Rootkit toujours present ?
Fermé
JackM1
Messages postés
7
Date d'inscription
jeudi 8 mai 2014
Statut
Membre
Dernière intervention
29 novembre 2014
-
29 nov. 2014 à 11:44
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 29 nov. 2014 à 13:20
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 29 nov. 2014 à 13:20
A voir également:
- Rootkit toujours present ?
- Anti rootkit - Télécharger - Antivirus & Antimalwares
- Rootkit hunter - Télécharger - Antivirus & Antimalwares
- Formule excel si présent dans liste ✓ - Forum Excel
- L'application n'a pas été installée car le package est en conflit avec un package déjà présent - Forum Téléphones & tablettes Android
- Cette application va a present redémarrer pour libérer de la mémoire - Forum Téléviseurs
12 réponses
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 661
Modifié par Malekal_morte- le 29/11/2014 à 11:45
Modifié par Malekal_morte- le 29/11/2014 à 11:45
Salut,
Quel fichier est détecté par Avast ?
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Quel fichier est détecté par Avast ?
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
JackM1
Messages postés
7
Date d'inscription
jeudi 8 mai 2014
Statut
Membre
Dernière intervention
29 novembre 2014
29 nov. 2014 à 11:51
29 nov. 2014 à 11:51
Désolé je n'est pas retenu le nom du fichier qu'Avast me disait, est-il possible de retrouver les alertes d'Avast ? Puis depuis il ne m'a pas réaffiché l'alerte.
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 661
29 nov. 2014 à 11:59
29 nov. 2014 à 11:59
ok on va vérifier l'ordi mais Avast! peut émettre des alertes exagérées pour les rootkits :
Suis ce tutorial : https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
Cela va générer deux rapports FRST.
Envoie comme expliqué, ces deux rapports sur le site pjjoint et donne les deux liens pjjoint de ces rapports afin qu'ils puissent être consultés.
Suis ce tutorial : https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
Cela va générer deux rapports FRST.
Envoie comme expliqué, ces deux rapports sur le site pjjoint et donne les deux liens pjjoint de ces rapports afin qu'ils puissent être consultés.
JackM1
Messages postés
7
Date d'inscription
jeudi 8 mai 2014
Statut
Membre
Dernière intervention
29 novembre 2014
29 nov. 2014 à 12:16
29 nov. 2014 à 12:16
Voici le lien du fichier FRST:
https://pjjoint.malekal.com/files.php?id=FRST_20141129_p13w6d8j8w11
Voici le lien du fichier Addition:
https://pjjoint.malekal.com/files.php?id=20141129_w12s8j8k10v6
Puis j'ai aussi un fichier Shortcut le voici :
https://pjjoint.malekal.com/files.php?id=20141129_b12t7i13x1213
https://pjjoint.malekal.com/files.php?id=FRST_20141129_p13w6d8j8w11
Voici le lien du fichier Addition:
https://pjjoint.malekal.com/files.php?id=20141129_w12s8j8k10v6
Puis j'ai aussi un fichier Shortcut le voici :
https://pjjoint.malekal.com/files.php?id=20141129_b12t7i13x1213
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 661
29 nov. 2014 à 12:28
29 nov. 2014 à 12:28
Il n'y a rien d'anormal sur le rapport, donc ça peut être un faux positif d'Avast!
Il faut voir si la détection revient et surtout donner le fichier détecté.
Il faut voir si la détection revient et surtout donner le fichier détecté.
JackM1
Messages postés
7
Date d'inscription
jeudi 8 mai 2014
Statut
Membre
Dernière intervention
29 novembre 2014
29 nov. 2014 à 12:31
29 nov. 2014 à 12:31
ok dac merci bien, mais du coup l'écran bleu que j'ai eu avec le redémarrage du pc n'a rien d'inquiétant ?
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 661
29 nov. 2014 à 12:34
29 nov. 2014 à 12:34
Fais un scan whocrashed et donne le rapport.
=> https://forum.malekal.com/viewtopic.php?t=44006&start=
=> https://forum.malekal.com/viewtopic.php?t=44006&start=
JackM1
Messages postés
7
Date d'inscription
jeudi 8 mai 2014
Statut
Membre
Dernière intervention
29 novembre 2014
29 nov. 2014 à 12:51
29 nov. 2014 à 12:51
Voici le rapport:
Crash Dump Analysis
Crash dump directory: C:\Windows\Minidump
Crash dumps are enabled on your computer.
On Fri 28/11/2014 17:15:25 GMT your computer crashed
crash dump file: C:\Windows\Minidump\112814-24102-01.dmp
This was probably caused by the following module: tcpip.sys (tcpip+0x82726)
Bugcheck code: 0x19 (0x20, 0xFFFFFA800B963910, 0xFFFFFA800B963930, 0x4020017)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\tcpip.sys
product: Système d'exploitation Microsoft® Windows®
company: Microsoft Corporation
description: Pilote TCP/IP
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.
On Fri 28/11/2014 17:15:25 GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: mwac.sys (mwac+0x612D)
Bugcheck code: 0x19 (0x20, 0xFFFFFA800B963910, 0xFFFFFA800B963930, 0x4020017)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\mwac.sys
product: Malwarebytes Web Access Control
company: Malwarebytes Corporation
description: Malwarebytes Web Access Control
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mwac.sys (Malwarebytes Web Access Control, Malwarebytes Corporation).
Google query: Malwarebytes Corporation BAD_POOL_HEADER
On Fri 28/11/2014 11:21:38 GMT your computer crashed
crash dump file: C:\Windows\Minidump\112814-67517-01.dmp
This was probably caused by the following module: tcpip.sys (tcpip+0x82726)
Bugcheck code: 0x19 (0x20, 0xFFFFFA800ACA5360, 0xFFFFFA800ACA5380, 0x4020014)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\tcpip.sys
product: Système d'exploitation Microsoft® Windows®
company: Microsoft Corporation
description: Pilote TCP/IP
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.
Conclusion
3 crash dumps have been found and analyzed. A third party driver has been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:
mwac.sys (Malwarebytes Web Access Control, Malwarebytes Corporation)
If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.
Read the topic general suggestions for troubleshooting system crashes for more information.
Note that it's not always possible to state with certainty whether a reported driver is responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.
Crash Dump Analysis
Crash dump directory: C:\Windows\Minidump
Crash dumps are enabled on your computer.
On Fri 28/11/2014 17:15:25 GMT your computer crashed
crash dump file: C:\Windows\Minidump\112814-24102-01.dmp
This was probably caused by the following module: tcpip.sys (tcpip+0x82726)
Bugcheck code: 0x19 (0x20, 0xFFFFFA800B963910, 0xFFFFFA800B963930, 0x4020017)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\tcpip.sys
product: Système d'exploitation Microsoft® Windows®
company: Microsoft Corporation
description: Pilote TCP/IP
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.
On Fri 28/11/2014 17:15:25 GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: mwac.sys (mwac+0x612D)
Bugcheck code: 0x19 (0x20, 0xFFFFFA800B963910, 0xFFFFFA800B963930, 0x4020017)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\mwac.sys
product: Malwarebytes Web Access Control
company: Malwarebytes Corporation
description: Malwarebytes Web Access Control
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mwac.sys (Malwarebytes Web Access Control, Malwarebytes Corporation).
Google query: Malwarebytes Corporation BAD_POOL_HEADER
On Fri 28/11/2014 11:21:38 GMT your computer crashed
crash dump file: C:\Windows\Minidump\112814-67517-01.dmp
This was probably caused by the following module: tcpip.sys (tcpip+0x82726)
Bugcheck code: 0x19 (0x20, 0xFFFFFA800ACA5360, 0xFFFFFA800ACA5380, 0x4020014)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\drivers\tcpip.sys
product: Système d'exploitation Microsoft® Windows®
company: Microsoft Corporation
description: Pilote TCP/IP
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.
Conclusion
3 crash dumps have been found and analyzed. A third party driver has been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:
mwac.sys (Malwarebytes Web Access Control, Malwarebytes Corporation)
If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.
Read the topic general suggestions for troubleshooting system crashes for more information.
Note that it's not always possible to state with certainty whether a reported driver is responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 661
29 nov. 2014 à 12:53
29 nov. 2014 à 12:53
Désinstalle Malwarebytes déjà.
JackM1
Messages postés
7
Date d'inscription
jeudi 8 mai 2014
Statut
Membre
Dernière intervention
29 novembre 2014
29 nov. 2014 à 12:56
29 nov. 2014 à 12:56
ok c'est fait !
JackM1
Messages postés
7
Date d'inscription
jeudi 8 mai 2014
Statut
Membre
Dernière intervention
29 novembre 2014
29 nov. 2014 à 13:11
29 nov. 2014 à 13:11
ba du coup si c'est terminé, je te remercie encore une fois de m'être venu en aide avec autant de rapidité ! merci bien !
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 661
29 nov. 2014 à 13:20
29 nov. 2014 à 13:20
pas de soucis :)