Infections avec certitude....

qwerty- Messages postés 17655 Date d'inscription   Statut Contributeur Dernière intervention   -  
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

Bon ben voila cette fois c'est pour moi... si seulement je savais faire tout cela moi même, ce serait avec plaisir....
mais ce n'est pas le cas.

Bon voila donc ce pauvre pc présente tous les symptômes d'une connnerie de virus...
j'ai vérifié mes températures, j'utilises ccleaner, j'ai scanné avec l'antivirus, avec spybot...

donc j'en arrive a hijackthis...

Merci d'avance pour l'annalyse détailllée et la destruction des problèmes...
=)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:25:09, on 25/03/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Razer\Mamba\RazerTray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\wuaucldt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\System32\Magnify.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Razer Mamba Driver] C:\Program Files\Razer\Mamba\RazerTray.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [wuaucldt] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [Regedit32] C:\Windows\system32\regedit.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [wuaucldt] c:\users\biloute\wuaucldt.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [engel] C:\Windows\system32\config\systemprofile\AppData\Roaming\updates\updates.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [engel] C:\Windows\system32\config\systemprofile\AppData\Roaming\updates\updates.exe (User 'Default user')
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 7369 bytes



--
Il ne faut pas prendre les gens pour des cons,
Mais il ne faut jamais oublier qu'ils le sont .

17 réponses

  1. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    salut hijackthis obsolète et en plus pas à jour

    désactive tea timer et supprime spybot ensuite
    =========================================================
    ▶ Télécharge sur le bureau RogueKiller (par tigzy)

    ▶ ▶ (Sous Vista/Seven, clique droit, lancer en tant qu'administrateur )

    ▶ Quitte tous tes programmes en cours
    ▶ Lance RogueKiller.exe.
    ▶ Un scan se lance, puis tu verra d'indiqué dans la fenêtre
    ▶ ▶ 1. Scan (écrit en vert)
    ▶ ▶ 2. Delete (écrit en rouge)
    ▶ ▶ 3. Hosts RAZ (écrit en rouge)
    ▶ ▶ 4. Proxy RAZ (écrit en rouge)
    ▶ ▶ 5. DNS RAZ (écrit en rouge)
    ▶ ▶ 6. Raccourcis RAZ (écrit en rouge)
    A ce moment tape 2 et valide
    Note: s'il te demande de supprimer le proxy, tape 4
    ▶ Deux rapports (RKreport1 et 2.txt) ont du se créer à côté de l'exécutable, colle leurs contenus dans la réponse
    ▶ Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois ou a changer son nom en winlogon.exe
    =========================================================
    ▶ Télécharge Malwarebytes' Anti-Malware et enregistre le sur ton bureau.

    ▶ ▶ Miroir 1 si inaccessible

    ▶ ▶ Miroir 2 si inaccessible

    ▶ ▶ /!\ Utilisateur de Vista et Windows 7 : Clique droit sur le logo de Malwarebytes' Anti-Malware, « exécuter en tant qu'Administrateur »

    ▶ Double clique sur le fichier téléchargé pour lancer le processus d'installation.
    ▶ Dans l'onglet "mise à jour", clique sur le bouton Recherche de mise à jour
    ▶ si le pare-feu demande l'autorisation de se connecter pour Malwarebytes, accepte
    Une fois la mise à jour terminée
    ▶ rends-toi dans l'onglet Recherche
    ▶ Sélectionne Exécuter un examen complet
    ▶ Clique sur Rechercher
    ▶ ▶ Le scan démarre.
    ▶ A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    ▶ Clique sur Ok pour poursuivre.
    ▶ Si des malwares ont été détectés, cliques sur Afficher les résultats
    ▶ Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection . Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
    ▶ Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse. Copie/colle le ici (ctrl+a pour tout sélectionner, ctrl+c pour copier, ctrl+v pour coller)

    ▶ ▶ Il se peut que MBAM ait besoin de redémarrer le pc pour finaliser la suppression, donc pas de panique, redémarre ton pc !!!
    ▶ Une fois le PC redémarré, rends toi dans l'onglet rapport/log
    ▶ Tu clique dessus pour l'afficher, une fois affiché
    ▶ Copie/colle le ici (ctrl+a pour tout sélectionner, ctrl+c pour copier, ctrl+v pour coller)

    Si tu as besoin d'aide regarde ce tutoriel :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    ▶ ▶ Si tu n'arrive pas à le mettre à jour, télécharge ce fichier

    bonne nuit!
    0
  2. qwerty- Messages postés 17655 Date d'inscription   Statut Contributeur Dernière intervention   1 451
     
    ok juju merci déja.

    bon je vais faire ça pas a pas mais ce sera pour demain, t'façon j'ai pas le feu au cul !
    =)
    t'es récent sur ccm je vois, ça fait plaisir de voir des gens motivés !
    bon ben par contre j'y vais j'ai des zombies a tuer ! a tres tres tres bientot.... si t'es la demain.

    je commencerais probablement vers 13h

    saaaAAAaaalut !
    0
    1. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
       
      ouaip, fait ça à ton aise, good night ;)
      0
  3. afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
     
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

    Oh le vilain O4 - HKLM\..\Run: [Regedit32]

    Tiens donc; ça faisait longtemps !
    Je vais suivre.
    Merci.

    Salut le vieux qwerty ;)
    0
  4. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Re Al ;)
    C:\Windows\system32\config\systemprofile\AppData\Roaming\updates\updates.exe ça aussi c'est joli nan?
    Sinon tes lignes sont détectées ok dans zhp.. ?
    trouvé ça: https://answers.microsoft.com/fr-fr/office/forum/office_2007-outlook/erreur-msg-cette-op%C3%A9ration-a-%C3%A9t%C3%A9-annul%C3%A9e-a-cause-d/7531be46-2dce-4909-9849-91d82f18810b
    rstassociations d xplode sera peut être à envisager. merci al ;-)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. qwerty- Messages postés 17655 Date d'inscription   Statut Contributeur Dernière intervention   1 451
     
    salut! bon ben finalement c'est 13 heure, heure locale de la floride !

    par contre j'ai pas 2 fichier TXT mais 1 seul

    la ya le txt de rogue je fais malware maintenant

    RogueKiller V4.3.4 by Tigzy
    contact at https://www.luanagames.com/index.fr.html
    mail: tigzyRK<at>gmail<dot>com
    Feedback: https://www.luanagames.com/index.fr.html

    Operating System: Windows 7 (6.1.7600 ) 32 bits version
    Started in : Normal mode
    User: Biloute [Admin rights]
    Mode: Remove -- Date : 03/26/2011 16:19:39

    Bad processes: 3
    [SVCHOST] svchost.exe -- System Folder -> KILLED
    [SVCHOST] svchost.exe -- System Folder -> KILLED
    [SVCHOST] svchost.exe -- System Folder -> KILLED

    Registry Entries: 2
    [APPDT/TMP/DESKTOP] HKUS\.DEFAULT[...]\Run : engel (C:\Windows\system32\config\systemprofile\AppData\Roaming\updates\updates.exe) -> DELETED
    [APPDT/TMP/DESKTOP] HKUS\.DEFAULT[...]\Run : qubmuncx (C:\Windows\TEMP\joandkwfy\qjtpygouerb.exe) -> DELETED

    HOSTS File:
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    [...]

    Finished : << RKreport[1].txt >>
    RKreport[1].txt

    0
  7. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Saluuuut =)

    Bon relance RogueKiller en option 3 cette fois.

    Poste moi le rapport de MBAM stp

    (heure locale en Belgique = 11:03)
    0
  8. qwerty- Messages postés 17655 Date d'inscription   Statut Contributeur Dernière intervention   1 451
     
    yop l'ami,

    voici donc le rapport MBAM, il a trouvé 200 trucs, je dois les supprimer avant de refaire rogue en 3 ou pas ?

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6178

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    27/03/2011 04:38:01
    mbam-log-2011-03-27 (04-37-15).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 507623
    Time elapsed: 1 hour(s), 27 minute(s), 12 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 7
    Registry Values Infected: 7
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 185

    Memory Processes Infected:
    c:\Windows\System32\wuaucldt.exe (Trojan.Downloader) -> 2116 -> No action taken.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF197$ (Adware.Adrotator) -> No action taken.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> No action taken.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Downloader) -> Value: wuaucldt -> No action taken.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Downloader) -> Value: wuaucldt -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Agent) -> Value: wuaucldt -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Value: netsvc -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> No action taken.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\Windows\$ntuninstallmtf197$ (Adware.Adrotator) -> No action taken.

    Files Infected:
    c:\Windows\System32\wuaucldt.exe (Trojan.Downloader) -> No action taken.
    c:\Windows\System32\config\systemprofile\wuaucldt.exe (Trojan.Downloader) -> No action taken.
    c:\program files\Ubisoft\ubisoft game launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.
    c:\Windows\System32\1.exe (Trojan.Setfic) -> No action taken.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\updates\updates.exe (Trojan.Proxy) -> No action taken.
    c:\Games\Ubisoft\assassin's creed ii\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz1084.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz1479.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz1526.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz1B1E.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz1C28.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz1D9E.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz22BC.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz2396.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz2472.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz255B.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz2628.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz27BC.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz2E21.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz2FC7.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz3330.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz334F.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz5B1B.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz8E98.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzB673.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzD44E.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzFE7A.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\NS8D81.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\NSAA52.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\NSADFA.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\NSAE39.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz8E99.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz904E.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz90E9.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz9141.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz91D3.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz91E3.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz931B.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz9482.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz9538.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz958A.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz96B3.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz981.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz9878.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz9A9A.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz9CCC.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz9DD4.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz9FB7.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzA015.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzA14E.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzA3ED.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzA572.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzA5A2.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzA801.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzA89D.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzA9F5.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzAA24.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzAD8.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzAF61.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzB06A.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzB26E.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzB2E9.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzB4BD.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzB50B.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzB616.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz338D.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz3429.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz34F4.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz3580.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz3581.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz35CF.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz35FE.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz36C9.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz3784.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz3811.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz3E47.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz3F6.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz4099.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz4568.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz48F2.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz5012.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz534E.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz557E.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz5936.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz5937.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz5A50.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz5A5E.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzB78B.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzB894.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzB922.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzBA1B.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzBAD6.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzBAF5.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzBBA0.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzBBFE.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzBE9D.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzBEBD.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzC12D.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzC1AA.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzC264.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzC274.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzC5BF.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzC8BA.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzCA40.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzCA8F.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzD0A6.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzD420.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz5CA1.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz5D3D.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz5FAC.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz640F.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz641F.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz65C5.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz6612.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz667.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz667F.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz68B2.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz68C1.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz7ACA.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz7CCD.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz7E05.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz7E53.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz7F1E.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz7F7B.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz80C4.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz81EC.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz821B.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz8545.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz85A3.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz8739.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz8768.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz8777.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz87F3.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz8A64.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz8AA2.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz8AA3.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz8C19.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz8C47.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trz8D51.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzD45E.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzD681.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzD799.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzD9EA.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzDAE3.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzDDA2.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzDDB2.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzDE4.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzE012.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzE1B6.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzE24.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzE714.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzEC12.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzEEE1.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzEFBB.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzF42D.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzF862.tmp (Rootkit.Agent) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzFA.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzFAE2.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\AppData\Local\Temp\trzFC2A.tmp (Trojan.PWStealer) -> No action taken.
    c:\Users\Biloute\documents\add on & cracks\assassins creed 2 skidrow\SKIDROW\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.
    c:\Users\Biloute\documents\add on & cracks\gta.iv.crack-fall_0ut_b0y\launchgtaiv.exe (Risktool.Crack) -> No action taken.
    c:\Users\Biloute\documents\add on & cracks\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r\launchgtaiv.exe (Risktool.Crack) -> No action taken.
    c:\Users\Biloute\documents\add on & cracks\mw2 coop lan working razor repack\Crack\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> No action taken.
    c:\Users\Biloute\documents\add on & cracks\nfs carbon crack + serial\nfs carbon crack + serial\crack + serial\Keygen.exe (Trojan.Downloader) -> No action taken.
    c:\Users\Biloute\documents\add on & cracks\powerdvd ultra v9.0.1501.0 preactivated\crack if u need\keygen.exe (Trojan.Dropper.PGen) -> No action taken.
    c:\Users\Biloute\documents\add on & cracks\call of duty - modern warfare 2 - spec-ops - lan crack - goodreadme included\04 lan spec-ops\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> No action taken.
    c:\Users\Biloute\documents\add on & cracks\call of duty modern warfare 2 no steam installer and missing files upload madwiggynld\game installer\mw2install.exe (Trojan.Dropper) -> No action taken.
    c:\Users\Biloute\documents\add on & cracks\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\ru-mw2ns\reunion.patch.exe (RiskWare.Tool.CK) -> No action taken.
    c:\Users\Biloute\documents\add on & cracks\SKIDROW\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.
    c:\Users\Biloute\documents\Utils\acdsee pro 2 v2.5.332 incl keygen french-fff\Crack\acdsee pro v2.5.332 incl keygen french-bs\BS-ACP20.exe (Trojan.Dropper.PGen) -> No action taken.
    c:\Users\Biloute\documents\Utils\powerdvd ultra v9.0.1501.0 preactivated\crack if u need\keygen.exe (Trojan.Dropper.PGen) -> No action taken.
    c:\Users\Biloute\downloads\rk_quarantine\updates.exe.vir (Trojan.Proxy) -> No action taken.
    d:\Games\activision\modern warfare 2\reunion.patch.exe (RiskWare.Tool.CK) -> No action taken.
    d:\Games\activision\modern warfare 2\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> No action taken.
    d:\Users\Macfly\documents\add on & cracks\gta.iv.crack-fall_0ut_b0y\launchgtaiv.exe (Risktool.Crack) -> No action taken.
    d:\Users\Macfly\documents\add on & cracks\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r\launchgtaiv.exe (Risktool.Crack) -> No action taken.
    d:\Users\Macfly\documents\add on & cracks\call of duty - modern warfare 2 - spec-ops - lan crack - goodreadme included\04 lan spec-ops\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> No action taken.
    d:\Users\Macfly\documents\add on & cracks\call of duty modern warfare 2 no steam installer and missing files upload madwiggynld\game installer\mw2install.exe (Trojan.Dropper) -> No action taken.
    d:\Users\Macfly\documents\add on & cracks\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\ru-mw2ns\reunion.patch.exe (RiskWare.Tool.CK) -> No action taken.
    d:\Users\Macfly\documents\add on & cracks\mw2 coop lan working razor repack\Crack\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> No action taken.
    d:\Users\Macfly\documents\add on & cracks\nfs carbon crack + serial\nfs carbon crack + serial\crack + serial\Keygen.exe (Trojan.Downloader) -> No action taken.
    d:\Users\Macfly\documents\Utils\acdsee pro 2 v2.5.332 incl keygen french-fff\Crack\acdsee pro v2.5.332 incl keygen french-bs\BS-ACP20.exe (Trojan.Dropper.PGen) -> No action taken.
    c:\Windows\$ntuninstallmtf197$\apuninstall.exe (Adware.Adrotator) -> No action taken.
    c:\Windows\$ntuninstallmtf197$\ginky.exe (Adware.Adrotator) -> No action taken.
    c:\Windows\$ntuninstallmtf197$\zrpt.xml (Adware.Adrotator) -> No action taken.
    0
  9. qwerty- Messages postés 17655 Date d'inscription   Statut Contributeur Dernière intervention   1 451
     
    mince y veut pas poster le MBAM, il est auto modéré...

    je te le met en MP ou quoi ?
    0
    1. qwerty- Messages postés 17655 Date d'inscription   Statut Contributeur Dernière intervention   1 451
       
      j'essaye le rapport apres avoir tt effacé avec mbam...
      on va voir si y passe...
      0
  10. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Atta je demande qu'il soit restauré.
    Et le roguekiller option 3 j aimerai voir aussi son rapport ;)
    0
    1. M@thew
       
      Ayé !!!
      0
  11. qwerty- Messages postés 17655 Date d'inscription   Statut Contributeur Dernière intervention   1 451
     
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6178

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    27/03/2011 04:43:27
    mbam-log-2011-03-27 (04-43-27).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 507623
    Time elapsed: 1 hour(s), 27 minute(s), 12 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 7
    Registry Values Infected: 7
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 185

    Memory Processes Infected:
    c:\Windows\System32\wuaucldt.exe (Trojan.Downloader) -> 2116 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF197$ (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Downloader) -> Value: wuaucldt -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Downloader) -> Value: wuaucldt -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Agent) -> Value: wuaucldt -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Value: netsvc -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> Delete on reboot.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\Windows\$ntuninstallmtf197$ (Adware.Adrotator) -> Quarantined and deleted successfully.

    Files Infected:
    c:\Windows\System32\wuaucldt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\wuaucldt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\program files\Ubisoft\ubisoft game launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
    c:\Windows\System32\1.exe (Trojan.Setfic) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\updates\updates.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
    c:\Games\Ubisoft\assassin's creed ii\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz1084.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz1479.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz1526.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz1B1E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz1C28.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz1D9E.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz22BC.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz2396.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz2472.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz255B.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz2628.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz27BC.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz2E21.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz2FC7.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz3330.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz334F.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz5B1B.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz8E98.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzB673.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzD44E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzFE7A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\NS8D81.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\NSAA52.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\NSADFA.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\NSAE39.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz8E99.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz904E.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz90E9.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz9141.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz91D3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz91E3.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz931B.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz9482.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz9538.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz958A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz96B3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz981.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz9878.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz9A9A.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz9CCC.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz9DD4.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz9FB7.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzA015.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzA14E.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzA3ED.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzA572.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzA5A2.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzA801.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzA89D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzA9F5.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzAA24.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzAD8.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzAF61.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzB06A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzB26E.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzB2E9.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzB4BD.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzB50B.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzB616.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz338D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz3429.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz34F4.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz3580.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz3581.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz35CF.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz35FE.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz36C9.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz3784.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz3811.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz3E47.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz3F6.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz4099.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz4568.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz48F2.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz5012.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz534E.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz557E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz5936.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz5937.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz5A50.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz5A5E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzB78B.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzB894.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzB922.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzBA1B.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzBAD6.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzBAF5.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzBBA0.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzBBFE.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzBE9D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzBEBD.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzC12D.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzC1AA.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzC264.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzC274.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzC5BF.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzC8BA.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzCA40.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzCA8F.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzD0A6.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzD420.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz5CA1.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz5D3D.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz5FAC.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz640F.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz641F.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz65C5.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz6612.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz667.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz667F.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz68B2.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz68C1.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz7ACA.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz7CCD.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz7E05.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz7E53.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz7F1E.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz7F7B.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz80C4.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz81EC.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz821B.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz8545.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz85A3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz8739.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz8768.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz8777.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz87F3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz8A64.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz8AA2.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz8AA3.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz8C19.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz8C47.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trz8D51.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzD45E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzD681.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzD799.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzD9EA.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzDAE3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzDDA2.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzDDB2.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzDE4.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzE012.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzE1B6.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzE24.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzE714.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzEC12.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzEEE1.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzEFBB.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzF42D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzF862.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzFA.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzFAE2.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\AppData\Local\Temp\trzFC2A.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
    c:\Users\Biloute\documents\add on & cracks\assassins creed 2 skidrow\SKIDROW\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
    c:\Users\Biloute\documents\add on & cracks\gta.iv.crack-fall_0ut_b0y\launchgtaiv.exe (Risktool.Crack) -> Quarantined and deleted successfully.
    c:\Users\Biloute\documents\add on & cracks\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r\launchgtaiv.exe (Risktool.Crack) -> Quarantined and deleted successfully.
    c:\Users\Biloute\documents\add on & cracks\mw2 coop lan working razor repack\Crack\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.
    c:\Users\Biloute\documents\add on & cracks\nfs carbon crack + serial\nfs carbon crack + serial\crack + serial\Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Biloute\documents\add on & cracks\powerdvd ultra v9.0.1501.0 preactivated\crack if u need\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
    c:\Users\Biloute\documents\add on & cracks\call of duty - modern warfare 2 - spec-ops - lan crack - goodreadme included\04 lan spec-ops\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.
    c:\Users\Biloute\documents\add on & cracks\call of duty modern warfare 2 no steam installer and missing files upload madwiggynld\game installer\mw2install.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:\Users\Biloute\documents\add on & cracks\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\ru-mw2ns\reunion.patch.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
    c:\Users\Biloute\documents\add on & cracks\SKIDROW\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
    c:\Users\Biloute\documents\Utils\acdsee pro 2 v2.5.332 incl keygen french-fff\Crack\acdsee pro v2.5.332 incl keygen french-bs\BS-ACP20.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
    c:\Users\Biloute\documents\Utils\powerdvd ultra v9.0.1501.0 preactivated\crack if u need\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
    c:\Users\Biloute\downloads\rk_quarantine\updates.exe.vir (Trojan.Proxy) -> Quarantined and deleted successfully.
    d:\Games\activision\modern warfare 2\reunion.patch.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
    d:\Games\activision\modern warfare 2\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.
    d:\Users\Macfly\documents\add on & cracks\gta.iv.crack-fall_0ut_b0y\launchgtaiv.exe (Risktool.Crack) -> Quarantined and deleted successfully.
    d:\Users\Macfly\documents\add on & cracks\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r\launchgtaiv.exe (Risktool.Crack) -> Quarantined and deleted successfully.
    d:\Users\Macfly\documents\add on & cracks\call of duty - modern warfare 2 - spec-ops - lan crack - goodreadme included\04 lan spec-ops\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.
    d:\Users\Macfly\documents\add on & cracks\call of duty modern warfare 2 no steam installer and missing files upload madwiggynld\game installer\mw2install.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    d:\Users\Macfly\documents\add on & cracks\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\ru-mw2ns\reunion.patch.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
    d:\Users\Macfly\documents\add on & cracks\mw2 coop lan working razor repack\Crack\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.
    d:\Users\Macfly\documents\add on & cracks\nfs carbon crack + serial\nfs carbon crack + serial\crack + serial\Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    d:\Users\Macfly\documents\Utils\acdsee pro 2 v2.5.332 incl keygen french-fff\Crack\acdsee pro v2.5.332 incl keygen french-bs\BS-ACP20.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
    c:\Windows\$ntuninstallmtf197$\apuninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
    c:\Windows\$ntuninstallmtf197$\ginky.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
    c:\Windows\$ntuninstallmtf197$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
    0
  12. qwerty- Messages postés 17655 Date d'inscription   Statut Contributeur Dernière intervention   1 451
     
    ouais rogue c'est en route, et le 2èmè MBAM passe po non, plus !
    =)
    0
  13. qwerty- Messages postés 17655 Date d'inscription   Statut Contributeur Dernière intervention   1 451
     
    RogueKiller V4.3.4 by Tigzy
    contact at https://www.luanagames.com/index.fr.html
    mail: tigzyRK<at>gmail<dot>com
    Feedback: https://www.luanagames.com/index.fr.html

    Operating System: Windows 7 (6.1.7600 ) 32 bits version
    Started in : Normal mode
    User: Biloute [Admin rights]
    Mode: HOSTSFix -- Date : 03/27/2011 04:46:39

    Bad processes: 3
    [SVCHOST] svchost.exe -- System Folder -> KILLED
    [SVCHOST] svchost.exe -- System Folder -> KILLED
    [SVCHOST] svchost.exe -- System Folder -> KILLED

    HOSTS File:
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    [...]

    Resetted HOSTS:
    127.0.0.1 localhost

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
    0
    1. qwerty- Messages postés 17655 Date d'inscription   Statut Contributeur Dernière intervention   1 451
       
      eeeeh voila.
      0
  14. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    c est bon message restauré.

    > No action taken. tu n'as rien supprimé !!

    ? A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    ? Clique sur Ok pour poursuivre.
    ? Si des malwares ont été détectés, cliques sur Afficher les résultats
    ? Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection . Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
    ? Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse. Copie/colle le ici (ctrl+a pour tout sélectionner, ctrl+c pour copier, ctrl+v pour coller)

    ? ? Il se peut que MBAM ait besoin de redémarrer le pc pour finaliser la suppression, donc pas de panique, redémarre ton pc !!!
    ? Une fois le PC redémarré, rends toi dans l'onglet rapport/log
    ? Tu clique dessus pour l'afficher, une fois affiché
    ? Copie/colle le ici (ctrl+a pour tout sélectionner, ctrl+c pour copier, ctrl+v pour coller)
    0
    1. M@thew
       
      Eh bein...avec deux Belges...c'est pas gagné !!! :o)
      0
    2. qwerty- Messages postés 17655 Date d'inscription   Statut Contributeur Dernière intervention   1 451
       
      lol m@t comment que ça va ? tu viens juste faire ton nez ?
      tu connais la différence entre un belge et un français ?

      les 2 sont cons, mais le belge en est fier ! ="DDD
      0
    3. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
       
      joli :o)
      0
    4. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
       
      j ai vu :o) merci mat ^^
      0
  15. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    OK c est bon !

    La suite.... y'a du rootkit... :)

    Attention, avant de commencer, lit attentivement la procédure, et imprime la

    Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
    La simple désactivation du résident n'est pas suffisante.
    Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
    Choisis la version adéquate (32 ou 64 bits)/!\

    Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :

    ▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau

    ▶ Lance le

    ▶ Une fenêtre apparait : clique sur "Disable"

    ▶ Fais redémarrer l'ordinateur si l'outil te le demande

    Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"

    /!\ Ne pas utiliser ce logiciel en dehors du cadre de cette désinfection : DANGEUREUX /!\

    tutoriel combofix

    ▶ Fais un clic droit sur le lien ci dessous, choisi "Enregistrer la cible du lien sous", comme destination : ton Bureau, change son nom (ton_pseudo.exe par exemple) :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    /!\ Déconnecte-toi du net et ARRÊTE TES LOGICIELS DE PROTECTION /!\

    ▶ Double-clique sur ComboFix.exe
    Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter

    ▶ ▶ SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
    (si il te propose de l'installer remets internet)

    ▶ Mets-le en langue française F

    ▶ Tape sur la touche 1 (Yes) pour démarrer le scan.


    ▶ Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC


    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    ▶ Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    ▶ ▶ /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

    ▶ Note : Le rapport se trouve également là : C:\ComboFix.txt
    0
    1. qwerty- Messages postés 17655 Date d'inscription   Statut Contributeur Dernière intervention   1 451
       
      avec AVAST ça changes rien ?
      pfouh y a blindé, j'fais faire du café quelqu'un en veut ?
      lol
      0
    2. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
       
      non avast il sert à rien ... mdrrr
      tu le désactive c est bon....

      Et OKK pour le café !!! :]
      0
  16. qwerty- Messages postés 17655 Date d'inscription   Statut Contributeur Dernière intervention   1 451
     
    bon ben voilou !

    je devrais mettre lequel a la place d'avast, dans les antivirus gratuits ?

    ComboFix 11-03-26.01 - Biloute 27/03/2011 5:25.1.8 - x86
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3326.2213 [GMT -7:00]
    Running from: c:\users\Biloute\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
    c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
    c:\users\Biloute\AppData\Roaming\inst.exe
    .
    ----- BITS: Possible infected sites -----
    .
    hxxp://download.xbox.com:80
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-27 to 2011-03-27 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-27 12:21 . 2011-03-27 12:22 -------- d-----w- C:\32788R22FWJFW
    2011-03-26 23:27 . 2011-03-26 23:27 -------- d-----w- c:\users\Biloute\AppData\Roaming\Malwarebytes
    2011-03-26 23:27 . 2011-03-26 23:27 -------- d-----w- c:\programdata\Malwarebytes
    2011-03-26 23:27 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-26 23:27 . 2011-03-26 23:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-26 23:27 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-25 22:24 . 2011-03-25 22:24 -------- d-----w- c:\program files\Trend Micro
    2011-03-20 12:18 . 2011-03-20 12:18 -------- d-----w- c:\users\Biloute\AppData\Local\CrashRpt
    2011-03-20 11:49 . 2011-03-20 11:49 -------- d-----w- c:\program files\Atari
    2011-03-19 19:53 . 2011-03-19 19:53 -------- d-----w- c:\program files\MyDefrag v4.3.1
    2011-03-19 15:56 . 2011-03-19 15:56 -------- d-----w- c:\program files\uTorrent
    2011-03-19 15:55 . 2011-03-23 08:34 -------- d-----w- c:\users\Biloute\AppData\Roaming\uTorrent
    2011-03-02 18:28 . 2011-03-02 18:28 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
    2011-02-27 14:27 . 2007-12-10 00:00 57344 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ZIMFPRNT.DLL
    2011-02-27 14:26 . 2011-02-27 14:26 -------- d-----w- c:\program files\HP
    2011-02-27 14:26 . 2007-12-10 00:00 61440 ----a-w- c:\windows\system32\ZIMF.DLL
    2011-02-27 14:26 . 2007-12-10 00:00 53248 ----a-w- c:\windows\system32\ZTAG.DLL
    2011-02-27 14:26 . 2007-12-10 00:00 430080 ----a-w- c:\windows\system32\ZSHP1018.EXE
    2011-02-27 14:26 . 2007-12-10 00:00 106496 ----a-w- c:\windows\system32\ZSPOOL.DLL
    2011-02-27 14:26 . 2007-12-10 00:00 102400 ----a-w- c:\windows\system32\ZLhp1018.DLL
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-20 01:10 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
    2011-03-10 15:42 . 2009-08-18 19:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2011-03-10 15:42 . 2009-08-18 19:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-01-08 05:06 . 2011-01-08 05:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
    2011-01-08 05:06 . 2011-01-08 05:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
    2011-01-08 05:06 . 2011-01-08 05:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
    2011-01-08 05:06 . 2011-01-08 05:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-01-08 05:06 . 2011-01-08 05:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
    2011-01-08 03:27 . 2011-02-05 13:34 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
    2011-01-08 03:27 . 2011-02-05 13:34 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
    2011-01-08 03:27 . 2011-02-05 13:34 57960 ----a-w- c:\windows\system32\OpenCL.dll
    2011-01-08 03:27 . 2011-02-05 13:34 4941928 ----a-w- c:\windows\system32\nvcuda.dll
    2011-01-08 03:27 . 2011-02-05 13:34 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-01-08 03:27 . 2011-02-05 13:34 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-01-08 03:27 . 2011-02-05 13:34 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
    2011-01-08 03:27 . 2011-02-05 13:34 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-01-08 03:27 . 2011-02-05 13:34 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
    2011-01-08 03:27 . 2011-02-05 13:34 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-01-08 03:27 . 2011-02-05 13:34 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
    2011-01-08 03:27 . 2010-04-17 17:51 1965672 ----a-w- c:\windows\system32\nvapi.dll
    2011-01-08 03:27 . 2010-04-10 02:12 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
    "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-14 50472]
    "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
    "Razer Mamba Driver"="c:\program files\Razer\Mamba\RazerTray.exe" [2009-12-15 3278728]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]
    "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
    "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]
    "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-03 9808488]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 zlaqbbkf;Microsoft USB Generic Parent Helper;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-19 691696]
    S1 aswSP;aswSP; [x]
    S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/05/08 18:43];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-03-01 02:40 87536]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 19720]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 14856]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    zlaqbbkf
    .
    .
    ------- Supplementary Scan -------
    .
    FF - ProfilePath - c:\users\Biloute\AppData\Roaming\Mozilla\Firefox\Profiles\d2e6mzwn.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    .
    .
    **************************************************************************
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7600 Disk: WDC_WD3200AAJS-00L7A0 rev.01.03E01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x866E6CA1]<<
    _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x58; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8552190b; SUB DWORD [EBP-0x4], 0x85521113; PUSH EDI; CALL 0xffffffffffffdedd; }
    1 ntkrnlpa!IofCallDriver[0x82E80458] -> \Device\Harddisk0\DR0[0x8689B7C8]
    3 CLASSPNP[0x8BFA659E] -> ntkrnlpa!IofCallDriver[0x82E80458] -> [0x8666D918]
    5 ACPI[0x83AC53B2] -> ntkrnlpa!IofCallDriver[0x82E80458] -> \IdeDeviceP2T0L0-2[0x866B5030]
    [0x86E7D3B8] -> IRP_MJ_CREATE -> 0x866E6CA1
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
    detected disk devices:
    \Device\Ide\IdeDeviceP2T0L0-2 -> \??\IDE#DiskWDC_WD3200AAJS-00L7A0___________________01.03E01#5&1a097928&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-775051654-1451683621-3101022131-1000\Software\SecuROM\License information*]
    "datasecu"=hex:a5,85,7b,19,86,fe,4f,b2,61,56,19,64,3a,d8,9f,dc,0b,cc,bc,4c,60,
    4a,1f,a7,bd,a0,13,cb,39,77,17,38,8e,f3,8a,1b,4c,0b,40,3b,bb,73,11,2c,62,ae,\
    "rkeysecu"=hex:de,4b,25,a7,a3,1b,9b,d1,c0,33,47,34,a7,8d,4a,37
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-03-27 05:34:47
    ComboFix-quarantined-files.txt 2011-03-27 12:34
    .
    Pre-Run: 41.214.840.832 bytes free
    Post-Run: 40.633.122.816 bytes free
    .
    - - End Of File - - DA3672D2C8A2AF1110B58A2CA5BB5BE3
    0
  17. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    désinstalle spybot
    garde avast ;)
    fais ceci : https://forums.commentcamarche.net/forum/affich-21389162-infections-avec-certitude#32

    puis tu passe à ça:

    DÉSACTIVE TON ANTIVIRUS ET TON PARE-FEU SI PRÉSENTS !!!!! (car l'outil est détecté a tort comme infection contenant un module qui sert à arrêter des processus , et un autre servant à prendre des droits dans le registre pour effectuer des suppressions)

    ▶ Télécharge ici :List_Kill'em de gen-hackman

    et télécharge Pre_scan de gen-hackman

    et enregistre les sur ton bureau

    ▶ Lance Pre_Scan.exe. Laisse le travailler et poste le contenu du rapport rapport.txt sur ton bureau ici directement.

    Puis:

    Exécute List_Kill'em_Instal.exe sur ton bureau pour lancer l'installation

    Laisse coché :

    ♦ Exécuter List_Kill'em

    une fois terminée , clic sur "terminer"

    ▶ ▶ Une fois le programme lancé choisis l'option Recherche

    ▶ laisse travailler l'outil

    ▶ Envoie list'em.txt sur ton bureau

    Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

    ▶ Clique sur Parcourir et cherche le fichier List'em.txt sur ton bureau

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt

    est ajouté dans la page.

    ▶ Fais de même avec more.txt qui se trouve sur ton bureau

    ▶ Copie ces liens dans ta réponse.
    .::. Contributeur Sécurité .::.
    0
    1. qwerty- Messages postés 17655 Date d'inscription   Statut Contributeur Dernière intervention   1 451
       
      ah oue tiens au fait chuis parti pour 10 jours, donc je continuerai apres celu !

      ça changes rien pour la désinfection ??
      0
    2. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
       
      non ^^
      0
    3. qwerty- Messages postés 17655 Date d'inscription   Statut Contributeur Dernière intervention   1 451
       
      t'es pas encore couché toi ???? =)

      sinon t'es de ou ? moi c'est evere a bxl
      0
    4. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
       
      si j'étais couché =P

      du hainaut ;)
      0
    5. afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
       
      Et moi, Wallon et fier de l'être !
      Evere ? C'est flamand ça ? ==> non, c'est SABCA !
      Al.

      Salut à tous.
      0
  18. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    au fait avant de passer à list_kill'em fait ça; j'avais pas vu:

    ▶ Télécharge TDSS Killer (de Kaspersky Labs) sur ton Bureau
    ▶ Double-clique sur tdsskiller.exe (sous Vista/Seven, clic droit
    dessus, et sur exécuter en tant qu'administrateur)
    ▶ Clique sur Start Scan
    ▶ Si l'outil a trouvé des éléments, choisi Cure,
    puis sur Reboot Now
    ▶ Le PC va redémarrer, et un rapport va s'ouvrir
    ▶ Copie/colle le rapport (il est sauvegardé dans C:\TDSS Killer
    N° de version_Date_Heure_log.txt
    )
    0