Oxygène PC

Astuces, Sécurité & Aide informatique

Vers le contenu

[Résolu] Windows ne reconnait plus mon antivirus

Votre PC est infecté par un troyen, un virus, un spyware ? Vous souhaitez vous débarasser de barres d'outils indésirables ou venir à bout de la publicité intempestive ? C'est ici que vous devez poster vos logs HijackThis et autres rapports pour analyse.

Modérateurs: Modérateurs, Visiteurs Sécu

Règles du forum
Ecrire un commentaire

Re: windows ne reconnait plus mon antivirus

Messagede TopXm » Mer 13 Jan 2010 15:27

Salut !

Désolé pour le temps de réponse, je suis un peu dépassé en ce moment :oops:

Alors, essayons d'étayer un peu. Petite question : As-tu des redirections lorsque tu surfes sur Internet ?

Bon, on continue les investigations ;-)

  • Télécharge rkill.scr de Grinler sur ton bureau

  • Double-clique sur le fichier pour l'exécuter, l'invite de commande s'ouvre, patiente le temps du scan

    Image

  • Lorsque le programme est terminé, la fenêtre noire va se fermer.

  • Tentes alors de relancer MBAM et GMER comme indiqué plus haut, si cela ne fonctionne toujours pas fais m'en part, on avisera ;-)
Image
Avatar de l’utilisateur
TopXm
Modérateur
 
Messages: 377
Inscription: Lun 8 Sep 2008 12:29
Haut

Re: windows ne reconnait plus mon antivirus

Messagede ouam » Jeu 14 Jan 2010 01:48

Salut,
Je n'en revient pas... :scept: tout à l'air de fonctionner...
Je m'apprêtais à télécharger rkill.scr , je reçois un message pour une mise à jour automatique de Windows, je redémarre une fois terminé et, oh miracle, l'icône Antivir apparait dans la barre de taches en même temps qu'une fenêtre m'avertissant qu'un logiciel malveillant avait été désinstallé de mon PC.
J'ai pu refaire une maj avec Antivir, j'ai pu installer Mbam (analyse en cours), je peux aussi lancer GMER mais je préfère te demander confirmation car j'ai reçu un message d'alerte m'indiquant que GMER a détecté un modification du système probablement causé par rootkit et me demande si je veux "scanner fully my system".

Je te joins le rapport Mbam
J'ai fait un premier scan rapide, je suis en train d'en faire un autre complet mais ça prend des plombes...je vais me coucher!
Merci et à bientôt. ;-)


Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3556
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

14/01/2010 01:08:19
mbam-log-2010-01-14 (01-08-07).txt

Type de recherche: Examen rapide
Eléments examinés: 137857
Temps écoulé: 8 minute(s), 38 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5792aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Swizzor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\h8srtd.sys (Rootkit.TDSS) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\H8SRTbhiycdruhe.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\H8SRTffmqxouigs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\H8SRTjpqirrdwrd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\system32\h8srtkrl32mainweq.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\H8SRTbakdqvparm.dat (Rootkit.TDSS) -> No action taken.
ouam
 
Messages: 24
Inscription: Ven 25 Déc 2009 01:39
Haut

Re: windows ne reconnait plus mon antivirus

Messagede TopXm » Jeu 14 Jan 2010 10:20

Salut,

Bonne nouvelle !

  • Pour ce qui est du bon fonctionnement des produits je crois très fortement que Rkill a fait du bon boulot.

  • Il faut que tu reprennes tout en fait ! Il se trouve que pour MBAM qui t'a détecté des vilains tu ne les a pas supprimé : No action taken. Il faut donc que tu relances MBAM et cette fois en fin de scan :

    • Tu cliques sur Afficher les résultats : Image

    • Dans la fenêtre qui s'ouvre, il faut vérifier que tout soit bien coché :

      Image

    • Ne pas oublier de cliquer sur le bouton : Image

    • Si MBAM te propose de redémarrer le PC pour finaliser, cliques sur le bouton Oui

      Image

    • Postes à nouveau le rapport MBAM

  • Relances alors GMER, s'il te propose de faire un scan full tu confirmes, mais il se peut qu'il ne te le propose pas car à ce moment MBAM aura nettoyé pas mal de choses.

  • Postes aussi le rapport GMER et on avisera

  • Bon courage !
;-)
Image
Avatar de l’utilisateur
TopXm
Modérateur
 
Messages: 377
Inscription: Lun 8 Sep 2008 12:29
Haut

Re: windows ne reconnait plus mon antivirus

Messagede ouam » Ven 15 Jan 2010 00:58

Salut,

:-D tout a l'air de fonctionner. Effectivement, cette fois, je n'ai pas eu de proposition de full scan avec GMER.

Voilà d'abord le Mbam



Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3556
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

14/01/2010 21:43:31
mbam-log-2010-01-14 (21-43-31).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 242286
Temps écoulé: 8 hour(s), 37 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5792aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\h8srtd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\ComboFix\Combo-Fix.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP1203\A0352100.sys (Malware.Packer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7AFC631D-71A6-4CBE-9F8F-EFDBDC0F94C6}\RP1203\A0352160.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTffmqxouigs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTjpqirrdwrd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h8srtkrl32mainweq.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTbakdqvparm.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.



Puis le GMER...



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-15 00:37:39
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\OWNER~1.LAU\LOCALS~1\Temp\uxldapog.sys


---- System - GMER 1.0.15 ----

SSDT F7BF5B4E ZwCreateKey
SSDT F7BF5B44 ZwCreateThread
SSDT F7BF5B53 ZwDeleteKey
SSDT F7BF5B5D ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey [0xF7390C7E]
SSDT sptd.sys ZwEnumerateValueKey [0xF7390FF6]
SSDT F7BF5B62 ZwLoadKey
SSDT sptd.sys ZwOpenKey [0xF7390A18]
SSDT F7BF5B30 ZwOpenProcess
SSDT F7BF5B35 ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xF73910C0]
SSDT sptd.sys ZwQueryValueKey [0xF7390F58]
SSDT F7BF5B6C ZwReplaceKey
SSDT F7BF5B67 ZwRestoreKey
SSDT F7BF5B58 ZwSetValueKey
SSDT F7BF5B3F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

? hmcmyups.sys Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
? C:\WINDOWS\System32\Drivers\SPTD4829.SYS Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F738CA32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F738CB6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F738CAF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F738D6CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F738D5A2] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73AEC82] sptd.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F79713FC] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7971458] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F79716B2] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F7971684] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F7971684] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7971458] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F79713FC] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F79716B2] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F79716B2] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F7971684] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7971458] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F79713FC] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F7971684] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F79716B2] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F79713FC] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7971458] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F79713FC] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7971458] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F7971684] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F79716B2] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F7971684] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7971458] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F79713FC] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [F7971458] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [F7971684] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [F79713FC] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [F79716B2] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F7971684] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F79716B2] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F79713FC] GDNdisIc.sys (G DATA Software AG)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7971458] GDNdisIc.sys (G DATA Software AG)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84F93C78
Device \Driver\Tcpip \Device\Ip GDTdiIcpt.sys
Device \Driver\Tcpip \Device\Tcp GDTdiIcpt.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 84F96A58

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 VolumeFilter.sys

Device \Driver\GDNdisIc \Device\GDNdisIc 84F93A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 84F96A58

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 VolumeFilter.sys

Device \Driver\Cdrom \Device\CdRom0 84D9AEB0
Device \FileSystem\Rdbss \Device\FsWrap 848379A8
Device \Driver\Cdrom \Device\CdRom1 84D9AEB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F7305B40] atapi.sys[unknown section] {MOV EAX, 0x84f93008; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf73a1442; RET }
Device \Driver\atapi \Device\Ide\IdePort0 [F7305B40] atapi.sys[unknown section] {MOV EAX, 0x84f93008; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf73a1442; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7305B40] atapi.sys[unknown section] {MOV EAX, 0x84f93008; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf73a1442; RET }
Device \Driver\atapi \Device\Ide\IdePort1 [F7305B40] atapi.sys[unknown section] {MOV EAX, 0x84f93008; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf73a1442; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F7305B40] atapi.sys[unknown section] {MOV EAX, 0x84f93008; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf73a1442; RET }
Device \Driver\NetBT \Device\NetBt_Wins_Export 848548A8
Device \Driver\usbstor \Device\00000077 84C17BB8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C5EA7C3A-DCCE-4EBF-9685-F5A03AFDDD53} 848548A8
Device \Driver\NetBT \Device\NetbiosSmb 848548A8
Device \Driver\usbstor \Device\00000079 84C17BB8
Device \Driver\Tcpip \Device\Udp GDTdiIcpt.sys
Device \Driver\Disk \Device\Harddisk0\DR0 84F93EB0
Device \Driver\Tcpip \Device\RawIp GDTdiIcpt.sys
Device \Driver\Disk \Device\Harddisk1\DR3 84F93EB0
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+7 84F93EB0
Device \Driver\Disk \Device\Harddisk2\DR4 84F93EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+8 84F93EB0
Device \Driver\Disk \Device\Harddisk3\DR5 84F93EB0
Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+9 84F93EB0
Device \Driver\usbstor \Device\0000007a 84C17BB8
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+a 84F93EB0
Device \Driver\Disk \Device\Harddisk4\DR6 84F93EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84832748
Device \Driver\usbstor \Device\0000007b 84C17BB8
Device \Driver\Tcpip \Device\IPMULTICAST GDTdiIcpt.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector 84832748
Device \Driver\usbstor \Device\0000007c 84C17BB8
Device \FileSystem\Npfs \Device\NamedPipe 849F7C78
Device \Driver\Ftdisk \Device\FtControl 84F96A58
Device \FileSystem\Msfs \Device\Mailslot 849F7EB0
Device \FileSystem\Cdfs \Cdfs 84B8ED78

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6E 0x80 0xA7 0x2F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6E 0x80 0xA7 0x2F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -439251334
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1130272018
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -52219117
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6E 0x80 0xA7 0x2F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6E 0x80 0xA7 0x2F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C7DF7C37-8150-5550-D040-3F51A8264909}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C7DF7C37-8150-5550-D040-3F51A8264909}@iambonhlilaccdbion 0x6A 0x61 0x69 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C7DF7C37-8150-5550-D040-3F51A8264909}@hagcinohilplohec 0x6A 0x61 0x70 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DC82148C-29CE-5171-826E-DB728319EBC5}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DC82148C-29CE-5171-826E-DB728319EBC5}@iadblnkpfcdllccfjm 0x6A 0x61 0x70 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DC82148C-29CE-5171-826E-DB728319EBC5}@hafcfnafnecbpbco 0x6A 0x61 0x70 0x6B ...

---- EOF - GMER 1.0.15 ----


Merci et bon courage ;-)
ouam
 
Messages: 24
Inscription: Ven 25 Déc 2009 01:39
Haut

Re: windows ne reconnait plus mon antivirus

Messagede TopXm » Ven 15 Jan 2010 17:03

Salut,

OK MBAM a fait du bon boulot. Pour être certain que MBAM n'ai pas laissé de trace en rapport avec TDSS, on va faire du zèle ;-)

Donc :

  • Télécharges TDSSKiller.zip (c'est une fichier compressé)
    TDSS_Killer_Icone.PNG
    TDSS_Killer_Icone.PNG (1.55 Kio) Vu 525 fois


  • Double-Clic sur le fichier TDSSKiller.zip pour l'ouvrir

  • Dans la nouvelle fenêtre, clique gauche sur le fichier EXE que tu glisses sur le bureau pour le déposer :

    Image

  • Dans le menu Windows cliquer sur Démarrer / Exécuter puis saisir la commande :

    Code: Tout sélectionner
    "%HomeDrive%%HomePath%\bureau\TDSSKiller" -l TDSS.txt -v


  • Une fenêtre d'invite de commande s'ouvre, confirme le message Appuyer sur une touche pour continuer en appuyant sur une touche (héhé !)

    Image

  • en fin de traitement la fenêtre noire se ferme. Un fichier TDSS.txt sera créé sur ton bureau.

  • Ouvre le avec le bloc-notes et copie son contenu dans ta prochaine réponse
Image
Avatar de l’utilisateur
TopXm
Modérateur
 
Messages: 377
Inscription: Lun 8 Sep 2008 12:29
Haut

Re: windows ne reconnait plus mon antivirus

Messagede ouam » Ven 15 Jan 2010 23:32

Salut,
Voilà qui est fait.
Ça sent la fin, pas vrai?


Code: Tout sélectionner
23:24:13:203 3244   TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
23:24:13:203 3244   ================================================================================
23:24:13:203 3244   SystemInfo:

23:24:13:203 3244   OS Version: 5.1.2600 ServicePack: 3.0
23:24:13:203 3244   Product type: Workstation
23:24:13:203 3244   ComputerName: LAURENT
23:24:13:203 3244   UserName: Owner
23:24:13:203 3244   Windows directory: C:\WINDOWS
23:24:13:203 3244   Processor architecture: Intel x86
23:24:13:203 3244   Number of processors: 1
23:24:13:203 3244   Page size: 0x1000
23:24:13:203 3244   Boot type: Normal boot
23:24:13:203 3244   ================================================================================
23:24:13:265 3244   UnloadDriverW: NtUnloadDriver error 2
23:24:13:265 3244   ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
23:24:13:281 3244   MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
23:24:13:406 3244   UtilityInit: KLMD drop and load success
23:24:13:406 3244   KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
23:24:13:406 3244   UtilityInit: KLMD open success
23:24:13:406 3244   UtilityInit: Initialize success
23:24:13:406 3244   
23:24:13:406 3244   Scanning   Services ...
23:24:13:406 3244   CreateRegParser: Registry parser init started
23:24:13:406 3244   DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
23:24:13:406 3244   CreateRegParser: DisableWow64Redirection error
23:24:13:406 3244   wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
23:24:13:406 3244   MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
23:24:13:406 3244   wfopen_ex: MyNtCreateFileW error 32 (C0000043)
23:24:13:406 3244   wfopen_ex: Trying to KLMD file open
23:24:13:406 3244   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
23:24:13:406 3244   wfopen_ex: File opened ok (Flags 2)
23:24:13:406 3244   CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 384988
23:24:13:406 3244   wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
23:24:13:406 3244   MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
23:24:13:406 3244   wfopen_ex: MyNtCreateFileW error 32 (C0000043)
23:24:13:406 3244   wfopen_ex: Trying to KLMD file open
23:24:13:406 3244   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
23:24:13:406 3244   wfopen_ex: File opened ok (Flags 2)
23:24:13:406 3244   CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 384A30
23:24:13:406 3244   EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
23:24:13:406 3244   CreateRegParser: EnableWow64Redirection error
23:24:13:406 3244   CreateRegParser: RegParser init completed
23:24:13:828 3244   GetAdvancedServicesInfo: Raw services enum returned 365 services
23:24:13:828 3244   fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
23:24:13:828 3244   fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
23:24:13:828 3244   
23:24:13:828 3244   Scanning   Kernel memory ...
23:24:13:828 3244   KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
23:24:13:828 3244   DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 84F79CF8
23:24:13:828 3244   DetectCureTDL3: KLMD_GetDeviceObjectList returned 11 DevObjects
23:24:13:828 3244   
23:24:13:828 3244   DetectCureTDL3: DEVICE_OBJECT: 84C00030
23:24:13:828 3244   KLMD_GetLowerDeviceObject: Trying to get lower device object for 84C00030
23:24:13:828 3244   KLMD_ReadMem: Trying to ReadMemory 0x84C00030[0x38]
23:24:13:828 3244   DetectCureTDL3: DRIVER_OBJECT: 84F79CF8
23:24:13:828 3244   KLMD_ReadMem: Trying to ReadMemory 0x84F79CF8[0xA8]
23:24:13:828 3244   KLMD_ReadMem: Trying to ReadMemory 0xE193E168[0x18]
23:24:13:828 3244   DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
23:24:13:828 3244   DetectCureTDL3: IrpHandler (0) addr: 84FA5428
23:24:13:828 3244   DetectCureTDL3: IrpHandler (1) addr: 804F355A
23:24:13:828 3244   DetectCureTDL3: IrpHandler (2) addr: 84FA5428
23:24:13:828 3244   DetectCureTDL3: IrpHandler (3) addr: 84FA5428
23:24:13:828 3244   DetectCureTDL3: IrpHandler (4) addr: 84FA5428
23:24:13:828 3244   DetectCureTDL3: IrpHandler (5) addr: 804F355A
23:24:13:828 3244   DetectCureTDL3: IrpHandler (6) addr: 804F355A
23:24:13:828 3244   DetectCureTDL3: IrpHandler (7) addr: 804F355A
23:24:13:828 3244   DetectCureTDL3: IrpHandler (8) addr: 804F355A
23:24:13:828 3244   DetectCureTDL3: IrpHandler (9) addr: 84FA5428
23:24:13:828 3244   DetectCureTDL3: IrpHandler (10) addr: 804F355A
23:24:13:828 3244   DetectCureTDL3: IrpHandler (11) addr: 804F355A
23:24:13:828 3244   DetectCureTDL3: IrpHandler (12) addr: 804F355A
23:24:13:828 3244   DetectCureTDL3: IrpHandler (13) addr: 804F355A
23:24:13:828 3244   DetectCureTDL3: IrpHandler (14) addr: 84FA5428
23:24:13:828 3244   DetectCureTDL3: IrpHandler (15) addr: 84FA5428
23:24:13:828 3244   DetectCureTDL3: IrpHandler (16) addr: 84FA5428
23:24:13:828 3244   DetectCureTDL3: IrpHandler (17) addr: 804F355A
23:24:13:828 3244   DetectCureTDL3: IrpHandler (18) addr: 804F355A
23:24:13:828 3244   DetectCureTDL3: IrpHandler (19) addr: 804F355A
23:24:13:828 3244   DetectCureTDL3: IrpHandler (20) addr: 804F355A
23:24:13:828 3244   DetectCureTDL3: IrpHandler (21) addr: 804F355A
23:24:13:828 3244   DetectCureTDL3: IrpHandler (22) addr: 84FA5428
23:24:13:828 3244   DetectCureTDL3: IrpHandler (23) addr: 84FA5428
23:24:13:828 3244   DetectCureTDL3: IrpHandler (24) addr: 804F355A
23:24:13:828 3244   DetectCureTDL3: IrpHandler (25) addr: 804F355A
23:24:13:828 3244   DetectCureTDL3: IrpHandler (26) addr: 804F355A
23:24:13:828 3244   TDL3_FileDetect: Processing driver: Disk
23:24:13:828 3244   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
23:24:13:828 3244   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
23:24:13:843 3244   TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
23:24:13:843 3244   
23:24:13:843 3244   DetectCureTDL3: DEVICE_OBJECT: 846781F0
23:24:13:843 3244   KLMD_GetLowerDeviceObject: Trying to get lower device object for 846781F0
23:24:13:843 3244   KLMD_ReadMem: Trying to ReadMemory 0x846781F0[0x38]
23:24:13:843 3244   DetectCureTDL3: DRIVER_OBJECT: 84F79CF8
23:24:13:843 3244   KLMD_ReadMem: Trying to ReadMemory 0x84F79CF8[0xA8]
23:24:13:843 3244   KLMD_ReadMem: Trying to ReadMemory 0xE193E168[0x18]
23:24:13:843 3244   DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
23:24:13:843 3244   DetectCureTDL3: IrpHandler (0) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (1) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (2) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (3) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (4) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (5) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (6) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (7) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (8) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (9) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (10) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (11) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (12) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (13) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (14) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (15) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (16) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (17) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (18) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (19) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (20) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (21) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (22) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (23) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (24) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (25) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (26) addr: 804F355A
23:24:13:843 3244   TDL3_FileDetect: Processing driver: Disk
23:24:13:843 3244   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
23:24:13:843 3244   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
23:24:13:843 3244   TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
23:24:13:843 3244   
23:24:13:843 3244   DetectCureTDL3: DEVICE_OBJECT: 84DAA030
23:24:13:843 3244   KLMD_GetLowerDeviceObject: Trying to get lower device object for 84DAA030
23:24:13:843 3244   KLMD_ReadMem: Trying to ReadMemory 0x84DAA030[0x38]
23:24:13:843 3244   DetectCureTDL3: DRIVER_OBJECT: 84F79CF8
23:24:13:843 3244   KLMD_ReadMem: Trying to ReadMemory 0x84F79CF8[0xA8]
23:24:13:843 3244   KLMD_ReadMem: Trying to ReadMemory 0xE193E168[0x18]
23:24:13:843 3244   DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
23:24:13:843 3244   DetectCureTDL3: IrpHandler (0) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (1) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (2) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (3) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (4) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (5) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (6) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (7) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (8) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (9) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (10) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (11) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (12) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (13) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (14) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (15) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (16) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (17) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (18) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (19) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (20) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (21) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (22) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (23) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (24) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (25) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (26) addr: 804F355A
23:24:13:843 3244   TDL3_FileDetect: Processing driver: Disk
23:24:13:843 3244   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
23:24:13:843 3244   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
23:24:13:843 3244   TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
23:24:13:843 3244   
23:24:13:843 3244   DetectCureTDL3: DEVICE_OBJECT: 84C31030
23:24:13:843 3244   KLMD_GetLowerDeviceObject: Trying to get lower device object for 84C31030
23:24:13:843 3244   KLMD_ReadMem: Trying to ReadMemory 0x84C31030[0x38]
23:24:13:843 3244   DetectCureTDL3: DRIVER_OBJECT: 84F79CF8
23:24:13:843 3244   KLMD_ReadMem: Trying to ReadMemory 0x84F79CF8[0xA8]
23:24:13:843 3244   KLMD_ReadMem: Trying to ReadMemory 0xE193E168[0x18]
23:24:13:843 3244   DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
23:24:13:843 3244   DetectCureTDL3: IrpHandler (0) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (1) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (2) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (3) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (4) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (5) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (6) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (7) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (8) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (9) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (10) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (11) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (12) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (13) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (14) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (15) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (16) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (17) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (18) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (19) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (20) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (21) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (22) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (23) addr: 84FA5428
23:24:13:843 3244   DetectCureTDL3: IrpHandler (24) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (25) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (26) addr: 804F355A
23:24:13:843 3244   TDL3_FileDetect: Processing driver: Disk
23:24:13:843 3244   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
23:24:13:843 3244   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
23:24:13:843 3244   TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
23:24:13:843 3244   
23:24:13:843 3244   DetectCureTDL3: DEVICE_OBJECT: 84642AB8
23:24:13:843 3244   KLMD_GetLowerDeviceObject: Trying to get lower device object for 84642AB8
23:24:13:843 3244   DetectCureTDL3: DEVICE_OBJECT: 846AC608
23:24:13:843 3244   KLMD_GetLowerDeviceObject: Trying to get lower device object for 846AC608
23:24:13:843 3244   KLMD_ReadMem: Trying to ReadMemory 0x846AC608[0x38]
23:24:13:843 3244   DetectCureTDL3: DRIVER_OBJECT: 84678BC0
23:24:13:843 3244   KLMD_ReadMem: Trying to ReadMemory 0x84678BC0[0xA8]
23:24:13:843 3244   KLMD_ReadMem: Trying to ReadMemory 0xE18C9B20[0x1E]
23:24:13:843 3244   DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
23:24:13:843 3244   DetectCureTDL3: IrpHandler (0) addr: 84B1E340
23:24:13:843 3244   DetectCureTDL3: IrpHandler (1) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (2) addr: 84B1E340
23:24:13:843 3244   DetectCureTDL3: IrpHandler (3) addr: 84B1E340
23:24:13:843 3244   DetectCureTDL3: IrpHandler (4) addr: 84B1E340
23:24:13:843 3244   DetectCureTDL3: IrpHandler (5) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (6) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (7) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (8) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (9) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (10) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (11) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (12) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (13) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (14) addr: 84B1E340
23:24:13:843 3244   DetectCureTDL3: IrpHandler (15) addr: 84B1E340
23:24:13:843 3244   DetectCureTDL3: IrpHandler (16) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (17) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (18) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (19) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (20) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (21) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (22) addr: 84B1E340
23:24:13:843 3244   DetectCureTDL3: IrpHandler (23) addr: 84B1E340
23:24:13:843 3244   DetectCureTDL3: IrpHandler (24) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (25) addr: 804F355A
23:24:13:843 3244   DetectCureTDL3: IrpHandler (26) addr: 804F355A
23:24:13:843 3244   KLMD_ReadMem: Trying to ReadMemory 0xF7815F26[0x400]
23:24:13:843 3244   TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
23:24:13:843 3244   TDL3_FileDetect: Processing driver: usbstor
23:24:13:843 3244   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:24:13:843 3244   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:24:13:859 3244   TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
23:24:13:859 3244   
23:24:13:859 3244   DetectCureTDL3: DEVICE_OBJECT: 84642030
23:24:13:859 3244   KLMD_GetLowerDeviceObject: Trying to get lower device object for 84642030
23:24:13:859 3244   DetectCureTDL3: DEVICE_OBJECT: 84A3D330
23:24:13:859 3244   KLMD_GetLowerDeviceObject: Trying to get lower device object for 84A3D330
23:24:13:859 3244   KLMD_ReadMem: Trying to ReadMemory 0x84A3D330[0x38]
23:24:13:859 3244   DetectCureTDL3: DRIVER_OBJECT: 84678BC0
23:24:13:859 3244   KLMD_ReadMem: Trying to ReadMemory 0x84678BC0[0xA8]
23:24:13:859 3244   KLMD_ReadMem: Trying to ReadMemory 0xE18C9B20[0x1E]
23:24:13:859 3244   DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
23:24:13:859 3244   DetectCureTDL3: IrpHandler (0) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (1) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (2) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (3) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (4) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (5) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (6) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (7) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (8) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (9) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (10) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (11) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (12) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (13) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (14) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (15) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (16) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (17) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (18) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (19) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (20) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (21) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (22) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (23) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (24) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (25) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (26) addr: 804F355A
23:24:13:859 3244   KLMD_ReadMem: Trying to ReadMemory 0xF7815F26[0x400]
23:24:13:859 3244   TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
23:24:13:859 3244   TDL3_FileDetect: Processing driver: usbstor
23:24:13:859 3244   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:24:13:859 3244   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:24:13:859 3244   TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
23:24:13:859 3244   
23:24:13:859 3244   DetectCureTDL3: DEVICE_OBJECT: 84643AB8
23:24:13:859 3244   KLMD_GetLowerDeviceObject: Trying to get lower device object for 84643AB8
23:24:13:859 3244   DetectCureTDL3: DEVICE_OBJECT: 84A56C10
23:24:13:859 3244   KLMD_GetLowerDeviceObject: Trying to get lower device object for 84A56C10
23:24:13:859 3244   KLMD_ReadMem: Trying to ReadMemory 0x84A56C10[0x38]
23:24:13:859 3244   DetectCureTDL3: DRIVER_OBJECT: 84678BC0
23:24:13:859 3244   KLMD_ReadMem: Trying to ReadMemory 0x84678BC0[0xA8]
23:24:13:859 3244   KLMD_ReadMem: Trying to ReadMemory 0xE18C9B20[0x1E]
23:24:13:859 3244   DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
23:24:13:859 3244   DetectCureTDL3: IrpHandler (0) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (1) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (2) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (3) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (4) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (5) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (6) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (7) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (8) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (9) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (10) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (11) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (12) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (13) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (14) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (15) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (16) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (17) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (18) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (19) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (20) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (21) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (22) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (23) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (24) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (25) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (26) addr: 804F355A
23:24:13:859 3244   KLMD_ReadMem: Trying to ReadMemory 0xF7815F26[0x400]
23:24:13:859 3244   TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
23:24:13:859 3244   TDL3_FileDetect: Processing driver: usbstor
23:24:13:859 3244   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:24:13:859 3244   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:24:13:859 3244   TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
23:24:13:859 3244   
23:24:13:859 3244   DetectCureTDL3: DEVICE_OBJECT: 84643030
23:24:13:859 3244   KLMD_GetLowerDeviceObject: Trying to get lower device object for 84643030
23:24:13:859 3244   DetectCureTDL3: DEVICE_OBJECT: 84BFA5A0
23:24:13:859 3244   KLMD_GetLowerDeviceObject: Trying to get lower device object for 84BFA5A0
23:24:13:859 3244   KLMD_ReadMem: Trying to ReadMemory 0x84BFA5A0[0x38]
23:24:13:859 3244   DetectCureTDL3: DRIVER_OBJECT: 84678BC0
23:24:13:859 3244   KLMD_ReadMem: Trying to ReadMemory 0x84678BC0[0xA8]
23:24:13:859 3244   KLMD_ReadMem: Trying to ReadMemory 0xE18C9B20[0x1E]
23:24:13:859 3244   DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
23:24:13:859 3244   DetectCureTDL3: IrpHandler (0) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (1) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (2) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (3) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (4) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (5) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (6) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (7) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (8) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (9) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (10) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (11) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (12) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (13) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (14) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (15) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (16) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (17) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (18) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (19) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (20) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (21) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (22) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (23) addr: 84B1E340
23:24:13:859 3244   DetectCureTDL3: IrpHandler (24) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (25) addr: 804F355A
23:24:13:859 3244   DetectCureTDL3: IrpHandler (26) addr: 804F355A
23:24:13:859 3244   KLMD_ReadMem: Trying to ReadMemory 0xF7815F26[0x400]
23:24:13:875 3244   TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
23:24:13:875 3244   TDL3_FileDetect: Processing driver: usbstor
23:24:13:875 3244   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:24:13:875 3244   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:24:13:875 3244   TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
23:24:13:875 3244   
23:24:13:875 3244   DetectCureTDL3: DEVICE_OBJECT: 84F158A0
23:24:13:875 3244   KLMD_GetLowerDeviceObject: Trying to get lower device object for 84F158A0
23:24:13:875 3244   KLMD_ReadMem: Trying to ReadMemory 0x84F158A0[0x38]
23:24:13:875 3244   DetectCureTDL3: DRIVER_OBJECT: 84F79CF8
23:24:13:875 3244   KLMD_ReadMem: Trying to ReadMemory 0x84F79CF8[0xA8]
23:24:13:875 3244   KLMD_ReadMem: Trying to ReadMemory 0xE193E168[0x18]
23:24:13:875 3244   DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
23:24:13:875 3244   DetectCureTDL3: IrpHandler (0) addr: 84FA5428
23:24:13:875 3244   DetectCureTDL3: IrpHandler (1) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (2) addr: 84FA5428
23:24:13:875 3244   DetectCureTDL3: IrpHandler (3) addr: 84FA5428
23:24:13:875 3244   DetectCureTDL3: IrpHandler (4) addr: 84FA5428
23:24:13:875 3244   DetectCureTDL3: IrpHandler (5) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (6) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (7) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (8) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (9) addr: 84FA5428
23:24:13:875 3244   DetectCureTDL3: IrpHandler (10) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (11) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (12) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (13) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (14) addr: 84FA5428
23:24:13:875 3244   DetectCureTDL3: IrpHandler (15) addr: 84FA5428
23:24:13:875 3244   DetectCureTDL3: IrpHandler (16) addr: 84FA5428
23:24:13:875 3244   DetectCureTDL3: IrpHandler (17) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (18) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (19) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (20) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (21) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (22) addr: 84FA5428
23:24:13:875 3244   DetectCureTDL3: IrpHandler (23) addr: 84FA5428
23:24:13:875 3244   DetectCureTDL3: IrpHandler (24) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (25) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (26) addr: 804F355A
23:24:13:875 3244   TDL3_FileDetect: Processing driver: Disk
23:24:13:875 3244   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
23:24:13:875 3244   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
23:24:13:875 3244   TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
23:24:13:875 3244   
23:24:13:875 3244   DetectCureTDL3: DEVICE_OBJECT: 84F15C68
23:24:13:875 3244   KLMD_GetLowerDeviceObject: Trying to get lower device object for 84F15C68
23:24:13:875 3244   KLMD_ReadMem: Trying to ReadMemory 0x84F15C68[0x38]
23:24:13:875 3244   DetectCureTDL3: DRIVER_OBJECT: 84F79CF8
23:24:13:875 3244   KLMD_ReadMem: Trying to ReadMemory 0x84F79CF8[0xA8]
23:24:13:875 3244   KLMD_ReadMem: Trying to ReadMemory 0xE193E168[0x18]
23:24:13:875 3244   DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
23:24:13:875 3244   DetectCureTDL3: IrpHandler (0) addr: 84FA5428
23:24:13:875 3244   DetectCureTDL3: IrpHandler (1) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (2) addr: 84FA5428
23:24:13:875 3244   DetectCureTDL3: IrpHandler (3) addr: 84FA5428
23:24:13:875 3244   DetectCureTDL3: IrpHandler (4) addr: 84FA5428
23:24:13:875 3244   DetectCureTDL3: IrpHandler (5) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (6) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (7) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (8) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (9) addr: 84FA5428
23:24:13:875 3244   DetectCureTDL3: IrpHandler (10) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (11) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (12) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (13) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (14) addr: 84FA5428
23:24:13:875 3244   DetectCureTDL3: IrpHandler (15) addr: 84FA5428
23:24:13:875 3244   DetectCureTDL3: IrpHandler (16) addr: 84FA5428
23:24:13:875 3244   DetectCureTDL3: IrpHandler (17) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (18) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (19) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (20) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (21) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (22) addr: 84FA5428
23:24:13:875 3244   DetectCureTDL3: IrpHandler (23) addr: 84FA5428
23:24:13:875 3244   DetectCureTDL3: IrpHandler (24) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (25) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (26) addr: 804F355A
23:24:13:875 3244   TDL3_FileDetect: Processing driver: Disk
23:24:13:875 3244   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
23:24:13:875 3244   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
23:24:13:875 3244   TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
23:24:13:875 3244   
23:24:13:875 3244   DetectCureTDL3: DEVICE_OBJECT: 84F16AB8
23:24:13:875 3244   KLMD_GetLowerDeviceObject: Trying to get lower device object for 84F16AB8
23:24:13:875 3244   DetectCureTDL3: DEVICE_OBJECT: 84EE2F18
23:24:13:875 3244   KLMD_GetLowerDeviceObject: Trying to get lower device object for 84EE2F18
23:24:13:875 3244   DetectCureTDL3: DEVICE_OBJECT: 84F08B58
23:24:13:875 3244   KLMD_GetLowerDeviceObject: Trying to get lower device object for 84F08B58
23:24:13:875 3244   KLMD_ReadMem: Trying to ReadMemory 0x84F08B58[0x38]
23:24:13:875 3244   DetectCureTDL3: DRIVER_OBJECT: 84F63388
23:24:13:875 3244   KLMD_ReadMem: Trying to ReadMemory 0x84F63388[0xA8]
23:24:13:875 3244   KLMD_ReadMem: Trying to ReadMemory 0xE193CD18[0x1A]
23:24:13:875 3244   DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
23:24:13:875 3244   DetectCureTDL3: IrpHandler (0) addr: F7305B40
23:24:13:875 3244   DetectCureTDL3: IrpHandler (1) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (2) addr: F7305B40
23:24:13:875 3244   DetectCureTDL3: IrpHandler (3) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (4) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (5) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (6) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (7) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (8) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (9) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (10) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (11) addr: 804F355A
23:24:13:875 3244   DetectCureTDL3: IrpHandler (12) addr: 804F355A
23:24:13:890 3244   DetectCureTDL3: IrpHandler (13) addr: 804F355A
23:24:13:890 3244   DetectCureTDL3: IrpHandler (14) addr: F7305B40
23:24:13:890 3244   DetectCureTDL3: IrpHandler (15) addr: F7305B40
23:24:13:890 3244   DetectCureTDL3: IrpHandler (16) addr: 804F355A
23:24:13:890 3244   DetectCureTDL3: IrpHandler (17) addr: 804F355A
23:24:13:890 3244   DetectCureTDL3: IrpHandler (18) addr: 804F355A
23:24:13:890 3244   DetectCureTDL3: IrpHandler (19) addr: 804F355A
23:24:13:890 3244   DetectCureTDL3: IrpHandler (20) addr: 804F355A
23:24:13:890 3244   DetectCureTDL3: IrpHandler (21) addr: 804F355A
23:24:13:890 3244   DetectCureTDL3: IrpHandler (22) addr: F7305B40
23:24:13:890 3244   DetectCureTDL3: IrpHandler (23) addr: F7305B40
23:24:13:890 3244   DetectCureTDL3: IrpHandler (24) addr: 804F355A
23:24:13:890 3244   DetectCureTDL3: IrpHandler (25) addr: 804F355A
23:24:13:890 3244   DetectCureTDL3: IrpHandler (26) addr: 804F355A
23:24:13:890 3244   KLMD_ReadMem: Trying to ReadMemory 0xF7303864[0x400]
23:24:13:890 3244   TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
23:24:13:890 3244   TDL3_FileDetect: Processing driver: atapi
23:24:13:890 3244   TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
23:24:13:890 3244   KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
23:24:13:906 3244   TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
23:24:13:906 3244   
23:24:13:906 3244   Completed
23:24:13:906 3244   
23:24:13:906 3244   Results:
23:24:13:906 3244   Memory objects infected / cured / cured on reboot:   0 / 0 / 0
23:24:13:906 3244   Registry objects infected / cured / cured on reboot:   0 / 0 / 0
23:24:13:906 3244   File objects infected / cured / cured on reboot:   0 / 0 / 0
23:24:13:906 3244   
23:24:13:906 3244   MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
23:24:13:906 3244   UtilityDeinit: KLMD(ARK) unloaded successfully
ouam
 
Messages: 24
Inscription: Ven 25 Déc 2009 01:39
Haut

Re: windows ne reconnait plus mon antivirus

Messagede TopXm » Dim 17 Jan 2010 12:47

Salut,

Comme tu dis ça sent la fin. Bon pour faire un peu de ménage :

    :arrow: Nettoie les fichiers temporaires :Image

    • Télécharge ATF Cleaner by Atribune sur ton bureau. .


    • Double-clique sur ATF-Cleaner.exe pour exécuter le programme,

    • Coche la case Select All puis clique sur le bouton Empty Selected
      Image


    • Si tu utilises FireFox clique sur l'onglet FireFox et répète le même procédé

    • Sors alors du programme par Exit puis supprime le fichier téléchargé ATF-Cleaner.exe (tu peux le garder pour une utilisation ultérieure si tu veux)
    :arrow: Supprime les outils de désinfection :Image

    • Télécharge ToolsCleaner2 de A. Rothstein & Dj Quiou sur ton bureau
    • Double-clique sur l'icône de ToolsCleaner II pour l'exécuter

    • Dans la nouvelle fenêtre, cliques sur le bouton Recherche et patiente le temps du traitement ...

      Image


    • Une liste des fichiers à supprimer s'affiche, vérifie que rien de personnel ne se trouve dans la liste puis clique sur le bouton Suppression

      Image


    • Les fichiers sont supprimés, sélectionnes les lignes de suppression qui viennent d'être traitées et copies/colles le résultat dans ta prochaine réponse si tu as un doute :

      Image


    • Clique sur Quitter Pour terminer


    :arrow: Vides tes points de restaurations qui sont infectés :

    • Cliques conjointement sur les touches Windows et Pause

    • Cliques sur l'onglet Restauration du système et coche Désactiver la restauration du système sur tous les lecteurs

      Image


    • Cliques sur Appliquer puis confirme la suppression des points de restauration en cliquant sur Oui

      Image


    • Le sablier s'affiche puis s'enlève en fin de traitement, décoches alors la case que tu avais coché puis cliques sur OK

 ! "TopXm" a écrit:
Tu connais les dangers du téléchargement illégal et du partage de fichiers. Je ne suis pas là pour te dire que c'est interdit, bla bla bla, mais juste pour te faire prendre conscience que ces méthodes sont de puissants vecteurs d'infection :vi: . Donc réfléchis bien à ce que tu fais avant de cliquer ;-)
Image
Avatar de l’utilisateur
TopXm
Modérateur
 
Messages: 377
Inscription: Lun 8 Sep 2008 12:29
Haut

Re: windows ne reconnait plus mon antivirus

Messagede ouam » Lun 18 Jan 2010 09:19

Salut,
voilà grand chef, j'ai tout bien suivi!
Je t'envoie quand même le rapport, par sécurité.. ;-)


[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\Combofix: trouvé !
C:\HijackThis: trouvé !
C:\Qoobox: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Owner.LAURENT\Bureau\Gmer.exe: trouvé !
C:\Documents and Settings\Owner.LAURENT\Mes documents\Téléchargement\SmitFraudFix.zip: trouvé !
C:\Documents and Settings\Owner.LAURENT\Mes documents\Téléchargement\MSNFix.exe: trouvé !
C:\Documents and Settings\Owner.LAURENT\Mes documents\Téléchargement\HijackThis.exe: trouvé !
C:\Documents and Settings\Owner.LAURENT\Mes documents\Téléchargement\hijackthis.log: trouvé !
C:\Hijackthis\hijackthis.log: trouvé !
C:\Program Files\MsnFix: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\QooBox\Quarantine\catchme.log: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !
C:\WINDOWS\Gmer.exe: trouvé !
C:\WINDOWS\msnfix.txt: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\Owner.LAURENT\Bureau\Gmer.exe: supprimé !
C:\Documents and Settings\Owner.LAURENT\Mes documents\Téléchargement\SmitFraudFix.zip: supprimé !
C:\Documents and Settings\Owner.LAURENT\Mes documents\Téléchargement\MSNFix.exe: supprimé !
C:\Documents and Settings\Owner.LAURENT\Mes documents\Téléchargement\HijackThis.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\WINDOWS\Gmer.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\Documents and Settings\Owner.LAURENT\Mes documents\Téléchargement\hijackthis.log: supprimé !
C:\Hijackthis\hijackthis.log: supprimé !
C:\QooBox\Quarantine\catchme.log: supprimé !
C:\WINDOWS\msnfix.txt: supprimé !
C:\Combofix: supprimé !
C:\HijackThis: supprimé !
C:\Qoobox: supprimé !
C:\Rsit: supprimé !
C:\Program Files\MsnFix: supprimé !
C:\Program Files\Navilog1: supprimé !


Est ce que je dois créer un nouveau point de restauration?
A bientôt!
ouam
 
Messages: 24
Inscription: Ven 25 Déc 2009 01:39
Haut

Re: windows ne reconnait plus mon antivirus

Messagede TopXm » Lun 18 Jan 2010 09:21

Salut,

Impeccable ! Pour le point de restauration, en fait quand tu as re-décoché l'option, Windows a automatiquement créé un nouveau point de restauration. D'autres souci ?
;-)
Image
Avatar de l’utilisateur
TopXm
Modérateur
 
Messages: 377
Inscription: Lun 8 Sep 2008 12:29
Haut

Re: windows ne reconnait plus mon antivirus

Messagede ouam » Lun 18 Jan 2010 09:28

Re,
OK, parfait! Donc, on a terminé?
ouam
 
Messages: 24
Inscription: Ven 25 Déc 2009 01:39
Haut

Re: windows ne reconnait plus mon antivirus

Messagede TopXm » Lun 18 Jan 2010 09:35

Ben pour moi ça a l'air OK, si pour toi ça l'est, alors oui on a terminé ;-)
Image
Avatar de l’utilisateur
TopXm
Modérateur
 
Messages: 377
Inscription: Lun 8 Sep 2008 12:29
Haut

Re: windows ne reconnait plus mon antivirus

Messagede ouam » Lun 18 Jan 2010 10:10

Bon, alors il ne me reste plus qu'à te remercier.
Tu vas me manquer.... :larme:
Bravo pour ce bon travail :clap:
TopXm t'es le meilleur !!! :super: .

Bonne continuation et compte sur moi pour te faire de la pub!
Merci, merci et merci!
ouam
 
Messages: 24
Inscription: Ven 25 Déc 2009 01:39
Haut

Re: windows ne reconnait plus mon antivirus

Messagede TopXm » Lun 18 Jan 2010 10:18

Merci, merci, arrêtez les fleurs ;-)

Bonne route et pour la pub, limite toi au site :super:

Je passe ton sujet en [Résolu]
Image
Avatar de l’utilisateur
TopXm
Modérateur
 
Messages: 377
Inscription: Lun 8 Sep 2008 12:29
Haut
Précédente
Ecrire un commentaire

Retourner vers Désinfection de virus & nettoyage des nuisances

 


  • Articles en relation
    Réponses
    Vus
    Dernier message

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 0 invités



• Powered by phpBB • Template by Oxygène PC based on xabbBluephpBB SEOPlan du sitePlan des forums
Partenaires : Assiste PCInformatrucLibellulesMalekal.com

Hadopi vous surveille

Oxygène PC © 2008 - 2009

Creative Commons License