 420
      C:\Program Files\Bonjour\mDNSResponder.exe 532
      C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe 564
      C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe 640
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 1232
      C:\Program Files\CDBurnerXP\NMSAccessU.exe 1264
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1436
      C:\WINDOWS\system32\svchost.exe 1756
      C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe 1300
      C:\WINDOWS\System32\alg.exe 2148
      C:\WINDOWS\Explorer.EXE 3008
      C:\WINDOWS\system32\ctfmon.exe 3188
      C:\WINDOWS\SOUNDMAN.EXE 3536
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe 3568
      C:\WINDOWS\system32\SysMonitor.exe 3592
      C:\Program Files\Acer\Acer eMode Management\AspireService.exe 3604
      C:\Program Files\Acer\Acer eConsole\MediaSync.exe 3612
      C:\Program Files\Acer TV-FM\PCMService.exe 3644
      C:\WINDOWS\system32\LVCOMSX.EXE 3680
      C:\Program Files\Logitech\Video\LogiTray.exe 3712
      C:\Program Files\Logitech\Video\FxSvr2.exe 352
      C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe 2212
      C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe 2324
      C:\Program Files\iTunes\iTunesHelper.exe 2468
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2160
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe 2328
      C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe 2104
      C:\Program Files\Brother\ControlCenter3\brccMCtl.exe 2120
      C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe 2588
      C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe 2620
      C:\Program Files\FinePixViewer\QuickDCF2.exe 1848
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe 1360
      C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe 2680
      C:\Program Files\iPod\bin\iPodService.exe 1400
      C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe 4092
      C:\Program Files\eMule\emule.exe 5380
      C:\Program Files\Internet Explorer\iexplore.exe 5736
      C:\Program Files\Windows Live\Toolbar\wltuser.exe 576
      C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe 3652
      C:\WINDOWS\system32\wbem\wmiprvse.exe 5956

      ################## | Fichiers # Dossiers infectieux |


      ################## | Registre # Clés infectieuses |

      [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

      ################## | Registre # Mountpoints2 |

      HKCU\..\..\Explorer\MountPoints2\{d7d3e8a6-aaa6-11db-9ead-0007cb0000ff}
      Shell\AutoRun\command =K:\LaunchU3.exe

      ################## | Cracks / Keygens / Serials |

      "K:\A CLASSER\le plaisir de maigrir weight watcher robert laffont edition france loisir new crack 2009.zip"
      -> Contain : Setup.exe 3238400 DFLT-N 1% 3192539 19-02-2009 10:53:18 484f53ad

      "K:\BUREAU\musique 1\Musiques de DisneyLand Paris\MUSIQUE DE DESSIN-ANIME WALT DISNEY\Gagner de l'argent sur internet\La 2Šme triche Eurobarre quand vous ˆtes absent\Crack surfrobot.zip"
      -> Contain : keygen.exe 59904 DFLT-N 5% 56702 18-11-2001 17:11:52 147bdc37

      "K:\BUREAU\musique 1\zip\[Pc App]-sygate personal firewall (il meglio firewall esistente) + serial.zip"
      -> Contain : sygate personal firewall (il miglio firewall esistente) + serial\sygate personal firewall (il miglio firewall esistente) + serial\pspf aggiornamento.exe

      "K:\BUREAU\musique 1\zip\[Pc App]-sygate personal firewall (il meglio firewall esistente) + serial.zip"
      -> Contain : sygate personal firewall (il miglio firewall esistente) + serial\sygate personal firewall (il miglio firewall esistente) + serial\pspf.exe

      "K:\musique\planning pour maigrir docteur dukan (incl. KeyGen).rar"
      -> contain : keygen\crack.exe


      ################## | ! Fin du rapport # UsbFix V6.066 ! |
      0
  10. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    Il faudrait que tu supprimes ces cracks (ils sont sources d'infections ! )

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

    • Double clic sur le raccourci UsbFix présent sur ton bureau

    • Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    • Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]

    • Ton bureau disparaitra et le pc redémarrera .

    • Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

    • Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
    0
    1. jeunenovice Messages postés 39 Statut Membre
       
      ############################## | UsbFix V6.066 |

      User : Béda (Administrateurs) # ACER-FE8B363750
      Update on 20/12/2009 by Chiquitine29, C_XX & Chimay8
      Start at: 20:42:41 | 23/12/2009
      Website : http://pagesperso-orange.fr/NosTools/index.html
      Contact : FindyKill.Contact@gmail.com

      Intel(R) Celeron(R) CPU 3.06GHz
      Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
      Internet Explorer 7.0.5730.11
      Windows Firewall Status : Disabled
      AV : Malware Defense 1.0 [ Enabled | (!) Outdated ]

      C:\ -> Disque fixe local # 113,76 Go (16,98 Go free) [ACER] # NTFS
      D:\ -> Disque fixe local # 114,22 Go (114,22 Go free) [ACERDATA] # FAT32
      E:\ -> Disque CD-ROM
      F:\ -> Disque amovible
      G:\ -> Disque amovible
      H:\ -> Disque amovible
      I:\ -> Disque amovible
      J:\ -> Disque amovible
      K:\ -> Disque fixe local # 931,51 Go (398,45 Go free) [Iomega ScreenPlay HD] # NTFS

      ############################## | Processus actifs |

      C:\WINDOWS\System32\smss.exe 712
      C:\WINDOWS\system32\csrss.exe 788
      C:\WINDOWS\system32\winlogon.exe 812
      C:\WINDOWS\system32\services.exe 868
      C:\WINDOWS\system32\lsass.exe 888
      C:\WINDOWS\system32\svchost.exe 1088
      C:\WINDOWS\system32\svchost.exe 1192
      C:\WINDOWS\System32\svchost.exe 1300
      C:\WINDOWS\system32\svchost.exe 1356
      C:\WINDOWS\system32\logonui.exe 1476
      C:\WINDOWS\system32\svchost.exe 1492
      C:\WINDOWS\system32\spoolsv.exe 1704
      C:\WINDOWS\system32\svchost.exe 1848
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe 1888
      C:\Program Files\Acer\Acer eConsole\MediaServerService.exe 1912
      C:\Acer\Empowering Technology\ePerformance\MemCheck.exe 1948
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 196
      C:\WINDOWS\system32\bgsvcgen.exe 504
      C:\Program Files\Bonjour\mDNSResponder.exe 540
      C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe 572
      C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe 648
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 1260
      C:\Program Files\CDBurnerXP\NMSAccessU.exe 1292
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1488
      C:\WINDOWS\system32\svchost.exe 828
      C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe 1308
      C:\WINDOWS\system32\wbem\wmiapsrv.exe 704
      C:\WINDOWS\System32\alg.exe 2140
      C:\WINDOWS\system32\wbem\wmiprvse.exe 2168
      C:\WINDOWS\system32\userinit.exe 2848
      C:\Program Files\Google\Update\GoogleUpdate.exe 2856
      C:\WINDOWS\Explorer.EXE 2924
      C:\Program Files\Internet Explorer\Iexplore.exe 2984
      C:\WINDOWS\system32\dwwin.exe 3012
      C:\WINDOWS\system32\ctfmon.exe 3164
      C:\Program Files\Windows Live\Toolbar\wltuser.exe 3224
      C:\WINDOWS\system32\wbem\wmiprvse.exe 3568

      ################## | Fichiers # Dossiers infectieux |

      Supprimé ! C:\Recycler\S-1-5-21-4230083051-2267535012-2804231895-1006
      Supprimé ! C:\Recycler\S-1-5-21-4230083051-2267535012-2804231895-1007
      Supprimé ! K:\$Recycle.Bin\S-1-5-21-3029813722-3470990763-3053855249-1000
      Supprimé ! K:\Recycler\S-1-5-21-4230083051-2267535012-2804231895-1006
      Supprimé ! K:\Recycler\S-1-5-21-4230083051-2267535012-2804231895-1007

      ################## | Registre # Clés infectieuses |

      Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
      Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

      ################## | Registre # Mountpoints2 |

      Supprimé ! HKCU\...\Explorer\MountPoints2\{d7d3e8a6-aaa6-11db-9ead-0007cb0000ff}\Shell\AutoRun\Command

      ################## | Listing des fichiers présent |

      [19/01/2007 20:46|--a------|153] C:\AUTOEXEC.BAT
      [21/11/2006 10:54|-rahs----|216] C:\boot.ini
      [05/08/2004 13:00|-rahs----|4952] C:\Bootfont.bin
      [21/09/2008 13:18|--a------|14437] C:\ComboFix.txt
      [02/11/2005 23:53|--a------|0] C:\CONFIG.SYS
      [17/12/2007 21:02|--a------|319] C:\drmHeader.bin
      [09/12/2006 11:18|--a------|0] C:\dump_dvd.vob
      [?|?|?] C:\hiberfil.sys
      [02/11/2005 23:53|-rahs----|0] C:\IO.SYS
      [01/12/2006 10:23|--a------|183] C:\LogiSetup.log
      [02/11/2005 23:53|-rahs----|0] C:\MSDOS.SYS
      [05/08/2004 13:00|-rahs----|47564] C:\NTDETECT.COM
      [03/09/2008 18:14|-rahs----|252240] C:\ntldr
      [?|?|?] C:\pagefile.sys
      [03/11/2005 17:31|-rahs----|75] C:\Preload.aaa
      [21/09/2008 13:14|--a------|1190] C:\rapport.txt
      [15/08/2007 15:42|--a------|343] C:\rapport_clean.txt
      [19/01/2007 20:46|---h-----|27] C:\TraFgFr.Tra
      [23/12/2009 20:49|--a------|4442] C:\UsbFix.txt
      [19/09/2008 12:11|--ahs----|6144] D:\Thumbs.db
      [26/09/2009 13:27|---hs----|3220] K:\AlbumArtSmall.jpg
      [26/09/2009 13:12|---hs----|9721] K:\AlbumArt_{7D4A6365-00B8-48CB-9F2C-C839D29A87F3}_Large.jpg
      [26/09/2009 13:12|---hs----|2534] K:\AlbumArt_{7D4A6365-00B8-48CB-9F2C-C839D29A87F3}_Small.jpg
      [26/09/2009 13:27|---hs----|16140] K:\AlbumArt_{9708207D-9EB9-4D11-8B2B-5B5EB5F2CE32}_Large.jpg
      [26/09/2009 13:27|---hs----|3220] K:\AlbumArt_{9708207D-9EB9-4D11-8B2B-5B5EB5F2CE32}_Small.jpg
      [26/09/2009 13:26|---hs----|14820] K:\AlbumArt_{AB657041-590F-40D7-963A-28338CD56769}_Large.jpg
      [26/09/2009 13:26|---hs----|3336] K:\AlbumArt_{AB657041-590F-40D7-963A-28338CD56769}_Small.jpg
      [26/09/2009 13:26|---hs----|346] K:\desktop.ini
      [26/09/2009 13:27|---hs----|16140] K:\Folder.jpg

      ################## | Vaccination |

      # C:\autorun.inf -> Dossier créé par UsbFix.
      # D:\autorun.inf -> Dossier créé par UsbFix.
      # K:\autorun.inf -> Dossier créé par UsbFix.

      ################## | Cracks / Keygens / Serials |

      "K:\A CLASSER\le plaisir de maigrir weight watcher robert laffont edition france loisir new crack 2009.zip"
      -> Contain : Setup.exe 3238400 DFLT-N 1% 3192539 19-02-2009 10:53:18 484f53ad

      "K:\BUREAU\musique 1\Musiques de DisneyLand Paris\MUSIQUE DE DESSIN-ANIME WALT DISNEY\Gagner de l'argent sur internet\La 2Šme triche Eurobarre quand vous ˆtes absent\Crack surfrobot.zip"
      -> Contain : keygen.exe 59904 DFLT-N 5% 56702 18-11-2001 17:11:52 147bdc37

      "K:\BUREAU\musique 1\zip\[Pc App]-sygate personal firewall (il meglio firewall esistente) + serial.zip"
      -> Contain : sygate personal firewall (il miglio firewall esistente) + serial\sygate personal firewall (il miglio firewall esistente) + serial\pspf aggiornamento.exe

      "K:\BUREAU\musique 1\zip\[Pc App]-sygate personal firewall (il meglio firewall esistente) + serial.zip"
      -> Contain : sygate personal firewall (il miglio firewall esistente) + serial\sygate personal firewall (il miglio firewall esistente) + serial\pspf.exe

      "K:\musique\planning pour maigrir docteur dukan (incl. KeyGen).rar"
      -> contain : keygen\crack.exe


      ################## | Upload |

      Veuillez envoyer le fichier : C:\DOCUME~1\BDA~1\Bureau\UsbFix_Upload_Me_ACER-FE8B363750.zip : https://www.ionos.fr/?affiliate_id=77097
      Merci pour votre contribution .

      ################## | ! Fin du rapport # UsbFix V6.066 ! |
      0
  11. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    As tu supprimé les cracks ?

    Peux tu envoyer ce fichier comme décrit (cela fera avancé la recherhce anti-malware) ...Merci -;)

    Veuillez envoyer le fichier : C:\DOCUME~1\BDA~1\Bureau\UsbFix_Upload_Me_ACER-FE8B363750.zip : https://www.ionos.fr/?affiliate_id=77097
    Merci pour votre contribution .


    1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

    2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau à partir de ce lien :

    https://www.malwarebytes.com/

    3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

    4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

    5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

    6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

    7) Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

    8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

    9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

    10) Si des malwares ont été détectés, leur liste s'affiche.
    En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

    11) MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

    12) Ferme MBAM en cliquant sur Quitter.

    13) Poste le rapport dans ta réponse
    0
    1. jeunenovice Messages postés 39 Statut Membre
       
      J'ai supprimé les cracks via la corbeille. Est-ce ce qu'il fallait faire ???

      Je m'occupe du reste maintenant. A+ et encore merci !!
      0
    2. jeunenovice Messages postés 39 Statut Membre
       
      P.S : j'ai déjà fait suivre le fichier pour la recherche
      0
  12. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    J'ai supprimé les cracks via la corbeille. Est-ce ce qu'il fallait faire ??? 


    N'oubli pas de vider la corbeille -;)
    P.S : j'ai déjà fait suivre le fichier pour la recherche


    Merci .
    0
    1. jeunenovice Messages postés 39 Statut Membre
       
      C'est là que commencent les problèmes. Impossible d'executer MBAM, il est bloquer par qlq chose !!!
      J'ai viré spybot et kapersky (version démo). Mais toujours rien. Sur la session de mon mari, j'ai trouvé :
      1/ un autre nuisible ( SECURITY CENTER ALERTS ) C'est peut-être lui qui bloque tout.
      2/ une fenêtre qui s'ouvre seule (microsoft) avec trois fichiers (office live, search enhancement pack, et office live fichier zip)
      3/ messages d'erreurs ( erreur d'application. 1 point d'arrêt a été atteint, etc.)

      Que dois-je faire ??
      0
    2. jeunenovice Messages postés 39 Statut Membre
       
      N'oubli pas de vider la corbeille -;)
      c'est fait
      0
    3. jeunenovice Messages postés 39 Statut Membre
       
      Dans l'attente, joyeux Noël...
      0
  13. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    Re ;)

    Il s'agit peut etre de Brontok ,on va voir ça de suite :

    Télécharges ComboFix à partir d'un de ces liens :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    https://forospyware.com
    http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

    Et important, enregistre le sur le bureau.

    Avant d'utiliser ComboFix :

    Clic droit sur le fichier combofix puis "renommer" en scan.exe

    ? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    ? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
    la protection en temps réel de ton Antivirus et de tes Antispywares,
    qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur scan.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt,.
    est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    ? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares,
    avant de te reconnecter à internet.

    ? Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
    0
    1. jeunenovice Messages postés 39 Statut Membre
       
      C'est pareil ! Une fois l'enregistrement sur le bureau effectué, je lance l'execution, et là plus rien...
      Deplus, je n'ai pas d'antivirus ou antispyware...
      0
  14. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    Ok ,tu va essayer comme ceci :

    Mais assure toi avant d'avoir renommer combofix.exe en scan.exe /!\

    • Télécharge DDO (de Anthony5151) sur ton Bureau
    • Lance DDO
    • Lis les informations données et appuie sur une touche pour continuer
    • Quand DDO te le demandera, tape scan.exe et appuie sur la touche Entrée

    0
    1. jeunenovice Messages postés 39 Statut Membre
       
      Il me dit que scan.exe est introuvable, changement de nom impossible. ???
      0
    2. jeunenovice Messages postés 39 Statut Membre
       
      As-tu une autre idée ???
      0
  15. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    Essaie avec combofix.exe si ça ne fonctionne pas ,télécharge combofix ici
    0
    1. jeunenovice Messages postés 39 Statut Membre
       
      ça ne marche pas avec combofix.exe. Je télécharge l'autre. Faut-il supprimer le premier au préalable ??
      0
  16. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    ça ne marche pas avec combofix.exe. Je télécharge l'autre. Faut-il supprimer le premier au préalable ??


    Oui ,tu peux supprimer le premier (C:\combofix)
    0
    1. jeunenovice Messages postés 39 Statut Membre
       
      Ok !

      Voilà le rapport combokill
      ComboFix 09-12-23.05 - Béda 24/12/2009 15:25:36.3.1 - x86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.447.198 [GMT 1:00]
      Lancé depuis: c:\documents and settings\Béda\Bureau\Combokill.exe
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\windows\system32\drivers\H8SRTkpuwetdpjq.sys
      c:\windows\system32\dumphive.exe
      c:\windows\system32\H8SRTmxbwkrtpyr.dll
      c:\windows\system32\H8SRTmxvqvctyqj.dll
      c:\windows\system32\H8SRTrkbtxehkut.dat
      c:\windows\system32\krl32mainweq.dll
      c:\windows\system32\Process.exe
      c:\windows\system32\SrchSTS.exe
      c:\windows\system32\srcr.dat
      c:\windows\system32\tmp.reg

      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Service_H8SRTd.sys
      -------\Legacy_H8SRTd.sys


      ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-24 au 2009-12-24 ))))))))))))))))))))))))))))))))))))
      .

      2009-12-23 22:49 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2009-12-23 22:49 . 2009-12-23 22:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2009-12-23 22:49 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
      2009-12-23 17:31 . 2009-12-23 19:50 -------- d-----w- C:\UsbFix
      2009-12-22 21:01 . 2009-12-22 21:01 -------- d-----w- C:\rsit
      2009-12-22 19:46 . 2009-12-22 20:02 -------- d-----w- c:\program files\SEAF
      2009-12-20 19:44 . 2009-12-20 19:44 50968 ----a-w- c:\windows\system32\avgfwdx.dll
      2009-12-20 19:44 . 2009-12-20 19:44 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
      2009-12-20 19:44 . 2009-12-20 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-12-23 21:40 . 2007-08-14 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2009-12-20 19:41 . 2008-04-03 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
      2009-12-10 11:08 . 2006-05-14 06:19 90014 ----a-w- c:\windows\system32\perfc00C.dat
      2009-12-10 11:08 . 2006-05-14 06:19 523288 ----a-w- c:\windows\system32\perfh00C.dat
      2009-11-26 13:57 . 2006-11-22 09:50 -------- d-----w- c:\program files\Google
      2009-11-26 13:53 . 2009-10-24 09:33 -------- d-----w- c:\program files\easyMule
      2009-11-19 18:55 . 2007-01-06 07:35 92264 -c--a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-11-07 15:24 . 2009-11-07 15:24 -------- d-----w- c:\program files\Windows Mobile Device Handbook
      2009-10-29 07:44 . 2006-01-09 18:02 832512 ----a-w- c:\windows\system32\wininet.dll
      2009-10-29 07:44 . 2004-08-05 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
      2009-10-29 07:44 . 2004-08-05 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
      2009-10-25 16:40 . 2006-12-31 14:36 -------- d-----w- c:\program files\adslTV
      2009-10-25 16:37 . 2009-10-25 16:37 0 ----a-w- c:\windows\7zS1F.tmp
      2009-10-25 15:47 . 2009-10-15 22:46 -------- d-----w- c:\program files\Microsoft
      2009-10-21 05:39 . 2004-08-05 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
      2009-10-21 05:39 . 2004-08-05 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
      2009-10-20 16:20 . 2004-08-05 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
      2009-10-13 10:33 . 2004-08-05 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
      2009-10-12 13:39 . 2004-08-05 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
      2009-10-12 13:39 . 2004-08-05 12:00 150528 ----a-w- c:\windows\system32\rastls.dll
      2009-09-28 13:28 . 2007-08-15 15:27 1100 ----a-w- c:\windows\system32\d3d8caps.dat
      2009-09-28 07:55 . 2009-09-28 07:55 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
      2007-01-19 19:46 . 2007-01-19 19:46 10987008 -c--a-w- c:\program files\fran-ang.exe
      2006-12-31 14:35 . 2006-12-31 14:35 26346830 -c--a-w- c:\program files\setup-adsltv.exe
      2006-12-17 11:22 . 2006-12-17 11:22 1935360 -c--a-w- c:\program files\vorbis-tools-1.0.tar.gz
      2006-12-06 14:34 . 2006-12-06 14:34 1104734 -c--a-w- c:\program files\dvdshrink_3.2.0.16_fr.zip
      2006-12-01 10:46 . 2006-12-01 10:46 263453 -c--a-w- c:\program files\deskbar.exe
      2006-05-29 14:40 . 2006-12-31 15:19 7296000 -c--a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
      .

      ------- Sigcheck -------

      [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
      [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
      [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
      [-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
      [7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
      [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
      [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
      [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
      [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
      [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
      [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
      [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
      [-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
      [-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
      [7] 2004-08-05 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 68856]
      "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-13 67128]
      "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [BU]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "LaunchApp"="Alaunch" [X]
      "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
      "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
      "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
      "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
      "SiSPower"="SiSPower.dll" [2005-07-13 49152]
      "SoundMan"="SOUNDMAN.EXE" [2005-08-16 90112]
      "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
      "Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-18 49152]
      "AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2006-06-09 110592]
      "MediaSync"="c:\program files\Acer\Acer eConsole\MediaSync.exe" [2006-05-04 425984]
      "PCMService"="c:\program files\Acer TV-FM\PCMService.exe" [2006-03-29 143360]
      "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
      "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
      "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
      "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
      "WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-07-12 24576]
      "Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-12 311350]
      "Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-04 28739]
      "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
      "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
      "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
      "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
      "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
      "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
      "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
      "NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-02 2327840]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

      c:\documents and settings\B‚da\Menu D‚marrer\Programmes\D‚marrage\
      Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-5-26 385024]

      c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-11-21 45056]
      Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
      Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
      ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-12-4 303104]
      Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-13 67128]
      Rappels du Calendrier Microsoft Works.lnk - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe [2000-7-12 24633]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "HonorAutoRunSetting"= 0 (0x0)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "HonorAutoRunSetting"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Acer TV-FM\\PowerCinema.exe"=
      "c:\\Program Files\\Acer TV-FM\\PCMService.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
      "c:\\Program Files\\eMule\\emule.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

      R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [15/10/2009 23:50 54752]
      S2 gupdate1ca022f9f64b058;Service Google Update (gupdate1ca022f9f64b058);c:\program files\Google\Update\GoogleUpdate.exe [11/07/2009 14:58 133104]
      S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [20/12/2009 20:44 30104]
      S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [20/12/2009 20:44 30104]
      S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [20/10/2004 14:23 21344]
      S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
      .
      ------- Examen supplémentaire -------
      .
      uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
      uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
      uInternet Settings,ProxyOverride = localhost
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
      WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
      HKCU-Run-msnmsgr - c:\program files\MSN Messenger\MsnMsgr.Exe



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-12-24 15:36
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
      "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'explorer.exe'(2992)
      c:\progra~1\WINDOW~1\wmpband.dll
      c:\windows\system32\eappprxy.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
      c:\program files\Acer\Acer eConsole\MediaServerService.exe
      c:\acer\Empowering Technology\ePerformance\MemCheck.exe
      c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      c:\windows\system32\bgsvcgen.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\program files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
      c:\program files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
      c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      c:\program files\CDBurnerXP\NMSAccessU.exe
      c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      c:\program files\Acer TV-FM\Kernel\TV\CLSched.exe
      c:\windows\system32\wscntfy.exe
      c:\windows\SOUNDMAN.EXE
      c:\program files\Brother\ControlCenter3\brccMCtl.exe
      c:\program files\Brother\Brmfcmon\BrMfcmon.exe
      c:\program files\Logitech\Video\FxSvr2.exe
      c:\program files\iPod\bin\iPodService.exe
      .
      **************************************************************************
      .
      Heure de fin: 2009-12-24 15:46:25 - La machine a redémarré
      ComboFix-quarantined-files.txt 2009-12-24 14:46
      ComboFix2.txt 2008-09-21 12:18
      ComboFix3.txt 2008-09-19 13:24

      Avant-CF: 14 328 766 464 octets libres
      Après-CF: 15 044 624 384 octets libres

      WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

      - - End Of File - - 4C3C9447B5D26EB280C62D6304FB1982

      Que fait-on ensuite ?
      0
  17. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    Maintenant essaie de lancer MBAM (Malware'sByte's) . Si tu n'y arrive pas ,fait ceci :

    Télécharge TDSSKiller

    Dézippe le sur ton bureau puis lance le .
    0
    1. jeunenovice Messages postés 39 Statut Membre
       
      Ce coup ci MBAM a fonctionné, ci-joint le le rapport :
      Malwarebytes' Anti-Malware 1.42
      Version de la base de données: 3425
      Windows 5.1.2600 Service Pack 3
      Internet Explorer 7.0.5730.11

      24/12/2009 21:07:14
      mbam-log-2009-12-24 (21-07-14).txt

      Type de recherche: Examen complet (C:\|D:\|K:\|)
      Eléments examinés: 219826
      Temps écoulé: 1 hour(s), 57 minute(s), 38 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 9

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\Documents and Settings\Ahmed\Local Settings\temp\install_flash_player.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ahmed\Local Settings\temp\wscsvc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Ahmed\Local Settings\temp\richtx64.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\QooBox\Quarantine\C\WINDOWS\system32\H8SRTmxbwkrtpyr.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\QooBox\Quarantine\C\WINDOWS\system32\H8SRTmxvqvctyqj.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\H8SRTkpuwetdpjq.sys.vir (Malware.Packer) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP562\A0085017.sys (Malware.Packer) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP562\A0085018.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP562\A0085019.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

      Que fait-on après ???
      0
  18. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    Il va falloir analyser un ou des fichier(s) suspect(s) !

    Il se peut qu'il se trouvent dans les " dossiers cachés " du systeme.
    Il faut donc les rendre visibles pour le scan.

    Pour afficher les dossiers et fichiers cachés:

    Panneau de configuration > Options des dossiers > onglet Affichage.

    Coche Afficher les fichiers et dossiers cachés,
    Décoche Masquer les extensions de fichiers connus
    Décoche Masquer les fichiers protégés du Système.
    Un message de mise en garde va apparaitre. Clique sur OK pour confirmer ton choix.
    Les fichiers et dossiers cachés du système apparaitront alors dans l'explorateur Windows en transparence.

    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier : C:\WINDOWS\System32\DRIVERS\atapi.sys

    Clique sur Send File.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.

    0
    1. jeunenovice Messages postés 39 Statut Membre
       
      Voici le rapport :

      Fichier atapi.sys reçu le 2009.12.25 10:41:36 (UTC)
      Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


      Résultat: 1/40 (2.5%)
      en train de charger les informations du serveur...
      Votre fichier est dans la file d'attente, en position: 1.
      L'heure estimée de démarrage est entre 40 et 57 secondes.
      Ne fermez pas la fenêtre avant la fin de l'analyse.
      L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
      Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
      Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
      les résultats seront affichés au fur et à mesure de leur génération.
      Formaté Impression des résultats
      Votre fichier a expiré ou n'existe pas.
      Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

      Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
      Email:


      Antivirus Version Dernière mise à jour Résultat
      a-squared 4.5.0.43 2009.12.25 -
      AhnLab-V3 5.0.0.2 2009.12.24 -
      AntiVir 7.9.1.122 2009.12.24 -
      Antiy-AVL 2.0.3.7 2009.12.25 -
      Authentium 5.2.0.5 2009.12.25 -
      Avast 4.8.1351.0 2009.12.25 -
      AVG 8.5.0.430 2009.12.24 -
      BitDefender 7.2 2009.12.25 -
      CAT-QuickHeal 10.00 2009.12.24 -
      ClamAV 0.94.1 2009.12.25 -
      Comodo 3361 2009.12.25 -
      DrWeb 5.0.1.12222 2009.12.25 -
      eSafe 7.0.17.0 2009.12.24 Win32.Rootkit
      eTrust-Vet 35.1.7197 2009.12.25 -
      F-Prot 4.5.1.85 2009.12.25 -
      F-Secure 9.0.15370.0 2009.12.24 -
      Fortinet 4.0.14.0 2009.12.25 -
      GData 19 2009.12.25 -
      Ikarus T3.1.1.79.0 2009.12.25 -
      K7AntiVirus 7.10.929 2009.12.24 -
      Kaspersky 7.0.0.125 2009.12.25 -
      McAfee 5842 2009.12.24 -
      McAfee+Artemis 5842 2009.12.24 -
      McAfee-GW-Edition 6.8.5 2009.12.25 -
      Microsoft 1.5302 2009.12.25 -
      NOD32 4715 2009.12.24 -
      Norman 6.04.03 2009.12.24 -
      nProtect 2009.1.8.0 2009.12.24 -
      Panda 10.0.2.2 2009.12.15 -
      PCTools 7.0.3.5 2009.12.25 -
      Prevx 3.0 2009.12.25 -
      Rising 22.27.04.04 2009.12.25 -
      Sophos 4.49.0 2009.12.25 -
      Sunbelt 3.2.1858.2 2009.12.24 -
      Symantec 1.4.4.12 2009.12.25 -
      TheHacker 6.5.0.3.110 2009.12.24 -
      TrendMicro 9.120.0.1004 2009.12.25 -
      VBA32 3.12.12.0 2009.12.25 -
      ViRobot 2009.12.24.2107 2009.12.24 -
      VirusBuster 5.0.21.0 2009.12.25 -
      Information additionnelle
      File size: 96512 bytes
      MD5...: 9f3a2f5aa6875c72bf062c712cfa2674
      SHA1..: a719156e8ad67456556a02c34e762944234e7a44
      SHA256: b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9
      ssdeep: 1536:MwXpkfV74F1D7yNEZIHRRJMohmus27G1j/XBoDQi7oaRMJfYHFktprll1Kb
      DD0uu:MQ+N74vkEZIxMohjsimBoDTRMBwFktZu

      PEiD..: -
      PEInfo: PE Structure information

      ( base data )
      entrypointaddress.: 0x159f7
      timedatestamp.....: 0x4802539d (Sun Apr 13 18:40:29 2008)
      machinetype.......: 0x14c (I386)

      ( 9 sections )
      name viradd virsiz rawdsiz ntrpy md5
      .text 0x380 0x97ba 0x9800 6.45 0d7d81391f33c6450a81be1e3ac8c7b7
      NONPAGE 0x9b80 0x18e8 0x1900 6.48 c74a833abd81cc5d037de168e055ad29
      .rdata 0xb480 0xa64 0xa80 4.31 8523651899e28819a14bf9415af25708
      .data 0xbf00 0xd94 0xe00 0.45 3575b51634ae7a56f55f1ee0a6213834
      PAGESCAN 0xcd00 0x157f 0x1580 6.20 dc4c309c4db9576daa752fdd125fccf9
      PAGE 0xe280 0x61da 0x6200 6.46 40b83d4d552384e58a03517a98eb4863
      INIT 0x14480 0x22be 0x2300 6.47 906462abc478368424ea462d5868d2e3
      .rsrc 0x16780 0x3e0 0x400 3.36 8fd2d82e745b289c28bc056d3a0d62ab
      .reloc 0x16b80 0xd20 0xd80 6.39 ce2b0898cc0e40b618e5df9099f6be45

      ( 3 imports )
      > ntoskrnl.exe: RtlInitUnicodeString, swprintf, KeSetEvent, IoCreateSymbolicLink, IoGetConfigurationInformation, IoDeleteSymbolicLink, MmFreeMappingAddress, IoFreeErrorLogEntry, IoDisconnectInterrupt, MmUnmapIoSpace, ObReferenceObjectByPointer, IofCompleteRequest, RtlCompareUnicodeString, IofCallDriver, MmAllocateMappingAddress, IoAllocateErrorLogEntry, IoConnectInterrupt, IoDetachDevice, KeWaitForSingleObject, KeInitializeEvent, KeCancelTimer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, IoBuildDeviceIoControlRequest, IoQueueWorkItem, MmMapIoSpace, IoInvalidateDeviceRelations, IoReportDetectedDevice, IoReportResourceForDetection, RtlxAnsiStringToUnicodeSize, NlsMbCodePageTag, PoRequestPowerIrp, KeInsertByKeyDeviceQueue, PoRegisterDeviceForIdleDetection, sprintf, MmMapLockedPagesSpecifyCache, ObfDereferenceObject, IoGetAttachedDeviceReference, IoInvalidateDeviceState, ZwClose, ObReferenceObjectByHandle, ZwCreateDirectoryObject, IoBuildSynchronousFsdRequest, PoStartNextPowerIrp, IoCreateDevice, RtlCopyUnicodeString, IoAllocateDriverObjectExtension, RtlQueryRegistryValues, ZwOpenKey, RtlFreeUnicodeString, IoStartTimer, KeInitializeTimer, IoInitializeTimer, KeInitializeDpc, KeInitializeSpinLock, IoInitializeIrp, ZwCreateKey, RtlAppendUnicodeStringToString, RtlIntegerToUnicodeString, ZwSetValueKey, KeInsertQueueDpc, KefAcquireSpinLockAtDpcLevel, IoStartPacket, KefReleaseSpinLockFromDpcLevel, IoBuildAsynchronousFsdRequest, IoFreeMdl, MmUnlockPages, IoWriteErrorLogEntry, KeRemoveByKeyDeviceQueue, MmMapLockedPagesWithReservedMapping, MmUnmapReservedMapping, KeSynchronizeExecution, IoStartNextPacket, KeBugCheckEx, KeRemoveDeviceQueue, KeSetTimer, _allmul, MmProbeAndLockPages, _except_handler3, PoSetPowerState, IoOpenDeviceRegistryKey, RtlWriteRegistryValue, RtlDeleteRegistryValue, _aulldiv, strstr, _strupr, KeQuerySystemTime, IoWMIRegistrationControl, KeTickCount, IoAttachDeviceToDeviceStack, IoDeleteDevice, ExAllocatePoolWithTag, IoAllocateWorkItem, IoAllocateIrp, IoAllocateMdl, MmBuildMdlForNonPagedPool, MmLockPagableDataSection, IoGetDriverObjectExtension, MmUnlockPagableImageSection, ExFreePoolWithTag, IoFreeIrp, IoFreeWorkItem, InitSafeBootMode, RtlCompareMemory, PoCallDriver, memmove, MmHighestUserAddress
      > HAL.dll: KfAcquireSpinLock, READ_PORT_UCHAR, KeGetCurrentIrql, KfRaiseIrql, KfLowerIrql, HalGetInterruptVector, HalTranslateBusAddress, KeStallExecutionProcessor, KfReleaseSpinLock, READ_PORT_BUFFER_USHORT, READ_PORT_USHORT, WRITE_PORT_BUFFER_USHORT, WRITE_PORT_UCHAR
      > WMILIB.SYS: WmiSystemControl, WmiCompleteRequest

      ( 0 exports )

      RDS...: NSRL Reference Data Set
      -
      pdfid.: -
      trid..: Win32 Executable Generic (68.0%)
      Generic Win/DOS Executable (15.9%)
      DOS Executable Generic (15.9%)
      Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
      packers (Kaspersky): PE_Patch
      sigcheck:
      publisher....: Microsoft Corporation
      copyright....: (c) Microsoft Corporation. All rights reserved.
      product......: Microsoft_ Windows_ Operating System
      description..: IDE/ATAPI Port Driver
      original name: atapi.sys
      internal name: atapi.sys
      file version.: 5.1.2600.5512 (xpsp.080413-2108)
      comments.....: n/a
      signers......: -
      signing date.: -
      verified.....: Unsigned
      0
  19. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    Télécharge ZhpDiag en cliquant sur ce lien : https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

    Une fois le téléchargement achevé, double clique sur ZHPDiag.exe(clic droit ,"éxécuter en tant qu'administrateur" pour Vista).

    Une fois installé le programme s'ouvre automatiquement .

    Clique sur "options"(icone petit tournevis) puis cocher toutes les cases mis a part les 045 et 061 (décoché par défaut).

    Clique sur la loupe pour lancer l'analyse.

    A la fin de l'analyse, clique sur la "disquette" (enregistrer sous..) .

    Rend toi sur ce site : http://www.cijoint.fr/index.php

    Clique sur parcourir et sélectionne le fichier ZhpDiag.txt .

    Un lien va etre créer ,poste ce lien dans ta prochaine réponse.
    0
    1. jeunenovice Messages postés 39 Statut Membre
       
      Bonjour JFK President,

      Voici le lien :

      http://www.cijoint.fr/cjlink.php?file=cj200912/cijFzsNC8f.txt
      0
  20. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    Tu as utilisé TDSSKiller ,peut tu me collé le rapport qui se trouve ici : C:\TDSSKiller (log.txt)

    Tu va passer également ce fichier sur VirusTotal (comme indiqué post#33) : C:\WINDOWS\PEV.exe

    Dis moi si ton pc va mieux ?
    0
    1. jeunenovice Messages postés 39 Statut Membre
       
      Le PC va mieux d'une manière générale. J'ai toujours une fenêtre microsoft qui s'ouvre à chaque démarrage de l'ordi. J'ai également un fichier texte nommé EULA sur le bureau (???)
      Dois je garder tous les programmes téléchargés sur le bureau : usbfix, combo, seaf, rsit, mbam,..;
      Comment protéger efficament mon PC ? Quel antivirus ou antispyware, parefeu dois-je installer ???
      Merci

      VOici le rapport TDSSKILLER

      22:45:21:109 3548 TDSSKiller 2.1.1 Dec 20 2009 02:40:02
      22:45:21:109 3548 ================================================================================
      22:45:21:109 3548 SystemInfo:

      22:45:21:109 3548 OS Version: 5.1.2600 ServicePack: 3.0
      22:45:21:109 3548 Product type: Workstation
      22:45:21:109 3548 ComputerName: ACER-FE8B363750
      22:45:21:109 3548 UserName: Béda
      22:45:21:109 3548 Windows directory: C:\WINDOWS
      22:45:21:109 3548 Processor architecture: Intel x86
      22:45:21:109 3548 Number of processors: 1
      22:45:21:109 3548 Page size: 0x1000
      22:45:21:109 3548 Boot type: Normal boot
      22:45:21:109 3548 ================================================================================
      22:45:21:109 3548 ForceUnloadDriver: NtUnloadDriver error 2
      22:45:21:125 3548 ForceUnloadDriver: NtUnloadDriver error 2
      22:45:21:125 3548 ForceUnloadDriver: NtUnloadDriver error 2
      22:45:21:125 3548 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0
      22:45:21:125 3548 main: Driver KLMD successfully dropped
      22:45:21:125 3548 main: Driver KLMD successfully loaded
      22:45:21:125 3548
      Scanning Registry ...
      22:45:21:125 3548 ScanServices: Searching service UACd.sys
      22:45:21:125 3548 ScanServices: Open/Create key error 2
      22:45:21:125 3548 ScanServices: Searching service TDSSserv.sys
      22:45:21:125 3548 ScanServices: Open/Create key error 2
      22:45:21:125 3548 ScanServices: Searching service gaopdxserv.sys
      22:45:21:125 3548 ScanServices: Open/Create key error 2
      22:45:21:125 3548 ScanServices: Searching service gxvxcserv.sys
      22:45:21:125 3548 ScanServices: Open/Create key error 2
      22:45:21:125 3548 ScanServices: Searching service MSIVXserv.sys
      22:45:21:125 3548 ScanServices: Open/Create key error 2
      22:45:21:125 3548 UnhookRegistry: Kernel module file name: C:\windows\system32\ntoskrnl.exe, base addr: 804D7000
      22:45:21:140 3548 UnhookRegistry: Kernel local addr: A40000
      22:45:21:140 3548 UnhookRegistry: KeServiceDescriptorTable addr: ACB520
      22:45:21:140 3548 UnhookRegistry: KiServiceTable addr: A4D8B0
      22:45:21:140 3548 UnhookRegistry: NtEnumerateKey service number (local): 47
      22:45:21:140 3548 UnhookRegistry: NtEnumerateKey local addr: AE1E14
      22:45:21:140 3548 KLMD_OpenDevice: Trying to open KLMD device
      22:45:21:140 3548 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
      22:45:21:140 3548 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
      22:45:21:140 3548 KLMD_ReadMem: Trying to ReadMemory 0x804E380F[0x4]
      22:45:21:140 3548 UnhookRegistry: NtEnumerateKey service number (kernel): 47
      22:45:21:140 3548 KLMD_ReadMem: Trying to ReadMemory 0x804E49CC[0x4]
      22:45:21:140 3548 UnhookRegistry: NtEnumerateKey real addr: 80578E14
      22:45:21:140 3548 UnhookRegistry: NtEnumerateKey calc addr: 80578E14
      22:45:21:140 3548 UnhookRegistry: No SDT hooks found on NtEnumerateKey
      22:45:21:140 3548 KLMD_ReadMem: Trying to ReadMemory 0x80578E14[0xA]
      22:45:21:140 3548 UnhookRegistry: No splicing found on NtEnumerateKey
      22:45:21:140 3548
      Scanning Kernel memory ...
      22:45:21:156 3548 KLMD_OpenDevice: Trying to open KLMD device
      22:45:21:156 3548 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
      22:45:21:156 3548 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
      22:45:21:156 3548 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 84F98F38
      22:45:21:156 3548 DetectCureTDL3: KLMD_GetDeviceObjectList returned 16 DevObjects
      22:45:21:156 3548 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 84D8BC68
      22:45:21:156 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84D8BC68
      22:45:21:156 3548 KLMD_ReadMem: Trying to ReadMemory 0x84D8BC68[0x38]
      22:45:21:156 3548 DetectCureTDL3: DRIVER_OBJECT addr: 84F98F38
      22:45:21:156 3548 KLMD_ReadMem: Trying to ReadMemory 0x84F98F38[0xA8]
      22:45:21:156 3548 KLMD_ReadMem: Trying to ReadMemory 0xE16390C8[0x208]
      22:45:21:156 3548 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (0) addr: F778FBB0
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (1) addr: 804F9739
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (2) addr: F778FBB0
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (3) addr: F7789D1F
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (4) addr: F7789D1F
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (5) addr: 804F9739
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (6) addr: 804F9739
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (7) addr: 804F9739
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (8) addr: 804F9739
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (9) addr: F778A2E2
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (10) addr: 804F9739
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (11) addr: 804F9739
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (12) addr: 804F9739
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (13) addr: 804F9739
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (14) addr: F778A3BB
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (15) addr: F778DF28
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (16) addr: F778A2E2
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (17) addr: 804F9739
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (18) addr: 804F9739
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (19) addr: 804F9739
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (20) addr: 804F9739
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (21) addr: 804F9739
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (22) addr: F778BC82
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (23) addr: F779099E
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (24) addr: 804F9739
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (25) addr: 804F9739
      22:45:21:156 3548 DetectCureTDL3: IrpHandler (26) addr: 804F9739
      22:45:21:156 3548 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
      22:45:21:156 3548 KLMD_ReadMem: DeviceIoControl error 1
      22:45:21:156 3548 TDL3_StartIoHookDetect: Unable to get StartIo handler code
      22:45:21:156 3548 TDL3_FileDetect: Processing driver: Disk
      22:45:21:156 3548 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
      22:45:21:156 3548 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
      22:45:21:156 3548 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
      22:45:21:171 3548 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 84D63130
      22:45:21:171 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84D63130
      22:45:21:171 3548 KLMD_ReadMem: Trying to ReadMemory 0x84D63130[0x38]
      22:45:21:171 3548 DetectCureTDL3: DRIVER_OBJECT addr: 84F98F38
      22:45:21:171 3548 KLMD_ReadMem: Trying to ReadMemory 0x84F98F38[0xA8]
      22:45:21:171 3548 KLMD_ReadMem: Trying to ReadMemory 0xE16390C8[0x208]
      22:45:21:171 3548 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
      22:45:21:171 3548 DetectCureTDL3: IrpHandler (0) addr: F778FBB0
      22:45:21:171 3548 DetectCureTDL3: IrpHandler (1) addr: 804F9739
      22:45:21:171 3548 DetectCureTDL3: IrpHandler (2) addr: F778FBB0
      22:45:21:171 3548 DetectCureTDL3: IrpHandler (3) addr: F7789D1F
      22:45:21:171 3548 DetectCureTDL3: IrpHandler (4) addr: F7789D1F
      22:45:21:171 3548 DetectCureTDL3: IrpHandler (5) addr: 804F9739
      22:45:21:171 3548 DetectCureTDL3: IrpHandler (6) addr: 804F9739
      22:45:21:171 3548 DetectCureTDL3: IrpHandler (7) addr: 804F9739
      22:45:21:171 3548 DetectCureTDL3: IrpHandler (8) addr: 804F9739
      22:45:21:171 3548 DetectCureTDL3: IrpHandler (9) addr: F778A2E2
      22:45:21:171 3548 DetectCureTDL3: IrpHandler (10) addr: 804F9739
      22:45:21:171 3548 DetectCureTDL3: IrpHandler (11) addr: 804F9739
      22:45:21:171 3548 DetectCureTDL3: IrpHandler (12) addr: 804F9739
      22:45:21:171 3548 DetectCureTDL3: IrpHandler (13) addr: 804F9739
      22:45:21:171 3548 DetectCureTDL3: IrpHandler (14) addr: F778A3BB
      22:45:21:171 3548 DetectCureTDL3: IrpHandler (15) addr: F778DF28
      22:45:21:187 3548 DetectCureTDL3: IrpHandler (16) addr: F778A2E2
      22:45:21:187 3548 DetectCureTDL3: IrpHandler (17) addr: 804F9739
      22:45:21:187 3548 DetectCureTDL3: IrpHandler (18) addr: 804F9739
      22:45:21:187 3548 DetectCureTDL3: IrpHandler (19) addr: 804F9739
      22:45:21:187 3548 DetectCureTDL3: IrpHandler (20) addr: 804F9739
      22:45:21:187 3548 DetectCureTDL3: IrpHandler (21) addr: 804F9739
      22:45:21:187 3548 DetectCureTDL3: IrpHandler (22) addr: F778BC82
      22:45:21:187 3548 DetectCureTDL3: IrpHandler (23) addr: F779099E
      22:45:21:187 3548 DetectCureTDL3: IrpHandler (24) addr: 804F9739
      22:45:21:187 3548 DetectCureTDL3: IrpHandler (25) addr: 804F9739
      22:45:21:187 3548 DetectCureTDL3: IrpHandler (26) addr: 804F9739
      22:45:21:187 3548 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
      22:45:21:187 3548 KLMD_ReadMem: DeviceIoControl error 1
      22:45:21:187 3548 TDL3_StartIoHookDetect: Unable to get StartIo handler code
      22:45:21:187 3548 TDL3_FileDetect: Processing driver: Disk
      22:45:21:187 3548 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
      22:45:21:187 3548 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
      22:45:21:187 3548 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
      22:45:21:203 3548 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 84D95510
      22:45:21:203 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84D95510
      22:45:21:203 3548 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 84CF1030
      22:45:21:203 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84CF1030
      22:45:21:203 3548 KLMD_ReadMem: Trying to ReadMemory 0x84CF1030[0x38]
      22:45:21:203 3548 DetectCureTDL3: DRIVER_OBJECT addr: 84A79B10
      22:45:21:203 3548 KLMD_ReadMem: Trying to ReadMemory 0x84A79B10[0xA8]
      22:45:21:203 3548 KLMD_ReadMem: Trying to ReadMemory 0xE15E0AC0[0x208]
      22:45:21:203 3548 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (0) addr: F7A16218
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (1) addr: 804F9739
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (2) addr: F7A16218
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (3) addr: F7A1623C
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (4) addr: F7A1623C
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (5) addr: 804F9739
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (6) addr: 804F9739
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (7) addr: 804F9739
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (8) addr: 804F9739
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (9) addr: 804F9739
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (10) addr: 804F9739
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (11) addr: 804F9739
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (12) addr: 804F9739
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (13) addr: 804F9739
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (14) addr: F7A16180
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (15) addr: F7A119E6
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (16) addr: 804F9739
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (17) addr: 804F9739
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (18) addr: 804F9739
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (19) addr: 804F9739
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (20) addr: 804F9739
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (21) addr: 804F9739
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (22) addr: F7A155F0
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (23) addr: F7A13A6E
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (24) addr: 804F9739
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (25) addr: 804F9739
      22:45:21:203 3548 DetectCureTDL3: IrpHandler (26) addr: 804F9739
      22:45:21:203 3548 KLMD_ReadMem: Trying to ReadMemory 0xF7A12F26[0x400]
      22:45:21:203 3548 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
      22:45:21:203 3548 TDL3_FileDetect: Processing driver: USBSTOR
      22:45:21:203 3548 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk
      22:45:21:203 3548 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
      22:45:21:203 3548 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
      22:45:21:218 3548 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 84D96C68
      22:45:21:218 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84D96C68
      22:45:21:218 3548 KLMD_ReadMem: Trying to ReadMemory 0x84D96C68[0x38]
      22:45:21:218 3548 DetectCureTDL3: DRIVER_OBJECT addr: 84F98F38
      22:45:21:218 3548 KLMD_ReadMem: Trying to ReadMemory 0x84F98F38[0xA8]
      22:45:21:218 3548 KLMD_ReadMem: Trying to ReadMemory 0xE16390C8[0x208]
      22:45:21:218 3548 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (0) addr: F778FBB0
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (1) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (2) addr: F778FBB0
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (3) addr: F7789D1F
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (4) addr: F7789D1F
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (5) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (6) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (7) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (8) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (9) addr: F778A2E2
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (10) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (11) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (12) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (13) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (14) addr: F778A3BB
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (15) addr: F778DF28
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (16) addr: F778A2E2
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (17) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (18) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (19) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (20) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (21) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (22) addr: F778BC82
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (23) addr: F779099E
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (24) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (25) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (26) addr: 804F9739
      22:45:21:218 3548 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
      22:45:21:218 3548 KLMD_ReadMem: DeviceIoControl error 1
      22:45:21:218 3548 TDL3_StartIoHookDetect: Unable to get StartIo handler code
      22:45:21:218 3548 TDL3_FileDetect: Processing driver: Disk
      22:45:21:218 3548 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
      22:45:21:218 3548 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
      22:45:21:218 3548 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
      22:45:21:218 3548 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 84DF6170
      22:45:21:218 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84DF6170
      22:45:21:218 3548 KLMD_ReadMem: Trying to ReadMemory 0x84DF6170[0x38]
      22:45:21:218 3548 DetectCureTDL3: DRIVER_OBJECT addr: 84F98F38
      22:45:21:218 3548 KLMD_ReadMem: Trying to ReadMemory 0x84F98F38[0xA8]
      22:45:21:218 3548 KLMD_ReadMem: Trying to ReadMemory 0xE16390C8[0x208]
      22:45:21:218 3548 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (0) addr: F778FBB0
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (1) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (2) addr: F778FBB0
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (3) addr: F7789D1F
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (4) addr: F7789D1F
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (5) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (6) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (7) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (8) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (9) addr: F778A2E2
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (10) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (11) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (12) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (13) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (14) addr: F778A3BB
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (15) addr: F778DF28
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (16) addr: F778A2E2
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (17) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (18) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (19) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (20) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (21) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (22) addr: F778BC82
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (23) addr: F779099E
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (24) addr: 804F9739
      22:45:21:218 3548 DetectCureTDL3: IrpHandler (25) addr: 804F9739
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (26) addr: 804F9739
      22:45:21:234 3548 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
      22:45:21:234 3548 KLMD_ReadMem: DeviceIoControl error 1
      22:45:21:234 3548 TDL3_StartIoHookDetect: Unable to get StartIo handler code
      22:45:21:234 3548 TDL3_FileDetect: Processing driver: Disk
      22:45:21:234 3548 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
      22:45:21:234 3548 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
      22:45:21:234 3548 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
      22:45:21:234 3548 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 84D7EA08
      22:45:21:234 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84D7EA08
      22:45:21:234 3548 KLMD_ReadMem: Trying to ReadMemory 0x84D7EA08[0x38]
      22:45:21:234 3548 DetectCureTDL3: DRIVER_OBJECT addr: 84F98F38
      22:45:21:234 3548 KLMD_ReadMem: Trying to ReadMemory 0x84F98F38[0xA8]
      22:45:21:234 3548 KLMD_ReadMem: Trying to ReadMemory 0xE16390C8[0x208]
      22:45:21:234 3548 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (0) addr: F778FBB0
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (1) addr: 804F9739
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (2) addr: F778FBB0
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (3) addr: F7789D1F
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (4) addr: F7789D1F
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (5) addr: 804F9739
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (6) addr: 804F9739
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (7) addr: 804F9739
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (8) addr: 804F9739
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (9) addr: F778A2E2
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (10) addr: 804F9739
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (11) addr: 804F9739
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (12) addr: 804F9739
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (13) addr: 804F9739
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (14) addr: F778A3BB
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (15) addr: F778DF28
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (16) addr: F778A2E2
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (17) addr: 804F9739
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (18) addr: 804F9739
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (19) addr: 804F9739
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (20) addr: 804F9739
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (21) addr: 804F9739
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (22) addr: F778BC82
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (23) addr: F779099E
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (24) addr: 804F9739
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (25) addr: 804F9739
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (26) addr: 804F9739
      22:45:21:234 3548 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
      22:45:21:234 3548 KLMD_ReadMem: DeviceIoControl error 1
      22:45:21:234 3548 TDL3_StartIoHookDetect: Unable to get StartIo handler code
      22:45:21:234 3548 TDL3_FileDetect: Processing driver: Disk
      22:45:21:234 3548 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
      22:45:21:234 3548 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
      22:45:21:234 3548 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
      22:45:21:234 3548 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 84D44988
      22:45:21:234 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84D44988
      22:45:21:234 3548 KLMD_ReadMem: Trying to ReadMemory 0x84D44988[0x38]
      22:45:21:234 3548 DetectCureTDL3: DRIVER_OBJECT addr: 84F98F38
      22:45:21:234 3548 KLMD_ReadMem: Trying to ReadMemory 0x84F98F38[0xA8]
      22:45:21:234 3548 KLMD_ReadMem: Trying to ReadMemory 0xE16390C8[0x208]
      22:45:21:234 3548 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (0) addr: F778FBB0
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (1) addr: 804F9739
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (2) addr: F778FBB0
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (3) addr: F7789D1F
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (4) addr: F7789D1F
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (5) addr: 804F9739
      22:45:21:234 3548 DetectCureTDL3: IrpHandler (6) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (7) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (8) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (9) addr: F778A2E2
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (10) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (11) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (12) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (13) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (14) addr: F778A3BB
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (15) addr: F778DF28
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (16) addr: F778A2E2
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (17) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (18) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (19) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (20) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (21) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (22) addr: F778BC82
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (23) addr: F779099E
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (24) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (25) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (26) addr: 804F9739
      22:45:21:250 3548 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
      22:45:21:250 3548 KLMD_ReadMem: DeviceIoControl error 1
      22:45:21:250 3548 TDL3_StartIoHookDetect: Unable to get StartIo handler code
      22:45:21:250 3548 TDL3_FileDetect: Processing driver: Disk
      22:45:21:250 3548 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
      22:45:21:250 3548 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
      22:45:21:250 3548 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
      22:45:21:250 3548 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 84CD1AB8
      22:45:21:250 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84CD1AB8
      22:45:21:250 3548 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 84CBC030
      22:45:21:250 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84CBC030
      22:45:21:250 3548 KLMD_ReadMem: Trying to ReadMemory 0x84CBC030[0x38]
      22:45:21:250 3548 DetectCureTDL3: DRIVER_OBJECT addr: 84A79B10
      22:45:21:250 3548 KLMD_ReadMem: Trying to ReadMemory 0x84A79B10[0xA8]
      22:45:21:250 3548 KLMD_ReadMem: Trying to ReadMemory 0xE15E0AC0[0x208]
      22:45:21:250 3548 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (0) addr: F7A16218
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (1) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (2) addr: F7A16218
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (3) addr: F7A1623C
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (4) addr: F7A1623C
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (5) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (6) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (7) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (8) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (9) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (10) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (11) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (12) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (13) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (14) addr: F7A16180
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (15) addr: F7A119E6
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (16) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (17) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (18) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (19) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (20) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (21) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (22) addr: F7A155F0
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (23) addr: F7A13A6E
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (24) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (25) addr: 804F9739
      22:45:21:250 3548 DetectCureTDL3: IrpHandler (26) addr: 804F9739
      22:45:21:250 3548 KLMD_ReadMem: Trying to ReadMemory 0xF7A12F26[0x400]
      22:45:21:250 3548 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
      22:45:21:250 3548 TDL3_FileDetect: Processing driver: USBSTOR
      22:45:21:250 3548 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk
      22:45:21:250 3548 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
      22:45:21:250 3548 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
      22:45:21:265 3548 DetectCureTDL3: 8 Curr stack PDEVICE_OBJECT: 84D3EAB8
      22:45:21:265 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84D3EAB8
      22:45:21:265 3548 DetectCureTDL3: 8 Curr stack PDEVICE_OBJECT: 84F5F540
      22:45:21:265 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84F5F540
      22:45:21:265 3548 KLMD_ReadMem: Trying to ReadMemory 0x84F5F540[0x38]
      22:45:21:265 3548 DetectCureTDL3: DRIVER_OBJECT addr: 84A79B10
      22:45:21:265 3548 KLMD_ReadMem: Trying to ReadMemory 0x84A79B10[0xA8]
      22:45:21:265 3548 KLMD_ReadMem: Trying to ReadMemory 0xE15E0AC0[0x208]
      22:45:21:265 3548 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (0) addr: F7A16218
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (1) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (2) addr: F7A16218
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (3) addr: F7A1623C
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (4) addr: F7A1623C
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (5) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (6) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (7) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (8) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (9) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (10) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (11) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (12) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (13) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (14) addr: F7A16180
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (15) addr: F7A119E6
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (16) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (17) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (18) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (19) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (20) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (21) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (22) addr: F7A155F0
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (23) addr: F7A13A6E
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (24) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (25) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (26) addr: 804F9739
      22:45:21:265 3548 KLMD_ReadMem: Trying to ReadMemory 0xF7A12F26[0x400]
      22:45:21:265 3548 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
      22:45:21:265 3548 TDL3_FileDetect: Processing driver: USBSTOR
      22:45:21:265 3548 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk
      22:45:21:265 3548 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
      22:45:21:265 3548 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
      22:45:21:265 3548 DetectCureTDL3: 9 Curr stack PDEVICE_OBJECT: 84A0F3E0
      22:45:21:265 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84A0F3E0
      22:45:21:265 3548 DetectCureTDL3: 9 Curr stack PDEVICE_OBJECT: 84CB38E0
      22:45:21:265 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84CB38E0
      22:45:21:265 3548 KLMD_ReadMem: Trying to ReadMemory 0x84CB38E0[0x38]
      22:45:21:265 3548 DetectCureTDL3: DRIVER_OBJECT addr: 84A79B10
      22:45:21:265 3548 KLMD_ReadMem: Trying to ReadMemory 0x84A79B10[0xA8]
      22:45:21:265 3548 KLMD_ReadMem: Trying to ReadMemory 0xE15E0AC0[0x208]
      22:45:21:265 3548 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (0) addr: F7A16218
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (1) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (2) addr: F7A16218
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (3) addr: F7A1623C
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (4) addr: F7A1623C
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (5) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (6) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (7) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (8) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (9) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (10) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (11) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (12) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (13) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (14) addr: F7A16180
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (15) addr: F7A119E6
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (16) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (17) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (18) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (19) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (20) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (21) addr: 804F9739
      22:45:21:265 3548 DetectCureTDL3: IrpHandler (22) addr: F7A155F0
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (23) addr: F7A13A6E
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (24) addr: 804F9739
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (25) addr: 804F9739
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (26) addr: 804F9739
      22:45:21:281 3548 KLMD_ReadMem: Trying to ReadMemory 0xF7A12F26[0x400]
      22:45:21:281 3548 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
      22:45:21:281 3548 TDL3_FileDetect: Processing driver: USBSTOR
      22:45:21:281 3548 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk
      22:45:21:281 3548 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
      22:45:21:281 3548 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
      22:45:21:281 3548 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 84D40030
      22:45:21:281 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84D40030
      22:45:21:281 3548 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 84F5F1D8
      22:45:21:281 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84F5F1D8
      22:45:21:281 3548 KLMD_ReadMem: Trying to ReadMemory 0x84F5F1D8[0x38]
      22:45:21:281 3548 DetectCureTDL3: DRIVER_OBJECT addr: 84A79B10
      22:45:21:281 3548 KLMD_ReadMem: Trying to ReadMemory 0x84A79B10[0xA8]
      22:45:21:281 3548 KLMD_ReadMem: Trying to ReadMemory 0xE15E0AC0[0x208]
      22:45:21:281 3548 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (0) addr: F7A16218
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (1) addr: 804F9739
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (2) addr: F7A16218
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (3) addr: F7A1623C
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (4) addr: F7A1623C
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (5) addr: 804F9739
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (6) addr: 804F9739
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (7) addr: 804F9739
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (8) addr: 804F9739
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (9) addr: 804F9739
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (10) addr: 804F9739
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (11) addr: 804F9739
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (12) addr: 804F9739
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (13) addr: 804F9739
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (14) addr: F7A16180
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (15) addr: F7A119E6
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (16) addr: 804F9739
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (17) addr: 804F9739
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (18) addr: 804F9739
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (19) addr: 804F9739
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (20) addr: 804F9739
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (21) addr: 804F9739
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (22) addr: F7A155F0
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (23) addr: F7A13A6E
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (24) addr: 804F9739
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (25) addr: 804F9739
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (26) addr: 804F9739
      22:45:21:281 3548 KLMD_ReadMem: Trying to ReadMemory 0xF7A12F26[0x400]
      22:45:21:281 3548 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
      22:45:21:281 3548 TDL3_FileDetect: Processing driver: USBSTOR
      22:45:21:281 3548 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk
      22:45:21:281 3548 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
      22:45:21:281 3548 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
      22:45:21:281 3548 DetectCureTDL3: 11 Curr stack PDEVICE_OBJECT: 84A127F8
      22:45:21:281 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84A127F8
      22:45:21:281 3548 DetectCureTDL3: 11 Curr stack PDEVICE_OBJECT: 84CA5748
      22:45:21:281 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84CA5748
      22:45:21:281 3548 KLMD_ReadMem: Trying to ReadMemory 0x84CA5748[0x38]
      22:45:21:281 3548 DetectCureTDL3: DRIVER_OBJECT addr: 84A79B10
      22:45:21:281 3548 KLMD_ReadMem: Trying to ReadMemory 0x84A79B10[0xA8]
      22:45:21:281 3548 KLMD_ReadMem: Trying to ReadMemory 0xE15E0AC0[0x208]
      22:45:21:281 3548 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
      22:45:21:281 3548 DetectCureTDL3: IrpHandler (0) addr: F7A16218
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (1) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (2) addr: F7A16218
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (3) addr: F7A1623C
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (4) addr: F7A1623C
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (5) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (6) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (7) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (8) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (9) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (10) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (11) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (12) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (13) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (14) addr: F7A16180
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (15) addr: F7A119E6
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (16) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (17) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (18) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (19) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (20) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (21) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (22) addr: F7A155F0
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (23) addr: F7A13A6E
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (24) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (25) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (26) addr: 804F9739
      22:45:21:296 3548 KLMD_ReadMem: Trying to ReadMemory 0xF7A12F26[0x400]
      22:45:21:296 3548 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
      22:45:21:296 3548 TDL3_FileDetect: Processing driver: USBSTOR
      22:45:21:296 3548 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk
      22:45:21:296 3548 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
      22:45:21:296 3548 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
      22:45:21:296 3548 DetectCureTDL3: 12 Curr stack PDEVICE_OBJECT: 84F48C68
      22:45:21:296 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84F48C68
      22:45:21:296 3548 KLMD_ReadMem: Trying to ReadMemory 0x84F48C68[0x38]
      22:45:21:296 3548 DetectCureTDL3: DRIVER_OBJECT addr: 84F98F38
      22:45:21:296 3548 KLMD_ReadMem: Trying to ReadMemory 0x84F98F38[0xA8]
      22:45:21:296 3548 KLMD_ReadMem: Trying to ReadMemory 0xE16390C8[0x208]
      22:45:21:296 3548 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (0) addr: F778FBB0
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (1) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (2) addr: F778FBB0
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (3) addr: F7789D1F
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (4) addr: F7789D1F
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (5) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (6) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (7) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (8) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (9) addr: F778A2E2
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (10) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (11) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (12) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (13) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (14) addr: F778A3BB
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (15) addr: F778DF28
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (16) addr: F778A2E2
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (17) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (18) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (19) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (20) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (21) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (22) addr: F778BC82
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (23) addr: F779099E
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (24) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (25) addr: 804F9739
      22:45:21:296 3548 DetectCureTDL3: IrpHandler (26) addr: 804F9739
      22:45:21:296 3548 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
      22:45:21:296 3548 KLMD_ReadMem: DeviceIoControl error 1
      22:45:21:296 3548 TDL3_StartIoHookDetect: Unable to get StartIo handler code
      22:45:21:296 3548 TDL3_FileDetect: Processing driver: Disk
      22:45:21:296 3548 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
      22:45:21:296 3548 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
      22:45:21:296 3548 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
      22:45:21:312 3548 DetectCureTDL3: 13 Curr stack PDEVICE_OBJECT: 84F48030
      22:45:21:312 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84F48030
      22:45:21:312 3548 KLMD_ReadMem: Trying to ReadMemory 0x84F48030[0x38]
      22:45:21:312 3548 DetectCureTDL3: DRIVER_OBJECT addr: 84F98F38
      22:45:21:312 3548 KLMD_ReadMem: Trying to ReadMemory 0x84F98F38[0xA8]
      22:45:21:312 3548 KLMD_ReadMem: Trying to ReadMemory 0xE16390C8[0x208]
      22:45:21:312 3548 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (0) addr: F778FBB0
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (1) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (2) addr: F778FBB0
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (3) addr: F7789D1F
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (4) addr: F7789D1F
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (5) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (6) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (7) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (8) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (9) addr: F778A2E2
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (10) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (11) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (12) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (13) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (14) addr: F778A3BB
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (15) addr: F778DF28
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (16) addr: F778A2E2
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (17) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (18) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (19) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (20) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (21) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (22) addr: F778BC82
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (23) addr: F779099E
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (24) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (25) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (26) addr: 804F9739
      22:45:21:312 3548 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
      22:45:21:312 3548 KLMD_ReadMem: DeviceIoControl error 1
      22:45:21:312 3548 TDL3_StartIoHookDetect: Unable to get StartIo handler code
      22:45:21:312 3548 TDL3_FileDetect: Processing driver: Disk
      22:45:21:312 3548 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
      22:45:21:312 3548 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
      22:45:21:312 3548 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
      22:45:21:312 3548 DetectCureTDL3: 14 Curr stack PDEVICE_OBJECT: 84F977E8
      22:45:21:312 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84F977E8
      22:45:21:312 3548 KLMD_ReadMem: Trying to ReadMemory 0x84F977E8[0x38]
      22:45:21:312 3548 DetectCureTDL3: DRIVER_OBJECT addr: 84F98F38
      22:45:21:312 3548 KLMD_ReadMem: Trying to ReadMemory 0x84F98F38[0xA8]
      22:45:21:312 3548 KLMD_ReadMem: Trying to ReadMemory 0xE16390C8[0x208]
      22:45:21:312 3548 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (0) addr: F778FBB0
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (1) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (2) addr: F778FBB0
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (3) addr: F7789D1F
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (4) addr: F7789D1F
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (5) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (6) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (7) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (8) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (9) addr: F778A2E2
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (10) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (11) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (12) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (13) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (14) addr: F778A3BB
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (15) addr: F778DF28
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (16) addr: F778A2E2
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (17) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (18) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (19) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (20) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (21) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (22) addr: F778BC82
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (23) addr: F779099E
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (24) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (25) addr: 804F9739
      22:45:21:312 3548 DetectCureTDL3: IrpHandler (26) addr: 804F9739
      22:45:21:312 3548 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
      22:45:21:312 3548 KLMD_ReadMem: DeviceIoControl error 1
      22:45:21:312 3548 TDL3_StartIoHookDetect: Unable to get StartIo handler code
      22:45:21:312 3548 TDL3_FileDetect: Processing driver: Disk
      22:45:21:312 3548 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
      22:45:21:328 3548 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
      22:45:21:328 3548 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
      22:45:21:328 3548 DetectCureTDL3: 15 Curr stack PDEVICE_OBJECT: 84F98810
      22:45:21:328 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84F98810
      22:45:21:328 3548 DetectCureTDL3: 15 Curr stack PDEVICE_OBJECT: 84F8C580
      22:45:21:328 3548 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84F8C580
      22:45:21:328 3548 KLMD_ReadMem: Trying to ReadMemory 0x84F8C580[0x38]
      22:45:21:328 3548 DetectCureTDL3: DRIVER_OBJECT addr: 84F8CF38
      22:45:21:328 3548 KLMD_ReadMem: Trying to ReadMemory 0x84F8CF38[0xA8]
      22:45:21:328 3548 KLMD_ReadMem: Trying to ReadMemory 0xE163A8E8[0x208]
      22:45:21:328 3548 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (0) addr: F76AB6F2
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (1) addr: 804F9739
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (2) addr: F76AB6F2
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (3) addr: 804F9739
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (4) addr: 804F9739
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (5) addr: 804F9739
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (6) addr: 804F9739
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (7) addr: 804F9739
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (8) addr: 804F9739
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (9) addr: 804F9739
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (10) addr: 804F9739
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (11) addr: 804F9739
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (12) addr: 804F9739
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (13) addr: 804F9739
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (14) addr: F76AB712
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (15) addr: F76A7852
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (16) addr: 804F9739
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (17) addr: 804F9739
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (18) addr: 804F9739
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (19) addr: 804F9739
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (20) addr: 804F9739
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (21) addr: 804F9739
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (22) addr: F76AB73C
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (23) addr: F76B2336
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (24) addr: 804F9739
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (25) addr: 804F9739
      22:45:21:328 3548 DetectCureTDL3: IrpHandler (26) addr: 804F9739
      22:45:21:328 3548 KLMD_ReadMem: Trying to ReadMemory 0xF76A8864[0x400]
      22:45:21:328 3548 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0
      22:45:21:328 3548 TDL3_FileDetect: Processing driver: atapi
      22:45:21:328 3548 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk
      22:45:21:328 3548 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
      22:45:21:328 3548 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys
      22:45:21:343 3548
      Completed

      Results:
      22:45:21:343 3548 Infected objects in memory: 0
      22:45:21:343 3548 Cured objects in memory: 0
      22:45:21:343 3548 Infected objects on disk: 0
      22:45:21:343 3548 Objects on disk cured on reboot: 0
      22:45:21:343 3548 Objects on disk deleted on reboot: 0
      22:45:21:343 3548 Registry nodes deleted on reboot: 0
      22:45:21:343 3548

      VOICI LE RAPPORT VIRUS TOTAL

      Fichier PEV.exe reçu le 2009.12.26 12:56:34 (UTC)
      Situation actuelle: terminé

      Résultat: 4/41 (9.76%)
      Formaté Impression des résultats
      Antivirus Version Dernière mise à jour Résultat
      a-squared 4.5.0.43 2009.12.26 -
      AhnLab-V3 5.0.0.2 2009.12.26 -
      AntiVir 7.9.1.122 2009.12.25 -
      Antiy-AVL 2.0.3.7 2009.12.25 -
      Authentium 5.2.0.5 2009.12.26 -
      Avast 4.8.1351.0 2009.12.26 -
      AVG 8.5.0.430 2009.12.26 -
      BitDefender 7.2 2009.12.26 -
      CAT-QuickHeal 10.00 2009.12.26 (Suspicious) - DNAScan
      ClamAV 0.94.1 2009.12.26 -
      Comodo 3375 2009.12.26 -
      DrWeb 5.0.1.12222 2009.12.26 -
      eSafe 7.0.17.0 2009.12.24 Suspicious File
      eTrust-Vet 35.1.7198 2009.12.25 -
      F-Prot 4.5.1.85 2009.12.26 -
      F-Secure 9.0.15370.0 2009.12.26 -
      Fortinet 4.0.14.0 2009.12.26 -
      GData 19 2009.12.26 -
      Ikarus T3.1.1.79.0 2009.12.26 -
      Jiangmin 13.0.900 2009.12.26 -
      K7AntiVirus 7.10.931 2009.12.26 -
      Kaspersky 7.0.0.125 2009.12.26 -
      McAfee 5842 2009.12.24 -
      McAfee+Artemis 5842 2009.12.24 -
      McAfee-GW-Edition 6.8.5 2009.12.26 Heuristic.LooksLike.Win32.Suspicious.C
      Microsoft 1.5302 2009.12.26 -
      NOD32 4716 2009.12.25 -
      Norman 6.04.03 2009.12.26 -
      nProtect 2009.1.8.0 2009.12.26 -
      Panda 10.0.2.2 2009.12.15 Suspicious file
      PCTools 7.0.3.5 2009.12.26 -
      Prevx 3.0 2009.12.26 -
      Rising 22.27.05.04 2009.12.26 -
      Sophos 4.49.0 2009.12.25 -
      Sunbelt 3.2.1858.2 2009.12.26 -
      Symantec 1.4.4.12 2009.12.26 -
      TheHacker 6.5.0.3.111 2009.12.25 -
      TrendMicro 9.120.0.1004 2009.12.26 -
      VBA32 3.12.12.0 2009.12.26 -
      ViRobot 2009.12.26.2109 2009.12.26 -
      VirusBuster 5.0.21.0 2009.12.25 -
      Information additionnelle
      File size: 261632 bytes
      MD5 : 4e20f3b27b334e9273fc3890b7948bd8
      SHA1 : ff937b7eb12048f227d35d42efe3375dc5d7d1a0
      SHA256: afb212b270e325888c330e97ef93fe5399e0ab6b0870c624ab28231fc8ee8c72
      PEInfo: PE Structure information

      ( base data )
      entrypointaddress.: 0x1000
      timedatestamp.....: 0x4B1FB9AD (Wed Dec 9 15:52:29 2009)
      machinetype.......: 0x14C (Intel I386)

      ( 3 sections )
      name viradd virsiz rawdsiz ntrpy md5
      .text 0x1000 0xD1000 0x3E600 8.00 aa60f3c16e3b0fab6e082459c3701555
      .rsrc 0xD2000 0x2000 0x1200 7.23 7dd9c5b051360dcd9867eb9ac7e54706
      .reloc 0xD4000 0x200 0x200 0.22 b2653d9ffb17cc053523a34099297f53

      ( 1 imports )

      > kernel32.dll: LoadLibraryA, GetProcAddress, VirtualAlloc, VirtualFree

      ( 0 exports )

      TrID : File type identification
      Win32 EXE PECompact compressed (v2.x) (48.9%)
      Win32 EXE PECompact compressed (generic) (34.4%)
      Win32 Executable Generic (7.0%)
      Win32 Dynamic Link Library (generic) (6.2%)
      Generic Win/DOS Executable (1.6%)
      ssdeep: 6144:Lb0Cz2tkTv92ga9kLs9VCmm+9ah0jdWWG6tLoack7Z1Q:LbzitE92kLP9+98Iw6tTT1Q
      PEiD : -
      packers (Kaspersky): PE_Patch.PECompact, PecBundle
      packers (F-Prot): PecBundle, PECompact
      RDS : NSRL Reference Data Set
      -
      0
  21. jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
     
    J'ai toujours une fenêtre microsoft qui s'ouvre à chaque démarrage de l'ordi.


    C'est a dire ?

    J'ai également un fichier texte nommé EULA sur le bureau (???) 


    Tu peux le supprimer si il t'est inconnu .

    Tu as toujours AVG antivirus d'actif ?
    0
  • 1
  • 2