mattatack
-
Compteur de contenus
4 -
Inscription
-
Dernière visite
mattatack's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
encore un malware defense sur un PC
mattatack a répondu à un(e) sujet de mattatack dans Analyses et éradication malwares
c'est bon pour le centre de sécurité. Je suis rentré dans les outils d'administration pour démarrer le centre de sécurité windows en manuel. J'ai redémarré et remis en auto. Reste à savoir si MBAM doit rester sur mon ordi. Un GRAND GRAND MERCI pour le boulot que vous faîtes, à toute votre équipe!!!!!!!!!!!!!!! -
encore un malware defense sur un PC
mattatack a répondu à un(e) sujet de mattatack dans Analyses et éradication malwares
Bonjour, Apparemment c'est ok ce matin. Par contre, je n'arrive pas à activer le centre de sécurité Windows... Je voulais savoir également si je devais garder MBAM sur mon ordi. Merci encore -
encore un malware defense sur un PC
mattatack a répondu à un(e) sujet de mattatack dans Analyses et éradication malwares
Bonsoir, j'ai suivi à la lettre ce que vous m'avez dit de faire : voici les rapports Merci encore Bonne nuit A demain 22:39:46:952 4524 TDSSKiller 2.1.1 Dec 20 2009 02:40:02 22:39:46:952 4524 ================================================================================ 22:39:46:952 4524 SystemInfo: 22:39:46:952 4524 OS Version: 6.0.6000 ServicePack: 0.0 22:39:46:952 4524 Product type: Workstation 22:39:46:952 4524 ComputerName: PC-DE-JENMATT 22:39:46:953 4524 UserName: jenmatt 22:39:46:953 4524 Windows directory: C:\Windows 22:39:46:953 4524 Processor architecture: Intel x86 22:39:46:953 4524 Number of processors: 2 22:39:46:953 4524 Page size: 0x1000 22:39:46:955 4524 Boot type: Normal boot 22:39:46:955 4524 ================================================================================ 22:39:46:960 4524 ForceUnloadDriver: NtUnloadDriver error 2 22:39:46:961 4524 ForceUnloadDriver: NtUnloadDriver error 2 22:39:46:962 4524 ForceUnloadDriver: NtUnloadDriver error 2 22:39:46:963 4524 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\Drivers\KLMD.sys) returned status 0 22:39:46:963 4524 main: Driver KLMD successfully dropped 22:39:48:054 4524 main: Driver KLMD successfully loaded 22:39:48:054 4524 Scanning Registry ... 22:39:48:055 4524 ScanServices: Searching service UACd.sys 22:39:48:055 4524 ScanServices: Open/Create key error 2 22:39:48:055 4524 ScanServices: Searching service TDSSserv.sys 22:39:48:055 4524 ScanServices: Open/Create key error 2 22:39:48:055 4524 ScanServices: Searching service gaopdxserv.sys 22:39:48:055 4524 ScanServices: Open/Create key error 2 22:39:48:055 4524 ScanServices: Searching service gxvxcserv.sys 22:39:48:055 4524 ScanServices: Open/Create key error 2 22:39:48:055 4524 ScanServices: Searching service MSIVXserv.sys 22:39:48:055 4524 ScanServices: Open/Create key error 2 22:39:48:060 4524 UnhookRegistry: Kernel module file name: C:\Windows\system32\ntkrnlpa.exe, base addr: 82000000 22:39:48:301 4524 UnhookRegistry: Kernel local addr: 1400000 22:39:48:301 4524 UnhookRegistry: KeServiceDescriptorTable addr: 1531B00 22:39:48:339 4524 UnhookRegistry: KiServiceTable addr: 14807B4 22:39:48:339 4524 UnhookRegistry: NtEnumerateKey service number (local): 85 22:39:48:339 4524 UnhookRegistry: NtEnumerateKey local addr: 1537F06 22:39:48:346 4524 KLMD_OpenDevice: Trying to open KLMD device 22:39:48:346 4524 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey 22:39:48:346 4524 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey 22:39:48:346 4524 KLMD_ReadMem: Trying to ReadMemory 0x8207E735[0x4] 22:39:48:346 4524 UnhookRegistry: NtEnumerateKey service number (kernel): 85 22:39:48:346 4524 KLMD_ReadMem: Trying to ReadMemory 0x820809C8[0x4] 22:39:48:346 4524 UnhookRegistry: NtEnumerateKey real addr: 82137F06 22:39:48:346 4524 UnhookRegistry: NtEnumerateKey calc addr: 82137F06 22:39:48:346 4524 UnhookRegistry: No SDT hooks found on NtEnumerateKey 22:39:48:346 4524 KLMD_ReadMem: Trying to ReadMemory 0x82137F06[0xA] 22:39:48:346 4524 UnhookRegistry: No splicing found on NtEnumerateKey 22:39:48:352 4524 Scanning Kernel memory ... 22:39:48:353 4524 KLMD_OpenDevice: Trying to open KLMD device 22:39:48:353 4524 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk 22:39:48:353 4524 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 22:39:48:353 4524 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 84CB5520 22:39:48:353 4524 DetectCureTDL3: KLMD_GetDeviceObjectList returned 5 DevObjects 22:39:48:353 4524 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 85C94AD8 22:39:48:353 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85C94AD8 22:39:48:353 4524 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 85A1EA10 22:39:48:353 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85A1EA10 22:39:48:353 4524 KLMD_ReadMem: Trying to ReadMemory 0x85A1EA10[0x38] 22:39:48:353 4524 DetectCureTDL3: DRIVER_OBJECT addr: 860AE640 22:39:48:353 4524 KLMD_ReadMem: Trying to ReadMemory 0x860AE640[0xA8] 22:39:48:353 4524 KLMD_ReadMem: Trying to ReadMemory 0x86085DD8[0x208] 22:39:48:353 4524 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 22:39:48:354 4524 DetectCureTDL3: IrpHandler (0) addr: 8CD1AB40 22:39:48:354 4524 DetectCureTDL3: IrpHandler (1) addr: 8201D1D9 22:39:48:354 4524 DetectCureTDL3: IrpHandler (2) addr: 8CD1ABB8 22:39:48:354 4524 DetectCureTDL3: IrpHandler (3) addr: 8CD1AC30 22:39:48:354 4524 DetectCureTDL3: IrpHandler (4) addr: 8CD1AC30 22:39:48:354 4524 DetectCureTDL3: IrpHandler (5) addr: 8201D1D9 22:39:48:354 4524 DetectCureTDL3: IrpHandler (6) addr: 8201D1D9 22:39:48:354 4524 DetectCureTDL3: IrpHandler (7) addr: 8201D1D9 22:39:48:354 4524 DetectCureTDL3: IrpHandler ( addr: 8201D1D9 22:39:48:354 4524 DetectCureTDL3: IrpHandler (9) addr: 8201D1D9 22:39:48:354 4524 DetectCureTDL3: IrpHandler (10) addr: 8201D1D9 22:39:48:354 4524 DetectCureTDL3: IrpHandler (11) addr: 8201D1D9 22:39:48:354 4524 DetectCureTDL3: IrpHandler (12) addr: 8201D1D9 22:39:48:354 4524 DetectCureTDL3: IrpHandler (13) addr: 8201D1D9 22:39:48:354 4524 DetectCureTDL3: IrpHandler (14) addr: 8CD1A828 22:39:48:354 4524 DetectCureTDL3: IrpHandler (15) addr: 8CD0F4AA 22:39:48:354 4524 DetectCureTDL3: IrpHandler (16) addr: 8201D1D9 22:39:48:354 4524 DetectCureTDL3: IrpHandler (17) addr: 8201D1D9 22:39:48:354 4524 DetectCureTDL3: IrpHandler (18) addr: 8201D1D9 22:39:48:354 4524 DetectCureTDL3: IrpHandler (19) addr: 8201D1D9 22:39:48:354 4524 DetectCureTDL3: IrpHandler (20) addr: 8201D1D9 22:39:48:354 4524 DetectCureTDL3: IrpHandler (21) addr: 8201D1D9 22:39:48:354 4524 DetectCureTDL3: IrpHandler (22) addr: 8CD18F9A 22:39:48:354 4524 DetectCureTDL3: IrpHandler (23) addr: 8CD167A2 22:39:48:355 4524 DetectCureTDL3: IrpHandler (24) addr: 8201D1D9 22:39:48:355 4524 DetectCureTDL3: IrpHandler (25) addr: 8201D1D9 22:39:48:355 4524 DetectCureTDL3: IrpHandler (26) addr: 8201D1D9 22:39:48:355 4524 KLMD_ReadMem: Trying to ReadMemory 0x8CD11A44[0x400] 22:39:48:355 4524 TDL3_StartIoHookDetect: CheckParameters: 5, 8CD15000, 0, 0 22:39:48:355 4524 TDL3_FileDetect: Processing driver: USBSTOR 22:39:48:355 4524 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\usbstor.sys, C:\Windows\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk 22:39:48:355 4524 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\usbstor.sys 22:39:48:355 4524 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\usbstor.sys 22:39:48:366 4524 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 85C9F7F0 22:39:48:366 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85C9F7F0 22:39:48:366 4524 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 85A1E030 22:39:48:366 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85A1E030 22:39:48:366 4524 KLMD_ReadMem: Trying to ReadMemory 0x85A1E030[0x38] 22:39:48:366 4524 DetectCureTDL3: DRIVER_OBJECT addr: 860AE640 22:39:48:366 4524 KLMD_ReadMem: Trying to ReadMemory 0x860AE640[0xA8] 22:39:48:366 4524 KLMD_ReadMem: Trying to ReadMemory 0x86085DD8[0x208] 22:39:48:366 4524 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 22:39:48:366 4524 DetectCureTDL3: IrpHandler (0) addr: 8CD1AB40 22:39:48:366 4524 DetectCureTDL3: IrpHandler (1) addr: 8201D1D9 22:39:48:366 4524 DetectCureTDL3: IrpHandler (2) addr: 8CD1ABB8 22:39:48:366 4524 DetectCureTDL3: IrpHandler (3) addr: 8CD1AC30 22:39:48:366 4524 DetectCureTDL3: IrpHandler (4) addr: 8CD1AC30 22:39:48:366 4524 DetectCureTDL3: IrpHandler (5) addr: 8201D1D9 22:39:48:366 4524 DetectCureTDL3: IrpHandler (6) addr: 8201D1D9 22:39:48:367 4524 DetectCureTDL3: IrpHandler (7) addr: 8201D1D9 22:39:48:367 4524 DetectCureTDL3: IrpHandler ( addr: 8201D1D9 22:39:48:367 4524 DetectCureTDL3: IrpHandler (9) addr: 8201D1D9 22:39:48:367 4524 DetectCureTDL3: IrpHandler (10) addr: 8201D1D9 22:39:48:367 4524 DetectCureTDL3: IrpHandler (11) addr: 8201D1D9 22:39:48:367 4524 DetectCureTDL3: IrpHandler (12) addr: 8201D1D9 22:39:48:367 4524 DetectCureTDL3: IrpHandler (13) addr: 8201D1D9 22:39:48:367 4524 DetectCureTDL3: IrpHandler (14) addr: 8CD1A828 22:39:48:367 4524 DetectCureTDL3: IrpHandler (15) addr: 8CD0F4AA 22:39:48:367 4524 DetectCureTDL3: IrpHandler (16) addr: 8201D1D9 22:39:48:367 4524 DetectCureTDL3: IrpHandler (17) addr: 8201D1D9 22:39:48:367 4524 DetectCureTDL3: IrpHandler (18) addr: 8201D1D9 22:39:48:367 4524 DetectCureTDL3: IrpHandler (19) addr: 8201D1D9 22:39:48:367 4524 DetectCureTDL3: IrpHandler (20) addr: 8201D1D9 22:39:48:367 4524 DetectCureTDL3: IrpHandler (21) addr: 8201D1D9 22:39:48:367 4524 DetectCureTDL3: IrpHandler (22) addr: 8CD18F9A 22:39:48:367 4524 DetectCureTDL3: IrpHandler (23) addr: 8CD167A2 22:39:48:367 4524 DetectCureTDL3: IrpHandler (24) addr: 8201D1D9 22:39:48:367 4524 DetectCureTDL3: IrpHandler (25) addr: 8201D1D9 22:39:48:367 4524 DetectCureTDL3: IrpHandler (26) addr: 8201D1D9 22:39:48:367 4524 KLMD_ReadMem: Trying to ReadMemory 0x8CD11A44[0x400] 22:39:48:368 4524 TDL3_StartIoHookDetect: CheckParameters: 5, 8CD15000, 0, 0 22:39:48:368 4524 TDL3_FileDetect: Processing driver: USBSTOR 22:39:48:368 4524 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\usbstor.sys, C:\Windows\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk 22:39:48:368 4524 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\usbstor.sys 22:39:48:368 4524 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\usbstor.sys 22:39:48:371 4524 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 85C9F030 22:39:48:371 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85C9F030 22:39:48:371 4524 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 860DA1A8 22:39:48:371 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 860DA1A8 22:39:48:371 4524 KLMD_ReadMem: Trying to ReadMemory 0x860DA1A8[0x38] 22:39:48:371 4524 DetectCureTDL3: DRIVER_OBJECT addr: 860AE640 22:39:48:371 4524 KLMD_ReadMem: Trying to ReadMemory 0x860AE640[0xA8] 22:39:48:371 4524 KLMD_ReadMem: Trying to ReadMemory 0x86085DD8[0x208] 22:39:48:371 4524 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 22:39:48:371 4524 DetectCureTDL3: IrpHandler (0) addr: 8CD1AB40 22:39:48:371 4524 DetectCureTDL3: IrpHandler (1) addr: 8201D1D9 22:39:48:371 4524 DetectCureTDL3: IrpHandler (2) addr: 8CD1ABB8 22:39:48:371 4524 DetectCureTDL3: IrpHandler (3) addr: 8CD1AC30 22:39:48:372 4524 DetectCureTDL3: IrpHandler (4) addr: 8CD1AC30 22:39:48:372 4524 DetectCureTDL3: IrpHandler (5) addr: 8201D1D9 22:39:48:372 4524 DetectCureTDL3: IrpHandler (6) addr: 8201D1D9 22:39:48:372 4524 DetectCureTDL3: IrpHandler (7) addr: 8201D1D9 22:39:48:372 4524 DetectCureTDL3: IrpHandler ( addr: 8201D1D9 22:39:48:372 4524 DetectCureTDL3: IrpHandler (9) addr: 8201D1D9 22:39:48:372 4524 DetectCureTDL3: IrpHandler (10) addr: 8201D1D9 22:39:48:372 4524 DetectCureTDL3: IrpHandler (11) addr: 8201D1D9 22:39:48:372 4524 DetectCureTDL3: IrpHandler (12) addr: 8201D1D9 22:39:48:372 4524 DetectCureTDL3: IrpHandler (13) addr: 8201D1D9 22:39:48:372 4524 DetectCureTDL3: IrpHandler (14) addr: 8CD1A828 22:39:48:372 4524 DetectCureTDL3: IrpHandler (15) addr: 8CD0F4AA 22:39:48:372 4524 DetectCureTDL3: IrpHandler (16) addr: 8201D1D9 22:39:48:372 4524 DetectCureTDL3: IrpHandler (17) addr: 8201D1D9 22:39:48:372 4524 DetectCureTDL3: IrpHandler (18) addr: 8201D1D9 22:39:48:372 4524 DetectCureTDL3: IrpHandler (19) addr: 8201D1D9 22:39:48:372 4524 DetectCureTDL3: IrpHandler (20) addr: 8201D1D9 22:39:48:372 4524 DetectCureTDL3: IrpHandler (21) addr: 8201D1D9 22:39:48:373 4524 DetectCureTDL3: IrpHandler (22) addr: 8CD18F9A 22:39:48:373 4524 DetectCureTDL3: IrpHandler (23) addr: 8CD167A2 22:39:48:373 4524 DetectCureTDL3: IrpHandler (24) addr: 8201D1D9 22:39:48:373 4524 DetectCureTDL3: IrpHandler (25) addr: 8201D1D9 22:39:48:373 4524 DetectCureTDL3: IrpHandler (26) addr: 8201D1D9 22:39:48:373 4524 KLMD_ReadMem: Trying to ReadMemory 0x8CD11A44[0x400] 22:39:48:373 4524 TDL3_StartIoHookDetect: CheckParameters: 5, 8CD15000, 0, 0 22:39:48:373 4524 TDL3_FileDetect: Processing driver: USBSTOR 22:39:48:373 4524 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\usbstor.sys, C:\Windows\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk 22:39:48:373 4524 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\usbstor.sys 22:39:48:373 4524 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\usbstor.sys 22:39:48:382 4524 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 85A1E4B8 22:39:48:382 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85A1E4B8 22:39:48:382 4524 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 860B5AD0 22:39:48:383 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 860B5AD0 22:39:48:383 4524 KLMD_ReadMem: Trying to ReadMemory 0x860B5AD0[0x38] 22:39:48:383 4524 DetectCureTDL3: DRIVER_OBJECT addr: 860AE640 22:39:48:383 4524 KLMD_ReadMem: Trying to ReadMemory 0x860AE640[0xA8] 22:39:48:383 4524 KLMD_ReadMem: Trying to ReadMemory 0x86085DD8[0x208] 22:39:48:383 4524 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 22:39:48:383 4524 DetectCureTDL3: IrpHandler (0) addr: 8CD1AB40 22:39:48:383 4524 DetectCureTDL3: IrpHandler (1) addr: 8201D1D9 22:39:48:383 4524 DetectCureTDL3: IrpHandler (2) addr: 8CD1ABB8 22:39:48:383 4524 DetectCureTDL3: IrpHandler (3) addr: 8CD1AC30 22:39:48:383 4524 DetectCureTDL3: IrpHandler (4) addr: 8CD1AC30 22:39:48:383 4524 DetectCureTDL3: IrpHandler (5) addr: 8201D1D9 22:39:48:383 4524 DetectCureTDL3: IrpHandler (6) addr: 8201D1D9 22:39:48:383 4524 DetectCureTDL3: IrpHandler (7) addr: 8201D1D9 22:39:48:383 4524 DetectCureTDL3: IrpHandler ( addr: 8201D1D9 22:39:48:383 4524 DetectCureTDL3: IrpHandler (9) addr: 8201D1D9 22:39:48:383 4524 DetectCureTDL3: IrpHandler (10) addr: 8201D1D9 22:39:48:383 4524 DetectCureTDL3: IrpHandler (11) addr: 8201D1D9 22:39:48:384 4524 DetectCureTDL3: IrpHandler (12) addr: 8201D1D9 22:39:48:384 4524 DetectCureTDL3: IrpHandler (13) addr: 8201D1D9 22:39:48:384 4524 DetectCureTDL3: IrpHandler (14) addr: 8CD1A828 22:39:48:384 4524 DetectCureTDL3: IrpHandler (15) addr: 8CD0F4AA 22:39:48:384 4524 DetectCureTDL3: IrpHandler (16) addr: 8201D1D9 22:39:48:384 4524 DetectCureTDL3: IrpHandler (17) addr: 8201D1D9 22:39:48:384 4524 DetectCureTDL3: IrpHandler (18) addr: 8201D1D9 22:39:48:384 4524 DetectCureTDL3: IrpHandler (19) addr: 8201D1D9 22:39:48:384 4524 DetectCureTDL3: IrpHandler (20) addr: 8201D1D9 22:39:48:384 4524 DetectCureTDL3: IrpHandler (21) addr: 8201D1D9 22:39:48:384 4524 DetectCureTDL3: IrpHandler (22) addr: 8CD18F9A 22:39:48:384 4524 DetectCureTDL3: IrpHandler (23) addr: 8CD167A2 22:39:48:384 4524 DetectCureTDL3: IrpHandler (24) addr: 8201D1D9 22:39:48:384 4524 DetectCureTDL3: IrpHandler (25) addr: 8201D1D9 22:39:48:384 4524 DetectCureTDL3: IrpHandler (26) addr: 8201D1D9 22:39:48:384 4524 KLMD_ReadMem: Trying to ReadMemory 0x8CD11A44[0x400] 22:39:48:384 4524 TDL3_StartIoHookDetect: CheckParameters: 5, 8CD15000, 0, 0 22:39:48:384 4524 TDL3_FileDetect: Processing driver: USBSTOR 22:39:48:385 4524 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\usbstor.sys, C:\Windows\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk 22:39:48:385 4524 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\usbstor.sys 22:39:48:385 4524 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\usbstor.sys 22:39:48:387 4524 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 84CD4978 22:39:48:387 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84CD4978 22:39:48:387 4524 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 84275838 22:39:48:387 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84275838 22:39:48:388 4524 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 842718F0 22:39:48:388 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 842718F0 22:39:48:388 4524 KLMD_ReadMem: Trying to ReadMemory 0x842718F0[0x38] 22:39:48:388 4524 DetectCureTDL3: DRIVER_OBJECT addr: 84267E40 22:39:48:388 4524 KLMD_ReadMem: Trying to ReadMemory 0x84267E40[0xA8] 22:39:48:388 4524 KLMD_ReadMem: Trying to ReadMemory 0x84BFB410[0x208] 22:39:48:388 4524 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 22:39:48:388 4524 DetectCureTDL3: IrpHandler (0) addr: 807A00C2 22:39:48:388 4524 DetectCureTDL3: IrpHandler (1) addr: 8201D1D9 22:39:48:388 4524 DetectCureTDL3: IrpHandler (2) addr: 807A00C2 22:39:48:388 4524 DetectCureTDL3: IrpHandler (3) addr: 8201D1D9 22:39:48:388 4524 DetectCureTDL3: IrpHandler (4) addr: 8201D1D9 22:39:48:389 4524 DetectCureTDL3: IrpHandler (5) addr: 8201D1D9 22:39:48:389 4524 DetectCureTDL3: IrpHandler (6) addr: 8201D1D9 22:39:48:389 4524 DetectCureTDL3: IrpHandler (7) addr: 8201D1D9 22:39:48:389 4524 DetectCureTDL3: IrpHandler ( addr: 8201D1D9 22:39:48:389 4524 DetectCureTDL3: IrpHandler (9) addr: 8201D1D9 22:39:48:389 4524 DetectCureTDL3: IrpHandler (10) addr: 8201D1D9 22:39:48:389 4524 DetectCureTDL3: IrpHandler (11) addr: 8201D1D9 22:39:48:389 4524 DetectCureTDL3: IrpHandler (12) addr: 8201D1D9 22:39:48:389 4524 DetectCureTDL3: IrpHandler (13) addr: 8201D1D9 22:39:48:389 4524 DetectCureTDL3: IrpHandler (14) addr: 8078E9F4 22:39:48:389 4524 DetectCureTDL3: IrpHandler (15) addr: 8078E9C6 22:39:48:389 4524 DetectCureTDL3: IrpHandler (16) addr: 8201D1D9 22:39:48:389 4524 DetectCureTDL3: IrpHandler (17) addr: 8201D1D9 22:39:48:389 4524 DetectCureTDL3: IrpHandler (18) addr: 8201D1D9 22:39:48:389 4524 DetectCureTDL3: IrpHandler (19) addr: 8201D1D9 22:39:48:389 4524 DetectCureTDL3: IrpHandler (20) addr: 8201D1D9 22:39:48:389 4524 DetectCureTDL3: IrpHandler (21) addr: 8201D1D9 22:39:48:389 4524 DetectCureTDL3: IrpHandler (22) addr: 8078EA22 22:39:48:389 4524 DetectCureTDL3: IrpHandler (23) addr: 8079BB36 22:39:48:389 4524 DetectCureTDL3: IrpHandler (24) addr: 8201D1D9 22:39:48:389 4524 DetectCureTDL3: IrpHandler (25) addr: 8201D1D9 22:39:48:389 4524 DetectCureTDL3: IrpHandler (26) addr: 8201D1D9 22:39:48:389 4524 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 22:39:48:390 4524 KLMD_ReadMem: DeviceIoControl error 1 22:39:48:390 4524 TDL3_StartIoHookDetect: Unable to get StartIo handler code 22:39:48:390 4524 TDL3_FileDetect: Processing driver: atapi 22:39:48:390 4524 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\atapi.sys, C:\Windows\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk 22:39:48:390 4524 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys 22:39:48:390 4524 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys 22:39:48:396 4524 Completed Results: 22:39:48:397 4524 Infected objects in memory: 0 22:39:48:397 4524 Cured objects in memory: 0 22:39:48:398 4524 Infected objects on disk: 0 22:39:48:398 4524 Objects on disk cured on reboot: 0 22:39:48:399 4524 Objects on disk deleted on reboot: 0 22:39:48:399 4524 Registry nodes deleted on reboot: 0 22:39:48:400 4524 (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((( (((((((((((((((((MBAM)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) ))))))))))))))))))))))))))))))))))))))))) Malwarebytes' Anti-Malware 1.42 Version de la base de données: 3452 Windows 6.0.6000 Internet Explorer 7.0.6000.16945 29/12/2009 23:53:06 mbam-log-2009-12-29 (23-53-06).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 240623 Temps écoulé: 47 minute(s), 40 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\h8srtd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\settdebugx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malware defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Users\jenmatt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1OWLEXV\eHe1f6547aV03f01630002Ra5a024c7108Taacf99f2Q000002fd900801F002a000aJ0b00060 1l000c318U4e1b3cd30[1] (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Windows\System32\H8SRTcbgrxxosrb.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Windows\System32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Windows\System32\H8SRTekmkvjsfyb.dat (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Users\jenmatt\AppData\Local\Temp\H8SRT4a58.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. -
encore un malware defense sur un PC
mattatack a posté un sujet dans Analyses et éradication malwares
Bonjour, Moi aussi, j'y ai eu droit pour les fêtes...une offre pour malware defense. J'étais sous Avira qui s'est incliné et depuis ce matin, ça n'arrète pas!. J'ai lu un peu sur le forum, mais je n'ose pas trop m'engager seul dans cette aventure. Pouvez-vous m'aider? Pour l'instant, j'ai mis Avast (sans être persudé que c'est mieux qu'Avira), essayer MBAM que je n'arrive pas à ouvrir et télécharger HijackThis dont voici le rapport: En vous remerciant par avance Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:24:02, on 29/12/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe C:\Windows\vVX1000.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\jenmatt\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [settdebugx.exe] C:\Users\jenmatt\AppData\Local\Temp\settdebugx.exe O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resou...NPUpldfr-fr.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://jeuxenligne.orange.fr/orange2.0/gam...eb.1.0.0.10.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 9986 bytes