Sujet Précédent Sujet Suivant

Malwarebytes

Fermé
Rikyou Messages postés 79 Date d'inscription samedi 3 janvier 2009 Statut Membre Dernière intervention 25 avril 2014 - 12 déc. 2011 à 19:32
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 - 16 déc. 2011 à 00:36
Bonjour, je possède un ordinateur windows xp attaqué par le malware "antimalware doctor". J'ai donc suivi les instructions et j'ai lancé le "scan complet". Jusque là pas de problème mais quand le scan se termine et que je lance la suppression des fichiers "mauvais", malwarebytes ne répond plus...
Par ailleurs, j'ai eu le temps d'enregistrer le rapport mais malheureusement je ne me souviens plus du lieu où je l'ai enregistrer. Sinon les fichiers "mauvais" se trouvent encore sous quarantaine (ce qui n'empêche pas "doctor" de continuer son trafic).
Je voulais savoir comment surmonter se "ne répond plus".
J'ai vu en surfant un coup qu'il est possible de le faire en mode "sans erreur" mais en surfant encore, l'éditeur du logiciel déconseille ce mode car il serait "peu efficace".
De plus mon caractère peu patient me pousse à vous demander : suis-je obliger de relancer le scan en mode "sans erreur" ou puis-je, à partir des scans précédents déjà réalisés reprendre la suppression qui ne répondait plus ?
Merci d'avance. Cordialement... :).



32 réponses

  • 1
  • 2
Réponse 1 / 32
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
12 déc. 2011 à 19:44
Bonjour,

De la patience il en faudra ;) et suivre mes instructions jusqu'au moment où je te dis "on se quitte" sinon dans 1 semaine tu reviendras ;)

▶ Télécharge sur le bureau RogueKiller (par tigzy)

▶ ▶ Sous Windows XP, double clic gauche

▶ ▶ Sous Vista/Seven, clique droit, lancer en tant qu'administrateur

▶ Quitte tous tes programmes en cours
▶ Lance RogueKiller.exe.
▶ Un scan se lance, puis tu verra d''indiqué dans la fenêtre
♦ 1. Recherche (écrit en vert)
♦ 2. Suppression(écrit en rouge)
♦ 3. Hosts RAZ (écrit en rouge)
♦ 4. Proxy RAZ (écrit en rouge)
♦ 5. DNS RAZ (écrit en rouge)
♦ 6. Raccourcis RAZ (écrit en rouge)
♦ 0. Quitter (écrit en vert)
A ce moment tape 2 et valide

▶ Une fois terminé, un rapport (RKreport1.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse.
▶ Utilise l'option 0 pour fermer RogueKiller à ce moment là.

▶ Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois ou a changer son nom en winlogon.exe

Tutoriel : http://forums-fec.be/entraide/viewtopic.php?f=55&t=24

~~

suite à ça, MBAM devrait passer, mets le à jour avant le scan ;)
0
Réponse 2 / 32
Rikyou Messages postés 79 Date d'inscription samedi 3 janvier 2009 Statut Membre Dernière intervention 25 avril 2014
12 déc. 2011 à 20:05
Juju666, tout d'abord merci de ta réponse (bien que ma patient en souffre :p), j'ai suivi tes conseils à la lettre mais un problème est apparu (comme d'ab...). Quand je colle le contenu dans la réponse, le logiciel descend à une vitesse folle puis disparaît...
C'est sûrement une mauvaise manipulation de ma part mais peux-tu encore une fois me venir en aide :) ?
0
Réponse 3 / 32
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
12 déc. 2011 à 20:36
Rikyou, d'abord de rien :3

Heu ... Le logiciel descend à une vitesse folle

J'ai pas compris ?

RogueKiller, une fois fini son taf, il ouvre un rapport dans un fichier bloc note.
T'as juste à coller dans ta réponse le rapport "bloc note" ...
Une fois le bloc note fermé, RogueKiller se remet à son menu principal et là tu tapes 0 pour le fermer.
0
Réponse 4 / 32
Rikyou Messages postés 79 Date d'inscription samedi 3 janvier 2009 Statut Membre Dernière intervention 25 avril 2014
12 déc. 2011 à 20:47
Ah ! Excuse moi je me suis égaré, mais pour te donner la réponse il faut que je passe ce dossier sur une clef usb car "doctor" bloque safari ce qui va me prendre un peu de temps...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 32
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
12 déc. 2011 à 20:51
meuh non après le passage de rogue killer safari n'est plus bloqué :)
et s'il te met une erreur 404 page introuvable, lance rogue killer mode 4 ;)
0
Réponse 6 / 32
Rikyou Messages postés 79 Date d'inscription samedi 3 janvier 2009 Statut Membre Dernière intervention 25 avril 2014
12 déc. 2011 à 21:22
Exact, merci :) ! Voici le résultat : RogueKiller V6.2.0 [12/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Propriétaire [Droits d'admin]
Mode: Suppression -- Date : 12/12/2011 21:20:06

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 19 ¤¤¤
[BLACKLIST] HKLM\[...]\Winlogon : Userinit (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) -> REPLACED (C:\WINDOWS\system32\userinit.exe,)
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{14934CE1-6E57-45A2-86AA-42E686F562F7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{3CDA1538-FA42-4926-8E28-08DDAF441FFB} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{5680D972-0ECE-4440-87DA-8D3E8D9E544B} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{56D9ECDD-7535-49B2-8B27-E73A2729947D} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{6A51F8E6-367E-4575-A46B-D70FA5895872} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{6C6C93EB-77AB-4C4B-AD92-6CFDA9AD2777} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{BD6BCC4D-AACF-491F-A07E-BC78B875BDD2} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{D5B47ABD-7008-46A7-B3D5-E826DF84A906} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{FBED70DE-9B16-45B0-BD9C-C599CB2A6BF7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{14934CE1-6E57-45A2-86AA-42E686F562F7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{3CDA1538-FA42-4926-8E28-08DDAF441FFB} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{5680D972-0ECE-4440-87DA-8D3E8D9E544B} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{56D9ECDD-7535-49B2-8B27-E73A2729947D} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{6A51F8E6-367E-4575-A46B-D70FA5895872} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{6C6C93EB-77AB-4C4B-AD92-6CFDA9AD2777} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{BD6BCC4D-AACF-491F-A07E-BC78B875BDD2} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{D5B47ABD-7008-46A7-B3D5-E826DF84A906} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{FBED70DE-9B16-45B0-BD9C-C599CB2A6BF7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1
127.0.0.1 ad.ghura.pl
127.0.0.1 ircgalaxy.pl
127.0.0.1 ru.brans.pl
127.0.0.1 zief.pl


¤¤¤ MBR Verif: ¤¤¤
--- User ---
[MBR] e6df9eca0c3c169071b56d403c36d85e
[BSP] 90101588f32e75ab94924d1dfb01d359 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 62915 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 122881185 | Size: 97115 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[1].txt >>
RKreport[1].txt
0
Réponse 7 / 32
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
12 déc. 2011 à 21:27
relance roguekiller mode 4 :)
y'a un proxy qui redirige tes recherches.
0
Réponse 8 / 32
Rikyou Messages postés 79 Date d'inscription samedi 3 janvier 2009 Statut Membre Dernière intervention 25 avril 2014
12 déc. 2011 à 21:33
Le résultat est le meme...
0
Réponse 9 / 32
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
12 déc. 2011 à 21:33
rapport ?
RKReport2.txt
0
Réponse 10 / 32
Rikyou Messages postés 79 Date d'inscription samedi 3 janvier 2009 Statut Membre Dernière intervention 25 avril 2014
12 déc. 2011 à 21:37
RogueKiller V6.2.0 [12/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Propriétaire [Droits d'admin]
Mode: Proxy RAZ -- Date : 12/12/2011 21:35:18

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Entrees de registre: 0 ¤¤¤

Termine : << RKreport[1].txt >>
RKreport[1].txt
C'est le rapport quand je fais le mode 4 .
Et le mode 2 :
RogueKiller V6.2.0 [12/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Propriétaire [Droits d'admin]
Mode: Suppression -- Date : 12/12/2011 21:37:13

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 19 ¤¤¤
[BLACKLIST] HKLM\[...]\Winlogon : Userinit (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) -> REPLACED (C:\WINDOWS\system32\userinit.exe,)
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{14934CE1-6E57-45A2-86AA-42E686F562F7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{3CDA1538-FA42-4926-8E28-08DDAF441FFB} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{5680D972-0ECE-4440-87DA-8D3E8D9E544B} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{56D9ECDD-7535-49B2-8B27-E73A2729947D} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{6A51F8E6-367E-4575-A46B-D70FA5895872} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{6C6C93EB-77AB-4C4B-AD92-6CFDA9AD2777} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{BD6BCC4D-AACF-491F-A07E-BC78B875BDD2} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{D5B47ABD-7008-46A7-B3D5-E826DF84A906} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{FBED70DE-9B16-45B0-BD9C-C599CB2A6BF7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{14934CE1-6E57-45A2-86AA-42E686F562F7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{3CDA1538-FA42-4926-8E28-08DDAF441FFB} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{5680D972-0ECE-4440-87DA-8D3E8D9E544B} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{56D9ECDD-7535-49B2-8B27-E73A2729947D} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{6A51F8E6-367E-4575-A46B-D70FA5895872} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{6C6C93EB-77AB-4C4B-AD92-6CFDA9AD2777} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{BD6BCC4D-AACF-491F-A07E-BC78B875BDD2} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{D5B47ABD-7008-46A7-B3D5-E826DF84A906} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{FBED70DE-9B16-45B0-BD9C-C599CB2A6BF7} : NameServer (195.242.208.40) -> NOT REMOVED, USE DNSFIX

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1
127.0.0.1 ad.ghura.pl
127.0.0.1 ircgalaxy.pl
127.0.0.1 ru.brans.pl
127.0.0.1 zief.pl


¤¤¤ MBR Verif: ¤¤¤
--- User ---
[MBR] e6df9eca0c3c169071b56d403c36d85e
[BSP] 90101588f32e75ab94924d1dfb01d359 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 62915 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 122881185 | Size: 97115 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt--
Everything I do, I do it big. Wiz Khalifa.
0
Réponse 11 / 32
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
12 déc. 2011 à 21:40
autant pour moi, c'était le mode 5 qu'il fallait passer x)
dns raz
0
Réponse 12 / 32
Rikyou Messages postés 79 Date d'inscription samedi 3 janvier 2009 Statut Membre Dernière intervention 25 avril 2014
12 déc. 2011 à 21:42
Mode 5 :
RogueKiller V6.2.0 [12/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Propriétaire [Droits d'admin]
Mode: DNS RAZ -- Date : 12/12/2011 21:41:15

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Entrees de registre: 18 ¤¤¤
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{14934CE1-6E57-45A2-86AA-42E686F562F7} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{3CDA1538-FA42-4926-8E28-08DDAF441FFB} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{5680D972-0ECE-4440-87DA-8D3E8D9E544B} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{56D9ECDD-7535-49B2-8B27-E73A2729947D} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{6A51F8E6-367E-4575-A46B-D70FA5895872} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{6C6C93EB-77AB-4C4B-AD92-6CFDA9AD2777} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{BD6BCC4D-AACF-491F-A07E-BC78B875BDD2} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{D5B47ABD-7008-46A7-B3D5-E826DF84A906} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{FBED70DE-9B16-45B0-BD9C-C599CB2A6BF7} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{14934CE1-6E57-45A2-86AA-42E686F562F7} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{3CDA1538-FA42-4926-8E28-08DDAF441FFB} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{5680D972-0ECE-4440-87DA-8D3E8D9E544B} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{56D9ECDD-7535-49B2-8B27-E73A2729947D} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{6A51F8E6-367E-4575-A46B-D70FA5895872} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{6C6C93EB-77AB-4C4B-AD92-6CFDA9AD2777} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{BD6BCC4D-AACF-491F-A07E-BC78B875BDD2} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{D5B47ABD-7008-46A7-B3D5-E826DF84A906} : NameServer (195.242.208.40) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{FBED70DE-9B16-45B0-BD9C-C599CB2A6BF7} : NameServer (195.242.208.40) -> REPLACED ()

Termine : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Mode 2 :
RogueKiller V6.2.0 [12/12/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Propriétaire [Droits d'admin]
Mode: Suppression -- Date : 12/12/2011 21:41:27

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 1 ¤¤¤
[BLACKLIST] HKLM\[...]\Winlogon : Userinit (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) -> REPLACED (C:\WINDOWS\system32\userinit.exe,)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1
127.0.0.1 ad.ghura.pl
127.0.0.1 ircgalaxy.pl
127.0.0.1 ru.brans.pl
127.0.0.1 zief.pl


¤¤¤ MBR Verif: ¤¤¤
--- User ---
[MBR] e6df9eca0c3c169071b56d403c36d85e
[BSP] 90101588f32e75ab94924d1dfb01d359 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 62915 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 122881185 | Size: 97115 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt--
Everything I do, I do it big. Wiz Khalifa.
0
Réponse 13 / 32
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
12 déc. 2011 à 21:43
voilà qui est tout de suite mieux ^^

allé go mise à jour mbam puis scan rapide, ça va shooter le rogue une bonne fois pour toutes.
0
Réponse 14 / 32
Rikyou Messages postés 79 Date d'inscription samedi 3 janvier 2009 Statut Membre Dernière intervention 25 avril 2014
12 déc. 2011 à 21:59
Antimalware doctor est un rogue :) ? Sinon je suis entrain de scanner là :) merci beaucoup.
0
Réponse 15 / 32
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
12 déc. 2011 à 22:03
oui c'est un rogue (faux logiciel de sécurité) :)
certains l'appellent ransomware ou un truc du genre ^^
0
Réponse 16 / 32
Rikyou Messages postés 79 Date d'inscription samedi 3 janvier 2009 Statut Membre Dernière intervention 25 avril 2014
12 déc. 2011 à 22:17
Je viens de finir mais un rapport bloc notes : "Impossible de supprimer certains éléments. Un fichier rapport a été enregistré dans le dossier logs." Que dois-je faire?
0
Réponse 17 / 32
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
12 déc. 2011 à 22:20
tu redémarres, au redémarrage si le rapport s'ouvre pas tu vas dans mbam, onglet rapports/logs, tu le colle ici :)
0
Réponse 18 / 32
Rikyou Messages postés 79 Date d'inscription samedi 3 janvier 2009 Statut Membre Dernière intervention 25 avril 2014
12 déc. 2011 à 22:33
Dossier(s) infecté(s):
c:\documents and settings\propriétaire\application data\systemproc (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Fichier(s) infecté(s):
c:\WINDOWS\system32\aspimgr.exe (Trojan.Spambot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ktx56.dll (Trojan.Ertfor) -> Delete on reboot.
c:\WINDOWS\system32\msxsltsso.dll (Trojan.Downloader) -> Delete on reboot.
c:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sdra64.exe (Trojan.Meredrop) -> Delete on reboot.
c:\documents and settings\propriétaire\application data\sdra64.exe (Trojan.Meredrop) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\0045.DLL (Trojan.Witkinat) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\cooper.mine (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\glmf3232.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sshnas21.dll (Trojan.Inject) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rx6zjwmd.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\zqvvdbvyy9.sys (Rootkit.Tent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wbem\grpconv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\install.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\janfw.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\smanxrocwe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\smss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\system.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\notepad.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\mexcosanwr.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\mhq49i8w.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\debug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\dm9540y0q.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\wasmeorxcn.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\khvcol.exe (Trojan.Meredrop) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\lpmv6hmn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\lsass.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\ukhfw5q.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\urt1a1.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\Uvb.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\Uvc.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\uvono.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\~TM5D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\ccl9ke.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\wgvyd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\win.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\win32.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\wzhuglnue.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\grb4dg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\hexdump.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\jczqq47i3y5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv381274835170.exe (Trojan.Insain) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\application data\asam.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\application data\syssvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\temporary internet files\Content.IE5\47SL61YJ\yptozgozmu[1].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\temporary internet files\Content.IE5\WD2VCLUJ\gnemtrzxsn[1].htm (Malware.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Unapua.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\Adobe\sp.DLL (TrojanProxy.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\systemproc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fjhdyfhsn.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\h7t.wt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hgtd.ruy (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nmklo.dll (Worm.MarioFev) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\WORK.DAT (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv271274835423.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\explorer.exe:userini.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
c:\WINDOWS\herjek.config (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\s32.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\ws386.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\systemproc\upd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
c:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
c:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.--
Everything I do, I do it big. Wiz Khalifa.
0
Réponse 19 / 32
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
12 déc. 2011 à 22:35
jpeux avoir le rapport complet ?
0
Réponse 20 / 32
Rikyou Messages postés 79 Date d'inscription samedi 3 janvier 2009 Statut Membre Dernière intervention 25 avril 2014
12 déc. 2011 à 22:39
Autant pour moi, c'est que c'est pas tout petit :p :
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 8352

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/12/2011 22:15:29
mbam-log-2011-12-12 (22-15-29).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 179381
Temps écoulé: 13 minute(s), 51 seconde(s)

Processus mémoire infecté(s): 5
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 27
Valeur(s) du Registre infectée(s): 12
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 71

Processus mémoire infecté(s):
c:\WINDOWS\system32\aspimgr.exe (Trojan.Spambot) -> 644 -> Unloaded process successfully.
c:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> 3716 -> Unloaded process successfully.
c:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> 3848 -> Unloaded process successfully.
c:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> 3856 -> Unloaded process successfully.
c:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> 4008 -> Unloaded process successfully.

Module(s) mémoire infecté(s):
c:\WINDOWS\system32\ktx56.dll (Trojan.Ertfor) -> Delete on reboot.
c:\WINDOWS\system32\msxsltsso.dll (Trojan.Downloader) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspimgr (Trojan.Spambot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A2BA40A0-74F1-52BD-F411-00B15A2C8953} (Trojan.Ertfor) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2BA40A0-74F1-52BD-F411-00B15A2C8953} (Trojan.Ertfor) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2BA40A0-74F1-52BD-F411-00B15A2C8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{10467BA9-92F6-47DC-BF84-CAF34C5BE324} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{315547D4-976F-486B-9A97-378AE6F23AF4} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INSTALL.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Sft (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASPIMGR (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{A2BA40A0-74F1-52BD-F411-00B15A2C8953} (Trojan.Ertfor) -> Value: {A2BA40A0-74F1-52BD-F411-00B15A2C8953} -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\GootkitSSO (Trojan.Downloader) -> Value: GootkitSSO -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Dropper) -> Value: userini -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Dropper) -> Value: userini -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Trojan.Dropper) -> Value: userini -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\userini (Trojan.Dropper) -> Value: userini -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Downloader) -> Value: net -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{A2BA40A0-74F1-52BD-F411-00B15A2C8953} (Trojan.Ertfor) -> Value: {A2BA40A0-74F1-52BD-F411-00B15A2C8953} -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Value: UID -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Meredrop) -> Bad: (C:\WINDOWS\system32\sdra64.exe) Good: () -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
c:\documents and settings\propriétaire\application data\systemproc (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Fichier(s) infecté(s):
c:\WINDOWS\system32\aspimgr.exe (Trojan.Spambot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ktx56.dll (Trojan.Ertfor) -> Delete on reboot.
c:\WINDOWS\system32\msxsltsso.dll (Trojan.Downloader) -> Delete on reboot.
c:\WINDOWS\system32\userini.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sdra64.exe (Trojan.Meredrop) -> Delete on reboot.
c:\documents and settings\propriétaire\application data\sdra64.exe (Trojan.Meredrop) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\0045.DLL (Trojan.Witkinat) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\cooper.mine (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\glmf3232.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sshnas21.dll (Trojan.Inject) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rx6zjwmd.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\zqvvdbvyy9.sys (Rootkit.Tent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wbem\grpconv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\install.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\janfw.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\smanxrocwe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\smss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\system.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\notepad.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\mexcosanwr.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\mhq49i8w.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\debug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\dm9540y0q.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\wasmeorxcn.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\khvcol.exe (Trojan.Meredrop) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\lpmv6hmn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\lsass.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\ukhfw5q.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\urt1a1.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\Uvb.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\Uvc.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\uvono.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\~TM5D.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\ccl9ke.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\wgvyd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\win.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\win32.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\wzhuglnue.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\grb4dg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\hexdump.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\jczqq47i3y5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv381274835170.exe (Trojan.Insain) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\application data\asam.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\application data\syssvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\temporary internet files\Content.IE5\47SL61YJ\yptozgozmu[1].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\temporary internet files\Content.IE5\WD2VCLUJ\gnemtrzxsn[1].htm (Malware.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Unapua.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\02000000bb25252c922s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\Adobe\sp.DLL (TrojanProxy.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\systemproc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fjhdyfhsn.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\h7t.wt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hgtd.ruy (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nmklo.dll (Worm.MarioFev) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\WORK.DAT (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\local settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv271274835423.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\explorer.exe:userini.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
c:\WINDOWS\herjek.config (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\s32.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\ws386.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\propriétaire\application data\systemproc\upd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
c:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
c:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
0

Discussions similaires

malwarebytes gratuit mais au fiinal payant
Awdeline -
Did -

5 réponses
Malwarebytes version 3.2.2.2029
Penndu -
Utilisateur anonyme -

59 réponses
Cherche clé d'activation pour Malwarebyte Anti-malware valide
chris.dumont -
teutates -

2 réponses
impossible de désinstaller malwarebytes
gwen -
Lafaye -

8 réponses
rendre malwarebyte ou avast en clès usb portable avec portableapps ou cameyo
david88700 -
seb77150 -

43 réponses