cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x86

Account is Administrative

Internet Explorer version: 8.0.7600.16385

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.333000 GHz
Memory total: 3488849920, free: 2273759232

Could not load protection driver
Downloaded database version: v2014.02.19.09
Downloaded database version: v2013.12.18.01
Initializing...
======================
DDA Driver installation error.
Driver installed on boot. Reboot required.

System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x86

Account is Administrative

Internet Explorer version: 8.0.7600.16385

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.333000 GHz
Memory total: 3488849920, free: 2547601408

=======================================
Initializing...
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xffffffff89843ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xffffffff8985d9a0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff89856030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000083\
Lower Device Object: 0xffffffff898529a0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff89855ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000082\
Lower Device Object: 0xffffffff89853cb8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff898547b8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000081\
Lower Device Object: 0xffffffff8984acb8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff89854030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000080\
Lower Device Object: 0xffffffff8984b9a0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87b20858
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff8704c028
Lower Device Driver Name: \Driver\iaStorV\
IRP handler 15 of \Driver\iaStorV is hooked
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xffffffff89843ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xffffffff8985d9a0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff89856030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000083\
Lower Device Object: 0xffffffff898529a0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff89855ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000082\
Lower Device Object: 0xffffffff89853cb8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff898547b8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000081\
Lower Device Object: 0xffffffff8984acb8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff89854030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000080\
Lower Device Object: 0xffffffff8984b9a0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87b20858
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff8704c028
Lower Device Driver Name: \Driver\iaStorV\
Driver name found: iaStorV
Initialization returned 0x0
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87b20858, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87b20490, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87b20858, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8704c028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStorV\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffb073b678, 0xffffffff87b20858, 0xffffffff8669fac8
Lower DeviceData: 0xffffffffb0695aa8, 0xffffffff8704c028, 0xffffffff86671e40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
The directory C:\WINDOWS\SYSTEM32\drivers seems inaccessible or encrypted.
Drivers scan is aborted.
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 1558757008
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1558757376 Numsec = 364269568

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1923028695 Numsec = 30491370

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff89854030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89854d10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff89854030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8984b9a0, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff898547b8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89855020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff898547b8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8984acb8, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff89855ac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff898557a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff89855ac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89853cb8, DeviceName: \Device\00000082\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff89856030, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89855498, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff89856030, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff898529a0, DeviceName: \Device\00000083\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 512
Drive: 5, DevicePointer: 0xffffffff89843ac8, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89842240, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff89843ac8, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8985d9a0, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffa64947d8, 0xffffffff89843ac8, 0xffffffff8669f048
Lower DeviceData: 0xffffffff9ffd1798, 0xffffffff8985d9a0, 0xffffffff86653918
Drive 5
Scanning MBR on drive 5...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 45A650BC

Partition information:

Partition 0 type is Other (0x6)
Partition is NOT ACTIVE.
Partition starts at LBA: 32 Numsec = 506848

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 259522560 bytes
Sector size: 512 bytes

Done!
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xffffffff89843ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xffffffff8985d9a0
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffffff86653918
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff89856030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000083\
Lower Device Object: 0xffffffff898529a0
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffffff86653f08
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff89855ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000082\
Lower Device Object: 0xffffffff89853cb8
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffffff86679a08
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff898547b8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000081\
Lower Device Object: 0xffffffff8984acb8
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffffff86684048
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff89854030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000080\
Lower Device Object: 0xffffffff8984b9a0
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffffff86672d18
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87b20858
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff8704c028
Lower Device Driver Name: \Driver\iaStorV\
Device already Exists: 0xffffffff86671e40
Infected file C:\Windows\System32\drivers\Wdf01000.sys could not be remediated because backup file is not available
Infected: C:\$Recycle.Bin\S-1-5-21-1765441652-3825123164-819375994-1001\$3aed91cd29a32594c360764bdb52a7cb\@ --> [Trojan.Siredef.C]
Infected: C:\Windows\$NtUninstallKB5598$\2678622838\L\00000004.@ --> [Backdoor.0Access]
Infected: C:\Windows\$NtUninstallKB5598$\2678622838\L\201d3dde --> [Backdoor.0Access]
Infected: C:\Windows\$NtUninstallKB5598$\2678622838\L\6715e287 --> [Backdoor.0Access]
Infected: C:\Windows\$NtUninstallKB5598$\2678622838\L\76603ac3 --> [Backdoor.0Access]
Infected: C:\Windows\$NtUninstallKB5598$\2678622838\L\xadqgnnk --> [Backdoor.0Access]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]
Infected: C:\Windows\$NtUninstallKB5598$\2678622838\L --> [Backdoor.0Access]
Infected: C:\Windows\$NtUninstallKB5598$\2678622838\U --> [Backdoor.0Access]
Infected: C:\Windows\$NtUninstallKB5598$\2678622838 --> [Backdoor.0Access]
Infected: C:\$Recycle.Bin\S-1-5-21-1765441652-3825123164-819375994-1001\$3aed91cd29a32594c360764bdb52a7cb\U --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-1765441652-3825123164-819375994-1001\$3aed91cd29a32594c360764bdb52a7cb\L --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-1765441652-3825123164-819375994-1001\$3aed91cd29a32594c360764bdb52a7cb --> [Trojan.Siredef.C]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================



Publicité


Signaler le contenu de ce document

Publicité