Virus Malware Defense
Alex2345
-
moment de grace Messages postés 30049 Statut Contributeur sécurité -
moment de grace Messages postés 30049 Statut Contributeur sécurité -
Bonjour,
Je suis infecté par le virus Malware Defense qui me propose d'acheter sa version payante mais qui est en fait un virus, mais je ne sait pas comment m'en débarrasser.
Merci de votre aide
Rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07:10, on 2010-01-15
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cls_pack.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhlp64.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cls_pack.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cls_pack.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: LimeWire On Startup.lnk.disabled
O4 - Global Startup: Windows Search.lnk.disabled
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://support.lenovo.com/fr/en/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
Je suis infecté par le virus Malware Defense qui me propose d'acheter sa version payante mais qui est en fait un virus, mais je ne sait pas comment m'en débarrasser.
Merci de votre aide
Rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07:10, on 2010-01-15
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cls_pack.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhlp64.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cls_pack.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cls_pack.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: LimeWire On Startup.lnk.disabled
O4 - Global Startup: Windows Search.lnk.disabled
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://support.lenovo.com/fr/en/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
A voir également:
- Virus Malware Defense
- Malwarebytes anti-malware - Télécharger - Antivirus & Antimalwares
- Virus mcafee - Accueil - Piratage
- Softonic virus ✓ - Forum Virus
- Tokyvideo virus ✓ - Forum TV & Vidéo
- Virus facebook demande d'amis - Accueil - Facebook
27 réponses
Je viens d'en faire un autre
18:36:08:781 3660 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
18:36:08:781 3660 ================================================================================
18:36:08:781 3660 SystemInfo:
18:36:08:781 3660 OS Version: 5.1.2600 ServicePack: 3.0
18:36:08:781 3660 Product type: Workstation
18:36:08:781 3660 ComputerName: IBM-0D2F2C11BCC
18:36:08:781 3660 UserName: Administrateur
18:36:08:781 3660 Windows directory: C:\WINDOWS
18:36:08:781 3660 Processor architecture: Intel x86
18:36:08:781 3660 Number of processors: 2
18:36:08:781 3660 Page size: 0x1000
18:36:08:781 3660 Boot type: Normal boot
18:36:08:781 3660 ================================================================================
18:36:08:796 3660 UnloadDriverW: NtUnloadDriver error 2
18:36:08:796 3660 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
18:36:08:796 3660 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
18:36:08:796 3660 UtilityInit: KLMD drop and load success
18:36:08:796 3660 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
18:36:08:796 3660 UtilityInit: KLMD open success
18:36:08:796 3660 UtilityInit: Initialize success
18:36:08:796 3660
18:36:08:796 3660 Scanning Services ...
18:36:08:796 3660 CreateRegParser: Registry parser init started
18:36:08:796 3660 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
18:36:08:796 3660 CreateRegParser: DisableWow64Redirection error
18:36:08:796 3660 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
18:36:08:796 3660 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
18:36:08:796 3660 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
18:36:08:796 3660 wfopen_ex: Trying to KLMD file open
18:36:08:796 3660 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
18:36:08:796 3660 wfopen_ex: File opened ok (Flags 2)
18:36:08:796 3660 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 384B40
18:36:08:796 3660 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
18:36:08:796 3660 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
18:36:08:796 3660 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
18:36:08:796 3660 wfopen_ex: Trying to KLMD file open
18:36:08:796 3660 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
18:36:08:796 3660 wfopen_ex: File opened ok (Flags 2)
18:36:08:796 3660 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 384BA8
18:36:08:796 3660 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
18:36:08:796 3660 CreateRegParser: EnableWow64Redirection error
18:36:08:796 3660 CreateRegParser: RegParser init completed
18:36:09:156 3660 GetAdvancedServicesInfo: Raw services enum returned 335 services
18:36:09:171 3660 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
18:36:09:171 3660 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
18:36:09:171 3660
18:36:09:171 3660 Scanning Kernel memory ...
18:36:09:171 3660 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
18:36:09:171 3660 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8636CA08
18:36:09:171 3660 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
18:36:09:171 3660
18:36:09:171 3660 DetectCureTDL3: DEVICE_OBJECT: 863D2A50
18:36:09:171 3660 KLMD_GetLowerDeviceObject: Trying to get lower device object for 863D2A50
18:36:09:171 3660 KLMD_ReadMem: Trying to ReadMemory 0x863D2A50[0x38]
18:36:09:171 3660 DetectCureTDL3: DRIVER_OBJECT: 8636CA08
18:36:09:171 3660 KLMD_ReadMem: Trying to ReadMemory 0x8636CA08[0xA8]
18:36:09:171 3660 KLMD_ReadMem: Trying to ReadMemory 0xE13F7968[0x18]
18:36:09:171 3660 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
18:36:09:171 3660 DetectCureTDL3: IrpHandler (0) addr: F767DBB0
18:36:09:171 3660 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (2) addr: F767DBB0
18:36:09:171 3660 DetectCureTDL3: IrpHandler (3) addr: F7677D1F
18:36:09:171 3660 DetectCureTDL3: IrpHandler (4) addr: F7677D1F
18:36:09:171 3660 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (9) addr: F76782E2
18:36:09:171 3660 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (14) addr: F76783BB
18:36:09:171 3660 DetectCureTDL3: IrpHandler (15) addr: F767BF28
18:36:09:171 3660 DetectCureTDL3: IrpHandler (16) addr: F76782E2
18:36:09:171 3660 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (22) addr: F7679C82
18:36:09:171 3660 DetectCureTDL3: IrpHandler (23) addr: F767E99E
18:36:09:171 3660 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:36:09:171 3660 TDL3_FileDetect: Processing driver: Disk
18:36:09:171 3660 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
18:36:09:171 3660 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
18:36:09:187 3660 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
18:36:09:187 3660
18:36:09:187 3660 DetectCureTDL3: DEVICE_OBJECT: 86376AB8
18:36:09:187 3660 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86376AB8
18:36:09:187 3660 DetectCureTDL3: DEVICE_OBJECT: 8637DF18
18:36:09:187 3660 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8637DF18
18:36:09:187 3660 DetectCureTDL3: DEVICE_OBJECT: 863D5D98
18:36:09:187 3660 KLMD_GetLowerDeviceObject: Trying to get lower device object for 863D5D98
18:36:09:187 3660 KLMD_ReadMem: Trying to ReadMemory 0x863D5D98[0x38]
18:36:09:187 3660 DetectCureTDL3: DRIVER_OBJECT: 8637FAC0
18:36:09:187 3660 KLMD_ReadMem: Trying to ReadMemory 0x8637FAC0[0xA8]
18:36:09:187 3660 KLMD_ReadMem: Trying to ReadMemory 0xE1024260[0x1A]
18:36:09:187 3660 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
18:36:09:187 3660 DetectCureTDL3: IrpHandler (0) addr: F74936F2
18:36:09:187 3660 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (2) addr: F74936F2
18:36:09:187 3660 DetectCureTDL3: IrpHandler (3) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (4) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (9) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (14) addr: F7493712
18:36:09:187 3660 DetectCureTDL3: IrpHandler (15) addr: F748F852
18:36:09:187 3660 DetectCureTDL3: IrpHandler (16) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (22) addr: F749373C
18:36:09:187 3660 DetectCureTDL3: IrpHandler (23) addr: F749A336
18:36:09:187 3660 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:36:09:187 3660 KLMD_ReadMem: Trying to ReadMemory 0xF7490864[0x400]
18:36:09:187 3660 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
18:36:09:187 3660 TDL3_FileDetect: Processing driver: atapi
18:36:09:187 3660 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
18:36:09:187 3660 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
18:36:09:203 3660 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
18:36:09:203 3660
18:36:09:203 3660 Completed
18:36:09:203 3660
18:36:09:203 3660 Results:
18:36:09:203 3660 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
18:36:09:203 3660 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
18:36:09:203 3660 File objects infected / cured / cured on reboot: 0 / 0 / 0
18:36:09:203 3660
18:36:09:203 3660 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
18:36:09:203 3660 UtilityDeinit: KLMD(ARK) unloaded successfully
18:36:08:781 3660 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
18:36:08:781 3660 ================================================================================
18:36:08:781 3660 SystemInfo:
18:36:08:781 3660 OS Version: 5.1.2600 ServicePack: 3.0
18:36:08:781 3660 Product type: Workstation
18:36:08:781 3660 ComputerName: IBM-0D2F2C11BCC
18:36:08:781 3660 UserName: Administrateur
18:36:08:781 3660 Windows directory: C:\WINDOWS
18:36:08:781 3660 Processor architecture: Intel x86
18:36:08:781 3660 Number of processors: 2
18:36:08:781 3660 Page size: 0x1000
18:36:08:781 3660 Boot type: Normal boot
18:36:08:781 3660 ================================================================================
18:36:08:796 3660 UnloadDriverW: NtUnloadDriver error 2
18:36:08:796 3660 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
18:36:08:796 3660 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
18:36:08:796 3660 UtilityInit: KLMD drop and load success
18:36:08:796 3660 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
18:36:08:796 3660 UtilityInit: KLMD open success
18:36:08:796 3660 UtilityInit: Initialize success
18:36:08:796 3660
18:36:08:796 3660 Scanning Services ...
18:36:08:796 3660 CreateRegParser: Registry parser init started
18:36:08:796 3660 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
18:36:08:796 3660 CreateRegParser: DisableWow64Redirection error
18:36:08:796 3660 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
18:36:08:796 3660 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
18:36:08:796 3660 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
18:36:08:796 3660 wfopen_ex: Trying to KLMD file open
18:36:08:796 3660 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
18:36:08:796 3660 wfopen_ex: File opened ok (Flags 2)
18:36:08:796 3660 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 384B40
18:36:08:796 3660 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
18:36:08:796 3660 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
18:36:08:796 3660 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
18:36:08:796 3660 wfopen_ex: Trying to KLMD file open
18:36:08:796 3660 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
18:36:08:796 3660 wfopen_ex: File opened ok (Flags 2)
18:36:08:796 3660 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 384BA8
18:36:08:796 3660 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
18:36:08:796 3660 CreateRegParser: EnableWow64Redirection error
18:36:08:796 3660 CreateRegParser: RegParser init completed
18:36:09:156 3660 GetAdvancedServicesInfo: Raw services enum returned 335 services
18:36:09:171 3660 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
18:36:09:171 3660 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
18:36:09:171 3660
18:36:09:171 3660 Scanning Kernel memory ...
18:36:09:171 3660 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
18:36:09:171 3660 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8636CA08
18:36:09:171 3660 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
18:36:09:171 3660
18:36:09:171 3660 DetectCureTDL3: DEVICE_OBJECT: 863D2A50
18:36:09:171 3660 KLMD_GetLowerDeviceObject: Trying to get lower device object for 863D2A50
18:36:09:171 3660 KLMD_ReadMem: Trying to ReadMemory 0x863D2A50[0x38]
18:36:09:171 3660 DetectCureTDL3: DRIVER_OBJECT: 8636CA08
18:36:09:171 3660 KLMD_ReadMem: Trying to ReadMemory 0x8636CA08[0xA8]
18:36:09:171 3660 KLMD_ReadMem: Trying to ReadMemory 0xE13F7968[0x18]
18:36:09:171 3660 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
18:36:09:171 3660 DetectCureTDL3: IrpHandler (0) addr: F767DBB0
18:36:09:171 3660 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (2) addr: F767DBB0
18:36:09:171 3660 DetectCureTDL3: IrpHandler (3) addr: F7677D1F
18:36:09:171 3660 DetectCureTDL3: IrpHandler (4) addr: F7677D1F
18:36:09:171 3660 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (9) addr: F76782E2
18:36:09:171 3660 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (14) addr: F76783BB
18:36:09:171 3660 DetectCureTDL3: IrpHandler (15) addr: F767BF28
18:36:09:171 3660 DetectCureTDL3: IrpHandler (16) addr: F76782E2
18:36:09:171 3660 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (22) addr: F7679C82
18:36:09:171 3660 DetectCureTDL3: IrpHandler (23) addr: F767E99E
18:36:09:171 3660 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:36:09:171 3660 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:36:09:171 3660 TDL3_FileDetect: Processing driver: Disk
18:36:09:171 3660 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
18:36:09:171 3660 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
18:36:09:187 3660 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
18:36:09:187 3660
18:36:09:187 3660 DetectCureTDL3: DEVICE_OBJECT: 86376AB8
18:36:09:187 3660 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86376AB8
18:36:09:187 3660 DetectCureTDL3: DEVICE_OBJECT: 8637DF18
18:36:09:187 3660 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8637DF18
18:36:09:187 3660 DetectCureTDL3: DEVICE_OBJECT: 863D5D98
18:36:09:187 3660 KLMD_GetLowerDeviceObject: Trying to get lower device object for 863D5D98
18:36:09:187 3660 KLMD_ReadMem: Trying to ReadMemory 0x863D5D98[0x38]
18:36:09:187 3660 DetectCureTDL3: DRIVER_OBJECT: 8637FAC0
18:36:09:187 3660 KLMD_ReadMem: Trying to ReadMemory 0x8637FAC0[0xA8]
18:36:09:187 3660 KLMD_ReadMem: Trying to ReadMemory 0xE1024260[0x1A]
18:36:09:187 3660 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
18:36:09:187 3660 DetectCureTDL3: IrpHandler (0) addr: F74936F2
18:36:09:187 3660 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (2) addr: F74936F2
18:36:09:187 3660 DetectCureTDL3: IrpHandler (3) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (4) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (9) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (14) addr: F7493712
18:36:09:187 3660 DetectCureTDL3: IrpHandler (15) addr: F748F852
18:36:09:187 3660 DetectCureTDL3: IrpHandler (16) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (22) addr: F749373C
18:36:09:187 3660 DetectCureTDL3: IrpHandler (23) addr: F749A336
18:36:09:187 3660 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:36:09:187 3660 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:36:09:187 3660 KLMD_ReadMem: Trying to ReadMemory 0xF7490864[0x400]
18:36:09:187 3660 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
18:36:09:187 3660 TDL3_FileDetect: Processing driver: atapi
18:36:09:187 3660 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
18:36:09:187 3660 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
18:36:09:203 3660 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
18:36:09:203 3660
18:36:09:203 3660 Completed
18:36:09:203 3660
18:36:09:203 3660 Results:
18:36:09:203 3660 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
18:36:09:203 3660 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
18:36:09:203 3660 File objects infected / cured / cured on reboot: 0 / 0 / 0
18:36:09:203 3660
18:36:09:203 3660 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
18:36:09:203 3660 UtilityDeinit: KLMD(ARK) unloaded successfully
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\drivers\klmd.sys
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Si tu ne trouves pas le fichier alors
Affiche tous les fichiers et dossiers :
Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cachés
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «appliquer» pour valider les changements.
Et OK
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\drivers\klmd.sys
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Si tu ne trouves pas le fichier alors
Affiche tous les fichiers et dossiers :
Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cachés
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «appliquer» pour valider les changements.
Et OK
Je ne pourrais pas le faire pour le moments puisqu'il ne sagisssait pas de mon ordi...
Je posterais dès que ce sera fait...
Merci de ton aide et de ton temps
Je posterais dès que ce sera fait...
Merci de ton aide et de ton temps
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
