encore un malware defense sur un PC

[mattatack]

Bonjour,

 

Moi aussi, j'y ai eu droit pour les fêtes...une offre pour malware defense. J'étais sous Avira qui s'est incliné et depuis ce matin, ça n'arrète pas!. J'ai lu un peu sur le forum, mais je n'ose pas trop m'engager seul dans cette aventure.

Pouvez-vous m'aider?

Pour l'instant, j'ai mis Avast (sans être persudé que c'est mieux qu'Avira), essayer MBAM que je n'arrive pas à ouvrir et télécharger HijackThis dont voici le rapport:

 

En vous remerciant par avance

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:24:02, on 29/12/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe

C:\Windows\vVX1000.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\jenmatt\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe

O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [settdebugx.exe] C:\Users\jenmatt\AppData\Local\Temp\settdebugx.exe

O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resou...NPUpldfr-fr.cab

O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab

O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://jeuxenligne.orange.fr/orange2.0/gam...eb.1.0.0.10.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 9986 bytes

[pear]

Bonsoir,

 

es infections Koobface, Malware Defenseinstallent un proxy , empêchant une connexion normale

Désactivez le proxy ajouté par l'infection

pour cela :

Sous Firefox

Menu Editions / Préférences puis onglet Avancés.

Cliquez sur Réseau et Paramètres.

Choisissez "Ne pas mettre de Proxy".

Sous Internet Explorer

menu Outils ->Options Internet.

Onglet Connexions puis en bas,désactiver le proxy.

Redémarrez l'ordinateur

Sous Vista,

la désactivation du proxy dans IE ne suffit pas à rétablir les mises à jour.

 

Pour rétablir Windows Update, il faut lancer la commande suivante (avec les droits administrateur):

Démarrer->Exécuter

netsh winhttp reset proxy

 

 

Télécharger load_tdsskiller de Loup Blanc sur le Bureau

Cet outil est conçu pour automatiser différentes tâches proposées par TDSSKiller, un fix de Kaspersky.

• Lancer load_tdsskiller en double-cliquant dessus :
  l'outil va se connecter au Net pour télécharger une copie à jour de TDSSKiller et lancer le scan
  
• Un message dans la fenêtre noire d'invite de commande vous demandera d'appuyer sur une touche pour continuer
  
• Le rapport s'affichera automatiquement : copier-coller son contenu dans la prochaine réponse
  (le fichier est également présent ici : C:\tdsskiller\report.txt)
  
• Redémarrer le PC
  

 

rkill.comTélécharger Rkill de Grinler sur le bureau,

double clic pour le lancer.

Sous Vista, faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur"

Une fenêtre (très rapide) indiquera que tout s'est bien déroulé.

Pour Vista, faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

 

 

Téléchargez MBAM

 

Branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)

Vous devez désactiver vos protections et ne savez pas comment faire

 

Sur Bleeping Computers en Anglais:

 

Sur PCA,En Français

* Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet)

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

Vérifiez que les options Update et Launch soient cochées

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue..

* Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:

Si le pare-feu demande l'autorisation à MBAM de se connecter, acceptez.

* Une fois la mise à jour terminée, allez dans l'onglet Recherche.

* Sélectionnez "Exécuter un examen complet"

* Cliquez sur "Rechercher"

* .L' analyse prendra un certain temps, soyez patient !

* A la fin , un message affichera :

L'examen s'est terminé normalement.

 

*Si MBAM n'a rien trouvé, il le dira aussi.

Cliquez sur "Ok" pour poursuivre.

*Fermez les navigateurs.

Cliquez sur Afficher les résultats .

 

*Sélectionnez tout et cliquez sur Supprimer la sélection ,

MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

* Copiez-collez ce rapport dans la prochaine réponse.

[Apollo]

Bonsoir,

 

Edit: J'ai rien dit

 

Speedy pear est passé par là

 

@++

Modifié le 29 décembre 2009 par Apollo

[pear]

Oui,mais de peu!

Sur ce , je vais me coucher.

A demain, svp.

[mattatack]

Bonsoir,

 

j'ai suivi à la lettre ce que vous m'avez dit de faire : voici les rapports

 

Merci encore

Bonne nuit

A demain

 

22:39:46:952 4524 TDSSKiller 2.1.1 Dec 20 2009 02:40:02

22:39:46:952 4524 ================================================================================

22:39:46:952 4524 SystemInfo:

 

22:39:46:952 4524 OS Version: 6.0.6000 ServicePack: 0.0

22:39:46:952 4524 Product type: Workstation

22:39:46:952 4524 ComputerName: PC-DE-JENMATT

22:39:46:953 4524 UserName: jenmatt

22:39:46:953 4524 Windows directory: C:\Windows

22:39:46:953 4524 Processor architecture: Intel x86

22:39:46:953 4524 Number of processors: 2

22:39:46:953 4524 Page size: 0x1000

22:39:46:955 4524 Boot type: Normal boot

22:39:46:955 4524 ================================================================================

22:39:46:960 4524 ForceUnloadDriver: NtUnloadDriver error 2

22:39:46:961 4524 ForceUnloadDriver: NtUnloadDriver error 2

22:39:46:962 4524 ForceUnloadDriver: NtUnloadDriver error 2

22:39:46:963 4524 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\Drivers\KLMD.sys) returned status 0

22:39:46:963 4524 main: Driver KLMD successfully dropped

22:39:48:054 4524 main: Driver KLMD successfully loaded

22:39:48:054 4524

Scanning Registry ...

22:39:48:055 4524 ScanServices: Searching service UACd.sys

22:39:48:055 4524 ScanServices: Open/Create key error 2

22:39:48:055 4524 ScanServices: Searching service TDSSserv.sys

22:39:48:055 4524 ScanServices: Open/Create key error 2

22:39:48:055 4524 ScanServices: Searching service gaopdxserv.sys

22:39:48:055 4524 ScanServices: Open/Create key error 2

22:39:48:055 4524 ScanServices: Searching service gxvxcserv.sys

22:39:48:055 4524 ScanServices: Open/Create key error 2

22:39:48:055 4524 ScanServices: Searching service MSIVXserv.sys

22:39:48:055 4524 ScanServices: Open/Create key error 2

22:39:48:060 4524 UnhookRegistry: Kernel module file name: C:\Windows\system32\ntkrnlpa.exe, base addr: 82000000

22:39:48:301 4524 UnhookRegistry: Kernel local addr: 1400000

22:39:48:301 4524 UnhookRegistry: KeServiceDescriptorTable addr: 1531B00

22:39:48:339 4524 UnhookRegistry: KiServiceTable addr: 14807B4

22:39:48:339 4524 UnhookRegistry: NtEnumerateKey service number (local): 85

22:39:48:339 4524 UnhookRegistry: NtEnumerateKey local addr: 1537F06

22:39:48:346 4524 KLMD_OpenDevice: Trying to open KLMD device

22:39:48:346 4524 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey

22:39:48:346 4524 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey

22:39:48:346 4524 KLMD_ReadMem: Trying to ReadMemory 0x8207E735[0x4]

22:39:48:346 4524 UnhookRegistry: NtEnumerateKey service number (kernel): 85

22:39:48:346 4524 KLMD_ReadMem: Trying to ReadMemory 0x820809C8[0x4]

22:39:48:346 4524 UnhookRegistry: NtEnumerateKey real addr: 82137F06

22:39:48:346 4524 UnhookRegistry: NtEnumerateKey calc addr: 82137F06

22:39:48:346 4524 UnhookRegistry: No SDT hooks found on NtEnumerateKey

22:39:48:346 4524 KLMD_ReadMem: Trying to ReadMemory 0x82137F06[0xA]

22:39:48:346 4524 UnhookRegistry: No splicing found on NtEnumerateKey

22:39:48:352 4524

Scanning Kernel memory ...

22:39:48:353 4524 KLMD_OpenDevice: Trying to open KLMD device

22:39:48:353 4524 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk

22:39:48:353 4524 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk

22:39:48:353 4524 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 84CB5520

22:39:48:353 4524 DetectCureTDL3: KLMD_GetDeviceObjectList returned 5 DevObjects

22:39:48:353 4524 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 85C94AD8

22:39:48:353 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85C94AD8

22:39:48:353 4524 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 85A1EA10

22:39:48:353 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85A1EA10

22:39:48:353 4524 KLMD_ReadMem: Trying to ReadMemory 0x85A1EA10[0x38]

22:39:48:353 4524 DetectCureTDL3: DRIVER_OBJECT addr: 860AE640

22:39:48:353 4524 KLMD_ReadMem: Trying to ReadMemory 0x860AE640[0xA8]

22:39:48:353 4524 KLMD_ReadMem: Trying to ReadMemory 0x86085DD8[0x208]

22:39:48:353 4524 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

22:39:48:354 4524 DetectCureTDL3: IrpHandler (0) addr: 8CD1AB40

22:39:48:354 4524 DetectCureTDL3: IrpHandler (1) addr: 8201D1D9

22:39:48:354 4524 DetectCureTDL3: IrpHandler (2) addr: 8CD1ABB8

22:39:48:354 4524 DetectCureTDL3: IrpHandler (3) addr: 8CD1AC30

22:39:48:354 4524 DetectCureTDL3: IrpHandler (4) addr: 8CD1AC30

22:39:48:354 4524 DetectCureTDL3: IrpHandler (5) addr: 8201D1D9

22:39:48:354 4524 DetectCureTDL3: IrpHandler (6) addr: 8201D1D9

22:39:48:354 4524 DetectCureTDL3: IrpHandler (7) addr: 8201D1D9

22:39:48:354 4524 DetectCureTDL3: IrpHandler ( addr: 8201D1D9

22:39:48:354 4524 DetectCureTDL3: IrpHandler (9) addr: 8201D1D9

22:39:48:354 4524 DetectCureTDL3: IrpHandler (10) addr: 8201D1D9

22:39:48:354 4524 DetectCureTDL3: IrpHandler (11) addr: 8201D1D9

22:39:48:354 4524 DetectCureTDL3: IrpHandler (12) addr: 8201D1D9

22:39:48:354 4524 DetectCureTDL3: IrpHandler (13) addr: 8201D1D9

22:39:48:354 4524 DetectCureTDL3: IrpHandler (14) addr: 8CD1A828

22:39:48:354 4524 DetectCureTDL3: IrpHandler (15) addr: 8CD0F4AA

22:39:48:354 4524 DetectCureTDL3: IrpHandler (16) addr: 8201D1D9

22:39:48:354 4524 DetectCureTDL3: IrpHandler (17) addr: 8201D1D9

22:39:48:354 4524 DetectCureTDL3: IrpHandler (18) addr: 8201D1D9

22:39:48:354 4524 DetectCureTDL3: IrpHandler (19) addr: 8201D1D9

22:39:48:354 4524 DetectCureTDL3: IrpHandler (20) addr: 8201D1D9

22:39:48:354 4524 DetectCureTDL3: IrpHandler (21) addr: 8201D1D9

22:39:48:354 4524 DetectCureTDL3: IrpHandler (22) addr: 8CD18F9A

22:39:48:354 4524 DetectCureTDL3: IrpHandler (23) addr: 8CD167A2

22:39:48:355 4524 DetectCureTDL3: IrpHandler (24) addr: 8201D1D9

22:39:48:355 4524 DetectCureTDL3: IrpHandler (25) addr: 8201D1D9

22:39:48:355 4524 DetectCureTDL3: IrpHandler (26) addr: 8201D1D9

22:39:48:355 4524 KLMD_ReadMem: Trying to ReadMemory 0x8CD11A44[0x400]

22:39:48:355 4524 TDL3_StartIoHookDetect: CheckParameters: 5, 8CD15000, 0, 0

22:39:48:355 4524 TDL3_FileDetect: Processing driver: USBSTOR

22:39:48:355 4524 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\usbstor.sys, C:\Windows\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk

22:39:48:355 4524 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\usbstor.sys

22:39:48:355 4524 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\usbstor.sys

22:39:48:366 4524 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 85C9F7F0

22:39:48:366 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85C9F7F0

22:39:48:366 4524 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 85A1E030

22:39:48:366 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85A1E030

22:39:48:366 4524 KLMD_ReadMem: Trying to ReadMemory 0x85A1E030[0x38]

22:39:48:366 4524 DetectCureTDL3: DRIVER_OBJECT addr: 860AE640

22:39:48:366 4524 KLMD_ReadMem: Trying to ReadMemory 0x860AE640[0xA8]

22:39:48:366 4524 KLMD_ReadMem: Trying to ReadMemory 0x86085DD8[0x208]

22:39:48:366 4524 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

22:39:48:366 4524 DetectCureTDL3: IrpHandler (0) addr: 8CD1AB40

22:39:48:366 4524 DetectCureTDL3: IrpHandler (1) addr: 8201D1D9

22:39:48:366 4524 DetectCureTDL3: IrpHandler (2) addr: 8CD1ABB8

22:39:48:366 4524 DetectCureTDL3: IrpHandler (3) addr: 8CD1AC30

22:39:48:366 4524 DetectCureTDL3: IrpHandler (4) addr: 8CD1AC30

22:39:48:366 4524 DetectCureTDL3: IrpHandler (5) addr: 8201D1D9

22:39:48:366 4524 DetectCureTDL3: IrpHandler (6) addr: 8201D1D9

22:39:48:367 4524 DetectCureTDL3: IrpHandler (7) addr: 8201D1D9

22:39:48:367 4524 DetectCureTDL3: IrpHandler ( addr: 8201D1D9

22:39:48:367 4524 DetectCureTDL3: IrpHandler (9) addr: 8201D1D9

22:39:48:367 4524 DetectCureTDL3: IrpHandler (10) addr: 8201D1D9

22:39:48:367 4524 DetectCureTDL3: IrpHandler (11) addr: 8201D1D9

22:39:48:367 4524 DetectCureTDL3: IrpHandler (12) addr: 8201D1D9

22:39:48:367 4524 DetectCureTDL3: IrpHandler (13) addr: 8201D1D9

22:39:48:367 4524 DetectCureTDL3: IrpHandler (14) addr: 8CD1A828

22:39:48:367 4524 DetectCureTDL3: IrpHandler (15) addr: 8CD0F4AA

22:39:48:367 4524 DetectCureTDL3: IrpHandler (16) addr: 8201D1D9

22:39:48:367 4524 DetectCureTDL3: IrpHandler (17) addr: 8201D1D9

22:39:48:367 4524 DetectCureTDL3: IrpHandler (18) addr: 8201D1D9

22:39:48:367 4524 DetectCureTDL3: IrpHandler (19) addr: 8201D1D9

22:39:48:367 4524 DetectCureTDL3: IrpHandler (20) addr: 8201D1D9

22:39:48:367 4524 DetectCureTDL3: IrpHandler (21) addr: 8201D1D9

22:39:48:367 4524 DetectCureTDL3: IrpHandler (22) addr: 8CD18F9A

22:39:48:367 4524 DetectCureTDL3: IrpHandler (23) addr: 8CD167A2

22:39:48:367 4524 DetectCureTDL3: IrpHandler (24) addr: 8201D1D9

22:39:48:367 4524 DetectCureTDL3: IrpHandler (25) addr: 8201D1D9

22:39:48:367 4524 DetectCureTDL3: IrpHandler (26) addr: 8201D1D9

22:39:48:367 4524 KLMD_ReadMem: Trying to ReadMemory 0x8CD11A44[0x400]

22:39:48:368 4524 TDL3_StartIoHookDetect: CheckParameters: 5, 8CD15000, 0, 0

22:39:48:368 4524 TDL3_FileDetect: Processing driver: USBSTOR

22:39:48:368 4524 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\usbstor.sys, C:\Windows\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk

22:39:48:368 4524 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\usbstor.sys

22:39:48:368 4524 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\usbstor.sys

22:39:48:371 4524 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 85C9F030

22:39:48:371 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85C9F030

22:39:48:371 4524 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 860DA1A8

22:39:48:371 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 860DA1A8

22:39:48:371 4524 KLMD_ReadMem: Trying to ReadMemory 0x860DA1A8[0x38]

22:39:48:371 4524 DetectCureTDL3: DRIVER_OBJECT addr: 860AE640

22:39:48:371 4524 KLMD_ReadMem: Trying to ReadMemory 0x860AE640[0xA8]

22:39:48:371 4524 KLMD_ReadMem: Trying to ReadMemory 0x86085DD8[0x208]

22:39:48:371 4524 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

22:39:48:371 4524 DetectCureTDL3: IrpHandler (0) addr: 8CD1AB40

22:39:48:371 4524 DetectCureTDL3: IrpHandler (1) addr: 8201D1D9

22:39:48:371 4524 DetectCureTDL3: IrpHandler (2) addr: 8CD1ABB8

22:39:48:371 4524 DetectCureTDL3: IrpHandler (3) addr: 8CD1AC30

22:39:48:372 4524 DetectCureTDL3: IrpHandler (4) addr: 8CD1AC30

22:39:48:372 4524 DetectCureTDL3: IrpHandler (5) addr: 8201D1D9

22:39:48:372 4524 DetectCureTDL3: IrpHandler (6) addr: 8201D1D9

22:39:48:372 4524 DetectCureTDL3: IrpHandler (7) addr: 8201D1D9

22:39:48:372 4524 DetectCureTDL3: IrpHandler ( addr: 8201D1D9

22:39:48:372 4524 DetectCureTDL3: IrpHandler (9) addr: 8201D1D9

22:39:48:372 4524 DetectCureTDL3: IrpHandler (10) addr: 8201D1D9

22:39:48:372 4524 DetectCureTDL3: IrpHandler (11) addr: 8201D1D9

22:39:48:372 4524 DetectCureTDL3: IrpHandler (12) addr: 8201D1D9

22:39:48:372 4524 DetectCureTDL3: IrpHandler (13) addr: 8201D1D9

22:39:48:372 4524 DetectCureTDL3: IrpHandler (14) addr: 8CD1A828

22:39:48:372 4524 DetectCureTDL3: IrpHandler (15) addr: 8CD0F4AA

22:39:48:372 4524 DetectCureTDL3: IrpHandler (16) addr: 8201D1D9

22:39:48:372 4524 DetectCureTDL3: IrpHandler (17) addr: 8201D1D9

22:39:48:372 4524 DetectCureTDL3: IrpHandler (18) addr: 8201D1D9

22:39:48:372 4524 DetectCureTDL3: IrpHandler (19) addr: 8201D1D9

22:39:48:372 4524 DetectCureTDL3: IrpHandler (20) addr: 8201D1D9

22:39:48:372 4524 DetectCureTDL3: IrpHandler (21) addr: 8201D1D9

22:39:48:373 4524 DetectCureTDL3: IrpHandler (22) addr: 8CD18F9A

22:39:48:373 4524 DetectCureTDL3: IrpHandler (23) addr: 8CD167A2

22:39:48:373 4524 DetectCureTDL3: IrpHandler (24) addr: 8201D1D9

22:39:48:373 4524 DetectCureTDL3: IrpHandler (25) addr: 8201D1D9

22:39:48:373 4524 DetectCureTDL3: IrpHandler (26) addr: 8201D1D9

22:39:48:373 4524 KLMD_ReadMem: Trying to ReadMemory 0x8CD11A44[0x400]

22:39:48:373 4524 TDL3_StartIoHookDetect: CheckParameters: 5, 8CD15000, 0, 0

22:39:48:373 4524 TDL3_FileDetect: Processing driver: USBSTOR

22:39:48:373 4524 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\usbstor.sys, C:\Windows\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk

22:39:48:373 4524 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\usbstor.sys

22:39:48:373 4524 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\usbstor.sys

22:39:48:382 4524 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 85A1E4B8

22:39:48:382 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85A1E4B8

22:39:48:382 4524 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 860B5AD0

22:39:48:383 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 860B5AD0

22:39:48:383 4524 KLMD_ReadMem: Trying to ReadMemory 0x860B5AD0[0x38]

22:39:48:383 4524 DetectCureTDL3: DRIVER_OBJECT addr: 860AE640

22:39:48:383 4524 KLMD_ReadMem: Trying to ReadMemory 0x860AE640[0xA8]

22:39:48:383 4524 KLMD_ReadMem: Trying to ReadMemory 0x86085DD8[0x208]

22:39:48:383 4524 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR

22:39:48:383 4524 DetectCureTDL3: IrpHandler (0) addr: 8CD1AB40

22:39:48:383 4524 DetectCureTDL3: IrpHandler (1) addr: 8201D1D9

22:39:48:383 4524 DetectCureTDL3: IrpHandler (2) addr: 8CD1ABB8

22:39:48:383 4524 DetectCureTDL3: IrpHandler (3) addr: 8CD1AC30

22:39:48:383 4524 DetectCureTDL3: IrpHandler (4) addr: 8CD1AC30

22:39:48:383 4524 DetectCureTDL3: IrpHandler (5) addr: 8201D1D9

22:39:48:383 4524 DetectCureTDL3: IrpHandler (6) addr: 8201D1D9

22:39:48:383 4524 DetectCureTDL3: IrpHandler (7) addr: 8201D1D9

22:39:48:383 4524 DetectCureTDL3: IrpHandler ( addr: 8201D1D9

22:39:48:383 4524 DetectCureTDL3: IrpHandler (9) addr: 8201D1D9

22:39:48:383 4524 DetectCureTDL3: IrpHandler (10) addr: 8201D1D9

22:39:48:383 4524 DetectCureTDL3: IrpHandler (11) addr: 8201D1D9

22:39:48:384 4524 DetectCureTDL3: IrpHandler (12) addr: 8201D1D9

22:39:48:384 4524 DetectCureTDL3: IrpHandler (13) addr: 8201D1D9

22:39:48:384 4524 DetectCureTDL3: IrpHandler (14) addr: 8CD1A828

22:39:48:384 4524 DetectCureTDL3: IrpHandler (15) addr: 8CD0F4AA

22:39:48:384 4524 DetectCureTDL3: IrpHandler (16) addr: 8201D1D9

22:39:48:384 4524 DetectCureTDL3: IrpHandler (17) addr: 8201D1D9

22:39:48:384 4524 DetectCureTDL3: IrpHandler (18) addr: 8201D1D9

22:39:48:384 4524 DetectCureTDL3: IrpHandler (19) addr: 8201D1D9

22:39:48:384 4524 DetectCureTDL3: IrpHandler (20) addr: 8201D1D9

22:39:48:384 4524 DetectCureTDL3: IrpHandler (21) addr: 8201D1D9

22:39:48:384 4524 DetectCureTDL3: IrpHandler (22) addr: 8CD18F9A

22:39:48:384 4524 DetectCureTDL3: IrpHandler (23) addr: 8CD167A2

22:39:48:384 4524 DetectCureTDL3: IrpHandler (24) addr: 8201D1D9

22:39:48:384 4524 DetectCureTDL3: IrpHandler (25) addr: 8201D1D9

22:39:48:384 4524 DetectCureTDL3: IrpHandler (26) addr: 8201D1D9

22:39:48:384 4524 KLMD_ReadMem: Trying to ReadMemory 0x8CD11A44[0x400]

22:39:48:384 4524 TDL3_StartIoHookDetect: CheckParameters: 5, 8CD15000, 0, 0

22:39:48:384 4524 TDL3_FileDetect: Processing driver: USBSTOR

22:39:48:385 4524 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\usbstor.sys, C:\Windows\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk

22:39:48:385 4524 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\usbstor.sys

22:39:48:385 4524 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\usbstor.sys

22:39:48:387 4524 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 84CD4978

22:39:48:387 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84CD4978

22:39:48:387 4524 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 84275838

22:39:48:387 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84275838

22:39:48:388 4524 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 842718F0

22:39:48:388 4524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 842718F0

22:39:48:388 4524 KLMD_ReadMem: Trying to ReadMemory 0x842718F0[0x38]

22:39:48:388 4524 DetectCureTDL3: DRIVER_OBJECT addr: 84267E40

22:39:48:388 4524 KLMD_ReadMem: Trying to ReadMemory 0x84267E40[0xA8]

22:39:48:388 4524 KLMD_ReadMem: Trying to ReadMemory 0x84BFB410[0x208]

22:39:48:388 4524 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi

22:39:48:388 4524 DetectCureTDL3: IrpHandler (0) addr: 807A00C2

22:39:48:388 4524 DetectCureTDL3: IrpHandler (1) addr: 8201D1D9

22:39:48:388 4524 DetectCureTDL3: IrpHandler (2) addr: 807A00C2

22:39:48:388 4524 DetectCureTDL3: IrpHandler (3) addr: 8201D1D9

22:39:48:388 4524 DetectCureTDL3: IrpHandler (4) addr: 8201D1D9

22:39:48:389 4524 DetectCureTDL3: IrpHandler (5) addr: 8201D1D9

22:39:48:389 4524 DetectCureTDL3: IrpHandler (6) addr: 8201D1D9

22:39:48:389 4524 DetectCureTDL3: IrpHandler (7) addr: 8201D1D9

22:39:48:389 4524 DetectCureTDL3: IrpHandler ( addr: 8201D1D9

22:39:48:389 4524 DetectCureTDL3: IrpHandler (9) addr: 8201D1D9

22:39:48:389 4524 DetectCureTDL3: IrpHandler (10) addr: 8201D1D9

22:39:48:389 4524 DetectCureTDL3: IrpHandler (11) addr: 8201D1D9

22:39:48:389 4524 DetectCureTDL3: IrpHandler (12) addr: 8201D1D9

22:39:48:389 4524 DetectCureTDL3: IrpHandler (13) addr: 8201D1D9

22:39:48:389 4524 DetectCureTDL3: IrpHandler (14) addr: 8078E9F4

22:39:48:389 4524 DetectCureTDL3: IrpHandler (15) addr: 8078E9C6

22:39:48:389 4524 DetectCureTDL3: IrpHandler (16) addr: 8201D1D9

22:39:48:389 4524 DetectCureTDL3: IrpHandler (17) addr: 8201D1D9

22:39:48:389 4524 DetectCureTDL3: IrpHandler (18) addr: 8201D1D9

22:39:48:389 4524 DetectCureTDL3: IrpHandler (19) addr: 8201D1D9

22:39:48:389 4524 DetectCureTDL3: IrpHandler (20) addr: 8201D1D9

22:39:48:389 4524 DetectCureTDL3: IrpHandler (21) addr: 8201D1D9

22:39:48:389 4524 DetectCureTDL3: IrpHandler (22) addr: 8078EA22

22:39:48:389 4524 DetectCureTDL3: IrpHandler (23) addr: 8079BB36

22:39:48:389 4524 DetectCureTDL3: IrpHandler (24) addr: 8201D1D9

22:39:48:389 4524 DetectCureTDL3: IrpHandler (25) addr: 8201D1D9

22:39:48:389 4524 DetectCureTDL3: IrpHandler (26) addr: 8201D1D9

22:39:48:389 4524 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]

22:39:48:390 4524 KLMD_ReadMem: DeviceIoControl error 1

22:39:48:390 4524 TDL3_StartIoHookDetect: Unable to get StartIo handler code

22:39:48:390 4524 TDL3_FileDetect: Processing driver: atapi

22:39:48:390 4524 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\atapi.sys, C:\Windows\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk

22:39:48:390 4524 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys

22:39:48:390 4524 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys

22:39:48:396 4524

Completed

 

Results:

22:39:48:397 4524 Infected objects in memory: 0

22:39:48:397 4524 Cured objects in memory: 0

22:39:48:398 4524 Infected objects on disk: 0

22:39:48:398 4524 Objects on disk cured on reboot: 0

22:39:48:399 4524 Objects on disk deleted on reboot: 0

22:39:48:399 4524 Registry nodes deleted on reboot: 0

22:39:48:400 4524

 

 

((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((

(((((((((((((((((MBAM))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

)))))))))))))))))))))))))))))))))))))))))

 

 

Malwarebytes' Anti-Malware 1.42

Version de la base de données: 3452

Windows 6.0.6000

Internet Explorer 7.0.6000.16945

 

29/12/2009 23:53:06

mbam-log-2009-12-29 (23-53-06).txt

 

Type de recherche: Examen complet (C:\|)

Eléments examinés: 240623

Temps écoulé: 47 minute(s), 40 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 3

Valeur(s) du Registre infectée(s): 2

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 5

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\h8srtd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\settdebugx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malware defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Users\jenmatt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1OWLEXV\eHe1f6547aV03f01630002Ra5a024c7108Taacf99f2Q000002fd900801F002a000aJ0b00060

1l000c318U4e1b3cd30[1] (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Windows\System32\H8SRTcbgrxxosrb.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Windows\System32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\Windows\System32\H8SRTekmkvjsfyb.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\jenmatt\AppData\Local\Temp\H8SRT4a58.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

[mattatack]

Bonjour,

 

Apparemment c'est ok ce matin.

Par contre, je n'arrive pas à activer le centre de sécurité Windows...

 

Je voulais savoir également si je devais garder MBAM sur mon ordi.

 

Merci encore

[mattatack]

c'est bon pour le centre de sécurité. Je suis rentré dans les outils d'administration pour démarrer le centre de sécurité windows en manuel. J'ai redémarré et remis en auto.

 

Reste à savoir si MBAM doit rester sur mon ordi.

 

Un GRAND GRAND MERCI pour le boulot que vous faîtes, à toute votre équipe!!!!!!!!!!!!!!!