Malwarebytes
Rikyou
Messages postés
79
Date d'inscription
Statut
Membre
Dernière intervention
-
juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention -
juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour, je possède un ordinateur windows xp attaqué par le malware "antimalware doctor". J'ai donc suivi les instructions et j'ai lancé le "scan complet". Jusque là pas de problème mais quand le scan se termine et que je lance la suppression des fichiers "mauvais", malwarebytes ne répond plus...
Par ailleurs, j'ai eu le temps d'enregistrer le rapport mais malheureusement je ne me souviens plus du lieu où je l'ai enregistrer. Sinon les fichiers "mauvais" se trouvent encore sous quarantaine (ce qui n'empêche pas "doctor" de continuer son trafic).
Je voulais savoir comment surmonter se "ne répond plus".
J'ai vu en surfant un coup qu'il est possible de le faire en mode "sans erreur" mais en surfant encore, l'éditeur du logiciel déconseille ce mode car il serait "peu efficace".
De plus mon caractère peu patient me pousse à vous demander : suis-je obliger de relancer le scan en mode "sans erreur" ou puis-je, à partir des scans précédents déjà réalisés reprendre la suppression qui ne répondait plus ?
Merci d'avance. Cordialement... :).
Par ailleurs, j'ai eu le temps d'enregistrer le rapport mais malheureusement je ne me souviens plus du lieu où je l'ai enregistrer. Sinon les fichiers "mauvais" se trouvent encore sous quarantaine (ce qui n'empêche pas "doctor" de continuer son trafic).
Je voulais savoir comment surmonter se "ne répond plus".
J'ai vu en surfant un coup qu'il est possible de le faire en mode "sans erreur" mais en surfant encore, l'éditeur du logiciel déconseille ce mode car il serait "peu efficace".
De plus mon caractère peu patient me pousse à vous demander : suis-je obliger de relancer le scan en mode "sans erreur" ou puis-je, à partir des scans précédents déjà réalisés reprendre la suppression qui ne répondait plus ?
Merci d'avance. Cordialement... :).
A voir également:
- Malwarebytes
- Télécharger malwarebytes - Télécharger - Antivirus & Antimalwares
- Malwarebytes adwcleaner - Télécharger - Antivirus & Antimalwares
- Malwarebytes gratuit ✓ - Forum Virus
- Clé de licence malwarebytes gratuit - Forum Virus
- Malwarebytes portable usb - Forum Logiciels
32 réponses
Bonjour,
De la patience il en faudra ;) et suivre mes instructions jusqu'au moment où je te dis "on se quitte" sinon dans 1 semaine tu reviendras ;)
▶ Télécharge sur le bureau RogueKiller (par tigzy)
▶ ▶ Sous Windows XP, double clic gauche
▶ ▶ Sous Vista/Seven, clique droit, lancer en tant qu'administrateur
▶ Quitte tous tes programmes en cours
▶ Lance RogueKiller.exe.
▶ Un scan se lance, puis tu verra d''indiqué dans la fenêtre
♦ 1. Recherche (écrit en vert)
♦ 2. Suppression(écrit en rouge)
♦ 3. Hosts RAZ (écrit en rouge)
♦ 4. Proxy RAZ (écrit en rouge)
♦ 5. DNS RAZ (écrit en rouge)
♦ 6. Raccourcis RAZ (écrit en rouge)
♦ 0. Quitter (écrit en vert)
▶ A ce moment tape 2 et valide
▶ Une fois terminé, un rapport (RKreport1.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse.
▶ Utilise l'option 0 pour fermer RogueKiller à ce moment là.
▶ Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois ou a changer son nom en winlogon.exe
Tutoriel : http://forums-fec.be/entraide/viewtopic.php?f=55&t=24
~~
suite à ça, MBAM devrait passer, mets le à jour avant le scan ;)
De la patience il en faudra ;) et suivre mes instructions jusqu'au moment où je te dis "on se quitte" sinon dans 1 semaine tu reviendras ;)
▶ Télécharge sur le bureau RogueKiller (par tigzy)
▶ ▶ Sous Windows XP, double clic gauche
▶ ▶ Sous Vista/Seven, clique droit, lancer en tant qu'administrateur
▶ Quitte tous tes programmes en cours
▶ Lance RogueKiller.exe.
▶ Un scan se lance, puis tu verra d''indiqué dans la fenêtre
♦ 1. Recherche (écrit en vert)
♦ 2. Suppression(écrit en rouge)
♦ 3. Hosts RAZ (écrit en rouge)
♦ 4. Proxy RAZ (écrit en rouge)
♦ 5. DNS RAZ (écrit en rouge)
♦ 6. Raccourcis RAZ (écrit en rouge)
♦ 0. Quitter (écrit en vert)
▶ A ce moment tape 2 et valide
▶ Une fois terminé, un rapport (RKreport1.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse.
▶ Utilise l'option 0 pour fermer RogueKiller à ce moment là.
▶ Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois ou a changer son nom en winlogon.exe
Tutoriel : http://forums-fec.be/entraide/viewtopic.php?f=55&t=24
~~
suite à ça, MBAM devrait passer, mets le à jour avant le scan ;)
Juju666, tout d'abord merci de ta réponse (bien que ma patient en souffre :p), j'ai suivi tes conseils à la lettre mais un problème est apparu (comme d'ab...). Quand je colle le contenu dans la réponse, le logiciel descend à une vitesse folle puis disparaît...
C'est sûrement une mauvaise manipulation de ma part mais peux-tu encore une fois me venir en aide :) ?
C'est sûrement une mauvaise manipulation de ma part mais peux-tu encore une fois me venir en aide :) ?
Rikyou, d'abord de rien :3
Heu ... Le logiciel descend à une vitesse folle
J'ai pas compris ?
RogueKiller, une fois fini son taf, il ouvre un rapport dans un fichier bloc note.
T'as juste à coller dans ta réponse le rapport "bloc note" ...
Une fois le bloc note fermé, RogueKiller se remet à son menu principal et là tu tapes 0 pour le fermer.
Heu ... Le logiciel descend à une vitesse folle
J'ai pas compris ?
RogueKiller, une fois fini son taf, il ouvre un rapport dans un fichier bloc note.
T'as juste à coller dans ta réponse le rapport "bloc note" ...
Une fois le bloc note fermé, RogueKiller se remet à son menu principal et là tu tapes 0 pour le fermer.
Ah ! Excuse moi je me suis égaré, mais pour te donner la réponse il faut que je passe ce dossier sur une clef usb car "doctor" bloque safari ce qui va me prendre un peu de temps...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
meuh non après le passage de rogue killer safari n'est plus bloqué :)
et s'il te met une erreur 404 page introuvable, lance rogue killer mode 4 ;)
et s'il te met une erreur 404 page introuvable, lance rogue killer mode 4 ;)
Exact, merci :) ! Voici le résultat : RogueKiller V6.2.0 [12/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Propriétaire [Droits d'admin]
Mode: Suppression -- Date : 12/12/2011 21:20:06
¤¤¤ Processus malicieux: 0 ¤¤¤
¤¤¤ Entrees de registre: 19 ¤¤¤
[BLACKLIST] HKLM\[...]\Winlogon : Userinit (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) -> REPLACED (C:\WINDOWS\system32\userinit.exe,)
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{14934CE1-6E57-45A2-86AA-42E686F562F7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{3CDA1538-FA42-4926-8E28-08DDAF441FFB} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{5680D972-0ECE-4440-87DA-8D3E8D9E544B} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{56D9ECDD-7535-49B2-8B27-E73A2729947D} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{6A51F8E6-367E-4575-A46B-D70FA5895872} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{6C6C93EB-77AB-4C4B-AD92-6CFDA9AD2777} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{BD6BCC4D-AACF-491F-A07E-BC78B875BDD2} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{D5B47ABD-7008-46A7-B3D5-E826DF84A906} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{FBED70DE-9B16-45B0-BD9C-C599CB2A6BF7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{14934CE1-6E57-45A2-86AA-42E686F562F7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{3CDA1538-FA42-4926-8E28-08DDAF441FFB} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{5680D972-0ECE-4440-87DA-8D3E8D9E544B} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{56D9ECDD-7535-49B2-8B27-E73A2729947D} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{6A51F8E6-367E-4575-A46B-D70FA5895872} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{6C6C93EB-77AB-4C4B-AD92-6CFDA9AD2777} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{BD6BCC4D-AACF-491F-A07E-BC78B875BDD2} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{D5B47ABD-7008-46A7-B3D5-E826DF84A906} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{FBED70DE-9B16-45B0-BD9C-C599CB2A6BF7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1
127.0.0.1 ad.ghura.pl
127.0.0.1 ircgalaxy.pl
127.0.0.1 ru.brans.pl
127.0.0.1 zief.pl
¤¤¤ MBR Verif: ¤¤¤
--- User ---
[MBR] e6df9eca0c3c169071b56d403c36d85e
[BSP] 90101588f32e75ab94924d1dfb01d359 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 62915 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 122881185 | Size: 97115 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[1].txt >>
RKreport[1].txt
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Propriétaire [Droits d'admin]
Mode: Suppression -- Date : 12/12/2011 21:20:06
¤¤¤ Processus malicieux: 0 ¤¤¤
¤¤¤ Entrees de registre: 19 ¤¤¤
[BLACKLIST] HKLM\[...]\Winlogon : Userinit (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) -> REPLACED (C:\WINDOWS\system32\userinit.exe,)
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{14934CE1-6E57-45A2-86AA-42E686F562F7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{3CDA1538-FA42-4926-8E28-08DDAF441FFB} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{5680D972-0ECE-4440-87DA-8D3E8D9E544B} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{56D9ECDD-7535-49B2-8B27-E73A2729947D} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{6A51F8E6-367E-4575-A46B-D70FA5895872} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{6C6C93EB-77AB-4C4B-AD92-6CFDA9AD2777} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{BD6BCC4D-AACF-491F-A07E-BC78B875BDD2} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{D5B47ABD-7008-46A7-B3D5-E826DF84A906} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{FBED70DE-9B16-45B0-BD9C-C599CB2A6BF7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{14934CE1-6E57-45A2-86AA-42E686F562F7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{3CDA1538-FA42-4926-8E28-08DDAF441FFB} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{5680D972-0ECE-4440-87DA-8D3E8D9E544B} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{56D9ECDD-7535-49B2-8B27-E73A2729947D} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{6A51F8E6-367E-4575-A46B-D70FA5895872} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{6C6C93EB-77AB-4C4B-AD92-6CFDA9AD2777} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{BD6BCC4D-AACF-491F-A07E-BC78B875BDD2} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{D5B47ABD-7008-46A7-B3D5-E826DF84A906} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{FBED70DE-9B16-45B0-BD9C-C599CB2A6BF7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1
127.0.0.1 ad.ghura.pl
127.0.0.1 ircgalaxy.pl
127.0.0.1 ru.brans.pl
127.0.0.1 zief.pl
¤¤¤ MBR Verif: ¤¤¤
--- User ---
[MBR] e6df9eca0c3c169071b56d403c36d85e
[BSP] 90101588f32e75ab94924d1dfb01d359 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 62915 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 122881185 | Size: 97115 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[1].txt >>
RKreport[1].txt
RogueKiller V6.2.0 [12/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Propriétaire [Droits d'admin]
Mode: Proxy RAZ -- Date : 12/12/2011 21:35:18
¤¤¤ Processus malicieux: 0 ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Entrees de registre: 0 ¤¤¤
Termine : << RKreport[1].txt >>
RKreport[1].txt
C'est le rapport quand je fais le mode 4 .
Et le mode 2 :
RogueKiller V6.2.0 [12/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Propriétaire [Droits d'admin]
Mode: Suppression -- Date : 12/12/2011 21:37:13
¤¤¤ Processus malicieux: 0 ¤¤¤
¤¤¤ Entrees de registre: 19 ¤¤¤
[BLACKLIST] HKLM\[...]\Winlogon : Userinit (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) -> REPLACED (C:\WINDOWS\system32\userinit.exe,)
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{14934CE1-6E57-45A2-86AA-42E686F562F7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{3CDA1538-FA42-4926-8E28-08DDAF441FFB} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{5680D972-0ECE-4440-87DA-8D3E8D9E544B} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{56D9ECDD-7535-49B2-8B27-E73A2729947D} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{6A51F8E6-367E-4575-A46B-D70FA5895872} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{6C6C93EB-77AB-4C4B-AD92-6CFDA9AD2777} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{BD6BCC4D-AACF-491F-A07E-BC78B875BDD2} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{D5B47ABD-7008-46A7-B3D5-E826DF84A906} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{FBED70DE-9B16-45B0-BD9C-C599CB2A6BF7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{14934CE1-6E57-45A2-86AA-42E686F562F7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{3CDA1538-FA42-4926-8E28-08DDAF441FFB} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{5680D972-0ECE-4440-87DA-8D3E8D9E544B} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{56D9ECDD-7535-49B2-8B27-E73A2729947D} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{6A51F8E6-367E-4575-A46B-D70FA5895872} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{6C6C93EB-77AB-4C4B-AD92-6CFDA9AD2777} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{BD6BCC4D-AACF-491F-A07E-BC78B875BDD2} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{D5B47ABD-7008-46A7-B3D5-E826DF84A906} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{FBED70DE-9B16-45B0-BD9C-C599CB2A6BF7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1
127.0.0.1 ad.ghura.pl
127.0.0.1 ircgalaxy.pl
127.0.0.1 ru.brans.pl
127.0.0.1 zief.pl
¤¤¤ MBR Verif: ¤¤¤
--- User ---
[MBR] e6df9eca0c3c169071b56d403c36d85e
[BSP] 90101588f32e75ab94924d1dfb01d359 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 62915 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 122881185 | Size: 97115 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt--
Everything I do, I do it big. Wiz Khalifa.
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Propriétaire [Droits d'admin]
Mode: Proxy RAZ -- Date : 12/12/2011 21:35:18
¤¤¤ Processus malicieux: 0 ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Entrees de registre: 0 ¤¤¤
Termine : << RKreport[1].txt >>
RKreport[1].txt
C'est le rapport quand je fais le mode 4 .
Et le mode 2 :
RogueKiller V6.2.0 [12/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Propriétaire [Droits d'admin]
Mode: Suppression -- Date : 12/12/2011 21:37:13
¤¤¤ Processus malicieux: 0 ¤¤¤
¤¤¤ Entrees de registre: 19 ¤¤¤
[BLACKLIST] HKLM\[...]\Winlogon : Userinit (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) -> REPLACED (C:\WINDOWS\system32\userinit.exe,)
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{14934CE1-6E57-45A2-86AA-42E686F562F7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{3CDA1538-FA42-4926-8E28-08DDAF441FFB} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{5680D972-0ECE-4440-87DA-8D3E8D9E544B} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{56D9ECDD-7535-49B2-8B27-E73A2729947D} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{6A51F8E6-367E-4575-A46B-D70FA5895872} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{6C6C93EB-77AB-4C4B-AD92-6CFDA9AD2777} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{BD6BCC4D-AACF-491F-A07E-BC78B875BDD2} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{D5B47ABD-7008-46A7-B3D5-E826DF84A906} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{FBED70DE-9B16-45B0-BD9C-C599CB2A6BF7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{14934CE1-6E57-45A2-86AA-42E686F562F7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{3CDA1538-FA42-4926-8E28-08DDAF441FFB} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{5680D972-0ECE-4440-87DA-8D3E8D9E544B} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{56D9ECDD-7535-49B2-8B27-E73A2729947D} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{6A51F8E6-367E-4575-A46B-D70FA5895872} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{6C6C93EB-77AB-4C4B-AD92-6CFDA9AD2777} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{BD6BCC4D-AACF-491F-A07E-BC78B875BDD2} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{D5B47ABD-7008-46A7-B3D5-E826DF84A906} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{FBED70DE-9B16-45B0-BD9C-C599CB2A6BF7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1
127.0.0.1 ad.ghura.pl
127.0.0.1 ircgalaxy.pl
127.0.0.1 ru.brans.pl
127.0.0.1 zief.pl
¤¤¤ MBR Verif: ¤¤¤
--- User ---
[MBR] e6df9eca0c3c169071b56d403c36d85e
[BSP] 90101588f32e75ab94924d1dfb01d359 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 62915 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 122881185 | Size: 97115 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt--
Everything I do, I do it big. Wiz Khalifa.
Mode 5 :
RogueKiller V6.2.0 [12/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Propriétaire [Droits d'admin]
Mode: DNS RAZ -- Date : 12/12/2011 21:41:15
¤¤¤ Processus malicieux: 0 ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Entrees de registre: 18 ¤¤¤
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{14934CE1-6E57-45A2-86AA-42E686F562F7} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{3CDA1538-FA42-4926-8E28-08DDAF441FFB} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{5680D972-0ECE-4440-87DA-8D3E8D9E544B} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{56D9ECDD-7535-49B2-8B27-E73A2729947D} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{6A51F8E6-367E-4575-A46B-D70FA5895872} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{6C6C93EB-77AB-4C4B-AD92-6CFDA9AD2777} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{BD6BCC4D-AACF-491F-A07E-BC78B875BDD2} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{D5B47ABD-7008-46A7-B3D5-E826DF84A906} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{FBED70DE-9B16-45B0-BD9C-C599CB2A6BF7} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{14934CE1-6E57-45A2-86AA-42E686F562F7} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{3CDA1538-FA42-4926-8E28-08DDAF441FFB} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{5680D972-0ECE-4440-87DA-8D3E8D9E544B} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{56D9ECDD-7535-49B2-8B27-E73A2729947D} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{6A51F8E6-367E-4575-A46B-D70FA5895872} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{6C6C93EB-77AB-4C4B-AD92-6CFDA9AD2777} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{BD6BCC4D-AACF-491F-A07E-BC78B875BDD2} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{D5B47ABD-7008-46A7-B3D5-E826DF84A906} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{FBED70DE-9B16-45B0-BD9C-C599CB2A6BF7} : NameServer (195.242.208.40) -> REPLACED ()
Termine : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Mode 2 :
RogueKiller V6.2.0 [12/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Propriétaire [Droits d'admin]
Mode: Suppression -- Date : 12/12/2011 21:41:27
¤¤¤ Processus malicieux: 0 ¤¤¤
¤¤¤ Entrees de registre: 1 ¤¤¤
[BLACKLIST] HKLM\[...]\Winlogon : Userinit (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) -> REPLACED (C:\WINDOWS\system32\userinit.exe,)
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1
127.0.0.1 ad.ghura.pl
127.0.0.1 ircgalaxy.pl
127.0.0.1 ru.brans.pl
127.0.0.1 zief.pl
¤¤¤ MBR Verif: ¤¤¤
--- User ---
[MBR] e6df9eca0c3c169071b56d403c36d85e
[BSP] 90101588f32e75ab94924d1dfb01d359 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 62915 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 122881185 | Size: 97115 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt--
Everything I do, I do it big. Wiz Khalifa.
RogueKiller V6.2.0 [12/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Propriétaire [Droits d'admin]
Mode: DNS RAZ -- Date : 12/12/2011 21:41:15
¤¤¤ Processus malicieux: 0 ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Entrees de registre: 18 ¤¤¤
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{14934CE1-6E57-45A2-86AA-42E686F562F7} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{3CDA1538-FA42-4926-8E28-08DDAF441FFB} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{5680D972-0ECE-4440-87DA-8D3E8D9E544B} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{56D9ECDD-7535-49B2-8B27-E73A2729947D} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{6A51F8E6-367E-4575-A46B-D70FA5895872} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{6C6C93EB-77AB-4C4B-AD92-6CFDA9AD2777} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{BD6BCC4D-AACF-491F-A07E-BC78B875BDD2} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{D5B47ABD-7008-46A7-B3D5-E826DF84A906} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{FBED70DE-9B16-45B0-BD9C-C599CB2A6BF7} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{14934CE1-6E57-45A2-86AA-42E686F562F7} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{3CDA1538-FA42-4926-8E28-08DDAF441FFB} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{5680D972-0ECE-4440-87DA-8D3E8D9E544B} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{56D9ECDD-7535-49B2-8B27-E73A2729947D} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{6A51F8E6-367E-4575-A46B-D70FA5895872} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{6C6C93EB-77AB-4C4B-AD92-6CFDA9AD2777} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{BD6BCC4D-AACF-491F-A07E-BC78B875BDD2} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{D5B47ABD-7008-46A7-B3D5-E826DF84A906} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{FBED70DE-9B16-45B0-BD9C-C599CB2A6BF7} : NameServer (195.242.208.40) -> REPLACED ()
Termine : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Mode 2 :
RogueKiller V6.2.0 [12/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Propriétaire [Droits d'admin]
Mode: Suppression -- Date : 12/12/2011 21:41:27
¤¤¤ Processus malicieux: 0 ¤¤¤
¤¤¤ Entrees de registre: 1 ¤¤¤
[BLACKLIST] HKLM\[...]\Winlogon : Userinit (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) -> REPLACED (C:\WINDOWS\system32\userinit.exe,)
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1
127.0.0.1 ad.ghura.pl
127.0.0.1 ircgalaxy.pl
127.0.0.1 ru.brans.pl
127.0.0.1 zief.pl
¤¤¤ MBR Verif: ¤¤¤
--- User ---
[MBR] e6df9eca0c3c169071b56d403c36d85e
[BSP] 90101588f32e75ab94924d1dfb01d359 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 62915 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 122881185 | Size: 97115 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt--
Everything I do, I do it big. Wiz Khalifa.
voilà qui est tout de suite mieux ^^
allé go mise à jour mbam puis scan rapide, ça va shooter le rogue une bonne fois pour toutes.
allé go mise à jour mbam puis scan rapide, ça va shooter le rogue une bonne fois pour toutes.
oui c'est un rogue (faux logiciel de sécurité) :)
certains l'appellent ransomware ou un truc du genre ^^
certains l'appellent ransomware ou un truc du genre ^^
Je viens de finir mais un rapport bloc notes : "Impossible de supprimer certains éléments. Un fichier rapport a été enregistré dans le dossier logs." Que dois-je faire?
tu redémarres, au redémarrage si le rapport s'ouvre pas tu vas dans mbam, onglet rapports/logs, tu le colle ici :)
Dossier(s) infecté(s):
c:\documents and settings\propriétaire\application data\systemproc (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.
Fichier(s) infecté(s):
c:\WINDOWS\system32\aspimgr.exe (Trojan.Spambot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ktx56.dll (Trojan.Ertfor) -> Delete on reboot.
c:\WINDOWS\system32\msxsltsso.dll (Trojan.Downloader) -> Delete on reboot.
c:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sdra64.exe (Trojan.Meredrop) -> Delete on reboot.
c:\documents and settings\propriétaire\application data\sdra64.exe (Trojan.Meredrop) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\0045.DLL (Trojan.Witkinat) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\cooper.mine (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\glmf3232.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sshnas21.dll (Trojan.Inject) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rx6zjwmd.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\zqvvdbvyy9.sys (Rootkit.Tent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wbem\grpconv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\install.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\janfw.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\smanxrocwe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\smss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\system.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\notepad.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\mexcosanwr.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\mhq49i8w.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\debug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\dm9540y0q.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\wasmeorxcn.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\khvcol.exe (Trojan.Meredrop) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\lpmv6hmn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\lsass.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\ukhfw5q.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\urt1a1.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\Uvb.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\Uvc.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\uvono.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\~TM5D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\ccl9ke.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\wgvyd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\win.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\win32.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\wzhuglnue.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\grb4dg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\hexdump.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\jczqq47i3y5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv381274835170.exe (Trojan.Insain) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\application data\asam.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\application data\syssvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\temporary internet files\Content.IE5\47SL61YJ\yptozgozmu[1].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\temporary internet files\Content.IE5\WD2VCLUJ\gnemtrzxsn[1].htm (Malware.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Unapua.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\Adobe\sp.DLL (TrojanProxy.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\systemproc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fjhdyfhsn.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\h7t.wt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hgtd.ruy (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nmklo.dll (Worm.MarioFev) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\WORK.DAT (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv271274835423.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\explorer.exe:userini.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
c:\WINDOWS\herjek.config (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\s32.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\ws386.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\systemproc\upd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
c:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
c:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.--
Everything I do, I do it big. Wiz Khalifa.
c:\documents and settings\propriétaire\application data\systemproc (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.
Fichier(s) infecté(s):
c:\WINDOWS\system32\aspimgr.exe (Trojan.Spambot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ktx56.dll (Trojan.Ertfor) -> Delete on reboot.
c:\WINDOWS\system32\msxsltsso.dll (Trojan.Downloader) -> Delete on reboot.
c:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sdra64.exe (Trojan.Meredrop) -> Delete on reboot.
c:\documents and settings\propriétaire\application data\sdra64.exe (Trojan.Meredrop) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\0045.DLL (Trojan.Witkinat) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\cooper.mine (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\glmf3232.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sshnas21.dll (Trojan.Inject) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rx6zjwmd.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\zqvvdbvyy9.sys (Rootkit.Tent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wbem\grpconv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\install.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\janfw.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\smanxrocwe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\smss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\system.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\notepad.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\mexcosanwr.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\mhq49i8w.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\debug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\dm9540y0q.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\wasmeorxcn.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\khvcol.exe (Trojan.Meredrop) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\lpmv6hmn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\lsass.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\ukhfw5q.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\urt1a1.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\Uvb.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\Uvc.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\uvono.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\~TM5D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\ccl9ke.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\wgvyd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\win.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\win32.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\wzhuglnue.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\grb4dg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\hexdump.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\jczqq47i3y5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv381274835170.exe (Trojan.Insain) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\application data\asam.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\application data\syssvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\temporary internet files\Content.IE5\47SL61YJ\yptozgozmu[1].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\temporary internet files\Content.IE5\WD2VCLUJ\gnemtrzxsn[1].htm (Malware.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Unapua.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\Adobe\sp.DLL (TrojanProxy.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\systemproc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fjhdyfhsn.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\h7t.wt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hgtd.ruy (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nmklo.dll (Worm.MarioFev) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\WORK.DAT (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv271274835423.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\explorer.exe:userini.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
c:\WINDOWS\herjek.config (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\s32.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\ws386.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\systemproc\upd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
c:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
c:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.--
Everything I do, I do it big. Wiz Khalifa.
Autant pour moi, c'est que c'est pas tout petit :p :
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Version de la base de données: 8352
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
12/12/2011 22:15:29
mbam-log-2011-12-12 (22-15-29).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 179381
Temps écoulé: 13 minute(s), 51 seconde(s)
Processus mémoire infecté(s): 5
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 27
Valeur(s) du Registre infectée(s): 12
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 71
Processus mémoire infecté(s):
c:\WINDOWS\system32\aspimgr.exe (Trojan.Spambot) -> 644 -> Unloaded process successfully.
c:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> 3716 -> Unloaded process successfully.
c:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> 3848 -> Unloaded process successfully.
c:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> 3856 -> Unloaded process successfully.
c:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> 4008 -> Unloaded process successfully.
Module(s) mémoire infecté(s):
c:\WINDOWS\system32\ktx56.dll (Trojan.Ertfor) -> Delete on reboot.
c:\WINDOWS\system32\msxsltsso.dll (Trojan.Downloader) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspimgr (Trojan.Spambot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A2BA40A0-74F1-52BD-F411-00B15A2C8953} (Trojan.Ertfor) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2BA40A0-74F1-52BD-F411-00B15A2C8953} (Trojan.Ertfor) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2BA40A0-74F1-52BD-F411-00B15A2C8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{10467BA9-92F6-47DC-BF84-CAF34C5BE324} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{315547D4-976F-486B-9A97-378AE6F23AF4} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INSTALL.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Sft (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASPIMGR (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{A2BA40A0-74F1-52BD-F411-00B15A2C8953} (Trojan.Ertfor) -> Value: {A2BA40A0-74F1-52BD-F411-00B15A2C8953} -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\GootkitSSO (Trojan.Downloader) -> Value: GootkitSSO -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Dropper) -> Value: userini -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Dropper) -> Value: userini -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Dropper) -> Value: userini -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Dropper) -> Value: userini -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Downloader) -> Value: net -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{A2BA40A0-74F1-52BD-F411-00B15A2C8953} (Trojan.Ertfor) -> Value: {A2BA40A0-74F1-52BD-F411-00B15A2C8953} -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Value: UID -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Meredrop) -> Bad: (C:\WINDOWS\system32\sdra64.exe) Good: () -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
c:\documents and settings\propriétaire\application data\systemproc (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.
Fichier(s) infecté(s):
c:\WINDOWS\system32\aspimgr.exe (Trojan.Spambot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ktx56.dll (Trojan.Ertfor) -> Delete on reboot.
c:\WINDOWS\system32\msxsltsso.dll (Trojan.Downloader) -> Delete on reboot.
c:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sdra64.exe (Trojan.Meredrop) -> Delete on reboot.
c:\documents and settings\propriétaire\application data\sdra64.exe (Trojan.Meredrop) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\0045.DLL (Trojan.Witkinat) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\cooper.mine (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\glmf3232.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sshnas21.dll (Trojan.Inject) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rx6zjwmd.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\zqvvdbvyy9.sys (Rootkit.Tent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wbem\grpconv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\install.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\janfw.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\smanxrocwe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\smss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\system.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\notepad.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\mexcosanwr.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\mhq49i8w.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\debug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\dm9540y0q.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\wasmeorxcn.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\khvcol.exe (Trojan.Meredrop) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\lpmv6hmn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\lsass.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\ukhfw5q.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\urt1a1.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\Uvb.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\Uvc.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\uvono.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\~TM5D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\ccl9ke.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\wgvyd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\win.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\win32.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\wzhuglnue.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\grb4dg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\hexdump.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\jczqq47i3y5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv381274835170.exe (Trojan.Insain) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\application data\asam.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\application data\syssvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\temporary internet files\Content.IE5\47SL61YJ\yptozgozmu[1].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\temporary internet files\Content.IE5\WD2VCLUJ\gnemtrzxsn[1].htm (Malware.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Unapua.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\Adobe\sp.DLL (TrojanProxy.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\systemproc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fjhdyfhsn.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\h7t.wt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hgtd.ruy (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nmklo.dll (Worm.MarioFev) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\WORK.DAT (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv271274835423.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\explorer.exe:userini.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
c:\WINDOWS\herjek.config (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\s32.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\ws386.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\systemproc\upd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
c:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
c:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Version de la base de données: 8352
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
12/12/2011 22:15:29
mbam-log-2011-12-12 (22-15-29).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 179381
Temps écoulé: 13 minute(s), 51 seconde(s)
Processus mémoire infecté(s): 5
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 27
Valeur(s) du Registre infectée(s): 12
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 71
Processus mémoire infecté(s):
c:\WINDOWS\system32\aspimgr.exe (Trojan.Spambot) -> 644 -> Unloaded process successfully.
c:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> 3716 -> Unloaded process successfully.
c:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> 3848 -> Unloaded process successfully.
c:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> 3856 -> Unloaded process successfully.
c:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> 4008 -> Unloaded process successfully.
Module(s) mémoire infecté(s):
c:\WINDOWS\system32\ktx56.dll (Trojan.Ertfor) -> Delete on reboot.
c:\WINDOWS\system32\msxsltsso.dll (Trojan.Downloader) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspimgr (Trojan.Spambot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A2BA40A0-74F1-52BD-F411-00B15A2C8953} (Trojan.Ertfor) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2BA40A0-74F1-52BD-F411-00B15A2C8953} (Trojan.Ertfor) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2BA40A0-74F1-52BD-F411-00B15A2C8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{10467BA9-92F6-47DC-BF84-CAF34C5BE324} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{315547D4-976F-486B-9A97-378AE6F23AF4} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INSTALL.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Sft (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASPIMGR (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{A2BA40A0-74F1-52BD-F411-00B15A2C8953} (Trojan.Ertfor) -> Value: {A2BA40A0-74F1-52BD-F411-00B15A2C8953} -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\GootkitSSO (Trojan.Downloader) -> Value: GootkitSSO -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Dropper) -> Value: userini -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Dropper) -> Value: userini -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Dropper) -> Value: userini -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Dropper) -> Value: userini -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Downloader) -> Value: net -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{A2BA40A0-74F1-52BD-F411-00B15A2C8953} (Trojan.Ertfor) -> Value: {A2BA40A0-74F1-52BD-F411-00B15A2C8953} -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Value: UID -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Meredrop) -> Bad: (C:\WINDOWS\system32\sdra64.exe) Good: () -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
c:\documents and settings\propriétaire\application data\systemproc (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.
Fichier(s) infecté(s):
c:\WINDOWS\system32\aspimgr.exe (Trojan.Spambot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ktx56.dll (Trojan.Ertfor) -> Delete on reboot.
c:\WINDOWS\system32\msxsltsso.dll (Trojan.Downloader) -> Delete on reboot.
c:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sdra64.exe (Trojan.Meredrop) -> Delete on reboot.
c:\documents and settings\propriétaire\application data\sdra64.exe (Trojan.Meredrop) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\0045.DLL (Trojan.Witkinat) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\cooper.mine (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\glmf3232.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sshnas21.dll (Trojan.Inject) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rx6zjwmd.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\zqvvdbvyy9.sys (Rootkit.Tent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wbem\grpconv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\install.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\janfw.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\smanxrocwe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\smss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\system.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\notepad.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\mexcosanwr.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\mhq49i8w.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\debug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\dm9540y0q.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\wasmeorxcn.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\khvcol.exe (Trojan.Meredrop) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\lpmv6hmn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\lsass.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\ukhfw5q.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\urt1a1.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\Uvb.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\Uvc.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\uvono.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\~TM5D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\ccl9ke.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\wgvyd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\win.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\win32.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\wzhuglnue.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\grb4dg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\hexdump.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\jczqq47i3y5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv381274835170.exe (Trojan.Insain) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\application data\asam.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\application data\syssvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\temporary internet files\Content.IE5\47SL61YJ\yptozgozmu[1].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\temporary internet files\Content.IE5\WD2VCLUJ\gnemtrzxsn[1].htm (Malware.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Unapua.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\Adobe\sp.DLL (TrojanProxy.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\systemproc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fjhdyfhsn.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\h7t.wt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hgtd.ruy (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nmklo.dll (Worm.MarioFev) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\WORK.DAT (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv271274835423.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\explorer.exe:userini.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
c:\WINDOWS\herjek.config (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\s32.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\ws386.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\systemproc\upd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
c:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
c:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.