Probleme malwarebyte

JohnnyG · Janvier 22, 2009, 9:14

Bonjour
Apres avoir effectué un scan Malwarebyte, j’ai fait corriger les problemetrouvé et depuis le pc ne demarre plus… enfin il reste sur le chargement de XP sans acceder au bureau.Le mode sans echec ne marche plus.
J’ai fait un ntfsfix avec Knoppix mais cela ne resout rien.
Est ce que le formatage s’impose?

hisvin · Janvier 22, 2009, 9:25

Je crains que oui.
A moins que tu réussises à atteindre le log de Malware bytes pour voir ce qu’il a dégagé genre une dll windows blacklistée par erreur et de la récupérer sur un site dont j’ai oublié le nom. ( )
Edité le 22/01/2009 à 09:25

JohnnyG · Janvier 22, 2009, 9:32

je peux aller a la peche au log grace a knoppix… je le poste des qe possible
le log:

"":

Malwarebytes’ Anti-Malware 1.33
Version de la base de données: 1674
Windows 5.1.2600 Service Pack 3

21/01/2009 21:40:12
mbam-log-2009-01-21 (21-40-12).txt

Type de recherche: Examen complet (C:|E:|F:|)
Eléments examinés: 286220
Temps écoulé: 1 hour(s), 41 minute(s), 19 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 15
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 11

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\sexvid (Trojan.DNSChanger) → Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) → Data: kdckj.exe → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) → Bad: (« regedit.exe » « %1 ») Good: (regedit.exe « %1 ») → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{2500a1c5-3a85-496a-913d-16ea336d443c}\DhcpNameServer (Trojan.DNSChanger) → Data: 85.255.112.137;85.255.112.235 → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{2500a1c5-3a85-496a-913d-16ea336d443c}\NameServer (Trojan.DNSChanger) → Data: 85.255.112.137;85.255.112.235 → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{467947b6-7943-4e60-a061-e9a9e6a49362}\NameServer (Trojan.DNSChanger) → Data: 85.255.112.137;85.255.112.235 → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{a3e974c5-18b3-4d0f-b1b3-9f107a0f6b13}\NameServer (Trojan.DNSChanger) → Data: 85.255.112.137;85.255.112.235 → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces{2500a1c5-3a85-496a-913d-16ea336d443c}\DhcpNameServer (Trojan.DNSChanger) → Data: 85.255.112.137;85.255.112.235 → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces{2500a1c5-3a85-496a-913d-16ea336d443c}\NameServer (Trojan.DNSChanger) → Data: 85.255.112.137;85.255.112.235 → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces{467947b6-7943-4e60-a061-e9a9e6a49362}\NameServer (Trojan.DNSChanger) → Data: 85.255.112.137;85.255.112.235 → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces{a3e974c5-18b3-4d0f-b1b3-9f107a0f6b13}\NameServer (Trojan.DNSChanger) → Data: 85.255.112.137;85.255.112.235 → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces{2500a1c5-3a85-496a-913d-16ea336d443c}\DhcpNameServer (Trojan.DNSChanger) → Data: 85.255.112.137;85.255.112.235 → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces{2500a1c5-3a85-496a-913d-16ea336d443c}\NameServer (Trojan.DNSChanger) → Data: 85.255.112.137;85.255.112.235 → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces{467947b6-7943-4e60-a061-e9a9e6a49362}\NameServer (Trojan.DNSChanger) → Data: 85.255.112.137;85.255.112.235 → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces{a3e974c5-18b3-4d0f-b1b3-9f107a0f6b13}\NameServer (Trojan.DNSChanger) → Data: 85.255.112.137;85.255.112.235 → Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\InternetGameBox (Adware.EGDAccess) → Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) → Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) → Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) → Quarantined and deleted successfully.
C:\Program Files\WinZix (Trojan.Lop) → Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Nutz\Local Settings\Application Data\kinlpnrp_navps.dat (Adware.Navipromo.H) → Quarantined and deleted successfully.
C:\Documents and Settings\Nutz\Local Settings\Application Data\kinlpnrp.dat (Adware.Navipromo.H) → Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\InternetGameBox.exe (Adware.EGDAccess) → Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\language (Adware.EGDAccess) → Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) → Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) → Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) → Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) → Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) → Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) → Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) → Quarantined and deleted successfully.

Edité le 22/01/2009 à 10:50

JohnnyG · Janvier 22, 2009, 10:52

Au vu du log, est ce que des elements on ete effacé par erreur ou bien le probleme est ailleur

vyger · Janvier 22, 2009, 8:34

Une petite réparation avec le CD de XP s’impose :

tuto ici

a+

JohnnyG · Janvier 26, 2009, 10:21

Alors le probleme est resolu. il semblerait que ca n’ai rien a voir avec malware pour moi.
En fait les choses se sont un peu clarifiée pour moi quand Knoppix m’a dit qu’il "forcait le montage du disque.
Et apres avoir lancé seatool (mon disque est un maxtor (et entre parenthese c’est la deuxieme fois qu’il me fait la plaisanterie)) en test long il m’a detecté des erreurs qu’il a corrigée puis un checkdisk de C: et tout est reparti .