Infections avec certitude....
Fermé
qwerty-
Messages postés
14568
Date d'inscription
lundi 11 août 2008
Statut
Contributeur
Dernière intervention
29 décembre 2022
-
25 mars 2011 à 23:29
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 - 5 avril 2011 à 00:46
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 - 5 avril 2011 à 00:46
A voir également:
- Infections avec certitude....
- Infections et maladies de l’hiver : causes, symptômes et prévention -
- Infecter avec cyber security - Forum Virus
- Infection avec du téléchargement direct? - Forum Virus
17 réponses
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 796
25 mars 2011 à 23:34
25 mars 2011 à 23:34
salut hijackthis obsolète et en plus pas à jour
désactive tea timer et supprime spybot ensuite
=========================================================
▶ Télécharge sur le bureau RogueKiller (par tigzy)
▶ ▶ (Sous Vista/Seven, clique droit, lancer en tant qu'administrateur )
▶ Quitte tous tes programmes en cours
▶ Lance RogueKiller.exe.
▶ Un scan se lance, puis tu verra d'indiqué dans la fenêtre
▶ ▶ 1. Scan (écrit en vert)
▶ ▶ 2. Delete (écrit en rouge)
▶ ▶ 3. Hosts RAZ (écrit en rouge)
▶ ▶ 4. Proxy RAZ (écrit en rouge)
▶ ▶ 5. DNS RAZ (écrit en rouge)
▶ ▶ 6. Raccourcis RAZ (écrit en rouge)
▶ A ce moment tape 2 et valide
Note: s'il te demande de supprimer le proxy, tape 4
▶ Deux rapports (RKreport1 et 2.txt) ont du se créer à côté de l'exécutable, colle leurs contenus dans la réponse
▶ Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois ou a changer son nom en winlogon.exe
=========================================================
▶ Télécharge Malwarebytes' Anti-Malware et enregistre le sur ton bureau.
▶ ▶ Miroir 1 si inaccessible
▶ ▶ Miroir 2 si inaccessible
▶ ▶ /!\ Utilisateur de Vista et Windows 7 : Clique droit sur le logo de Malwarebytes' Anti-Malware, « exécuter en tant qu'Administrateur »
▶ Double clique sur le fichier téléchargé pour lancer le processus d'installation.
▶ Dans l'onglet "mise à jour", clique sur le bouton Recherche de mise à jour
▶ si le pare-feu demande l'autorisation de se connecter pour Malwarebytes, accepte
▶ Une fois la mise à jour terminée
▶ rends-toi dans l'onglet Recherche
▶ Sélectionne Exécuter un examen complet
▶ Clique sur Rechercher
▶ ▶ Le scan démarre.
▶ A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
▶ Clique sur Ok pour poursuivre.
▶ Si des malwares ont été détectés, cliques sur Afficher les résultats
▶ Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection . Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
▶ Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse. Copie/colle le ici (ctrl+a pour tout sélectionner, ctrl+c pour copier, ctrl+v pour coller)
▶ ▶ Il se peut que MBAM ait besoin de redémarrer le pc pour finaliser la suppression, donc pas de panique, redémarre ton pc !!!
▶ Une fois le PC redémarré, rends toi dans l'onglet rapport/log
▶ Tu clique dessus pour l'afficher, une fois affiché
▶ Copie/colle le ici (ctrl+a pour tout sélectionner, ctrl+c pour copier, ctrl+v pour coller)
Si tu as besoin d'aide regarde ce tutoriel :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
▶ ▶ Si tu n'arrive pas à le mettre à jour, télécharge ce fichier
bonne nuit!
désactive tea timer et supprime spybot ensuite
=========================================================
▶ Télécharge sur le bureau RogueKiller (par tigzy)
▶ ▶ (Sous Vista/Seven, clique droit, lancer en tant qu'administrateur )
▶ Quitte tous tes programmes en cours
▶ Lance RogueKiller.exe.
▶ Un scan se lance, puis tu verra d'indiqué dans la fenêtre
▶ ▶ 1. Scan (écrit en vert)
▶ ▶ 2. Delete (écrit en rouge)
▶ ▶ 3. Hosts RAZ (écrit en rouge)
▶ ▶ 4. Proxy RAZ (écrit en rouge)
▶ ▶ 5. DNS RAZ (écrit en rouge)
▶ ▶ 6. Raccourcis RAZ (écrit en rouge)
▶ A ce moment tape 2 et valide
Note: s'il te demande de supprimer le proxy, tape 4
▶ Deux rapports (RKreport1 et 2.txt) ont du se créer à côté de l'exécutable, colle leurs contenus dans la réponse
▶ Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois ou a changer son nom en winlogon.exe
=========================================================
▶ Télécharge Malwarebytes' Anti-Malware et enregistre le sur ton bureau.
▶ ▶ Miroir 1 si inaccessible
▶ ▶ Miroir 2 si inaccessible
▶ ▶ /!\ Utilisateur de Vista et Windows 7 : Clique droit sur le logo de Malwarebytes' Anti-Malware, « exécuter en tant qu'Administrateur »
▶ Double clique sur le fichier téléchargé pour lancer le processus d'installation.
▶ Dans l'onglet "mise à jour", clique sur le bouton Recherche de mise à jour
▶ si le pare-feu demande l'autorisation de se connecter pour Malwarebytes, accepte
▶ Une fois la mise à jour terminée
▶ rends-toi dans l'onglet Recherche
▶ Sélectionne Exécuter un examen complet
▶ Clique sur Rechercher
▶ ▶ Le scan démarre.
▶ A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
▶ Clique sur Ok pour poursuivre.
▶ Si des malwares ont été détectés, cliques sur Afficher les résultats
▶ Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection . Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
▶ Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse. Copie/colle le ici (ctrl+a pour tout sélectionner, ctrl+c pour copier, ctrl+v pour coller)
▶ ▶ Il se peut que MBAM ait besoin de redémarrer le pc pour finaliser la suppression, donc pas de panique, redémarre ton pc !!!
▶ Une fois le PC redémarré, rends toi dans l'onglet rapport/log
▶ Tu clique dessus pour l'afficher, une fois affiché
▶ Copie/colle le ici (ctrl+a pour tout sélectionner, ctrl+c pour copier, ctrl+v pour coller)
Si tu as besoin d'aide regarde ce tutoriel :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
▶ ▶ Si tu n'arrive pas à le mettre à jour, télécharge ce fichier
bonne nuit!
qwerty-
Messages postés
14568
Date d'inscription
lundi 11 août 2008
Statut
Contributeur
Dernière intervention
29 décembre 2022
1 447
25 mars 2011 à 23:42
25 mars 2011 à 23:42
ok juju merci déja.
bon je vais faire ça pas a pas mais ce sera pour demain, t'façon j'ai pas le feu au cul !
=)
t'es récent sur ccm je vois, ça fait plaisir de voir des gens motivés !
bon ben par contre j'y vais j'ai des zombies a tuer ! a tres tres tres bientot.... si t'es la demain.
je commencerais probablement vers 13h
saaaAAAaaalut !
bon je vais faire ça pas a pas mais ce sera pour demain, t'façon j'ai pas le feu au cul !
=)
t'es récent sur ccm je vois, ça fait plaisir de voir des gens motivés !
bon ben par contre j'y vais j'ai des zombies a tuer ! a tres tres tres bientot.... si t'es la demain.
je commencerais probablement vers 13h
saaaAAAaaalut !
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 796
25 mars 2011 à 23:47
25 mars 2011 à 23:47
ouaip, fait ça à ton aise, good night ;)
afideg
Messages postés
10517
Date d'inscription
lundi 10 octobre 2005
Statut
Contributeur sécurité
Dernière intervention
12 avril 2022
602
Modifié par afideg le 25/03/2011 à 23:49
Modifié par afideg le 25/03/2011 à 23:49
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
Oh le vilain O4 - HKLM\..\Run: [Regedit32]
Tiens donc; ça faisait longtemps !
Je vais suivre.
Merci.
Salut le vieux qwerty ;)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
Oh le vilain O4 - HKLM\..\Run: [Regedit32]
Tiens donc; ça faisait longtemps !
Je vais suivre.
Merci.
Salut le vieux qwerty ;)
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 796
25 mars 2011 à 23:47
25 mars 2011 à 23:47
Re Al ;)
C:\Windows\system32\config\systemprofile\AppData\Roaming\updates\updates.exe ça aussi c'est joli nan?
Sinon tes lignes sont détectées ok dans zhp.. ?
trouvé ça: https://answers.microsoft.com/fr-fr/office/forum/office_2007-outlook/erreur-msg-cette-op%C3%A9ration-a-%C3%A9t%C3%A9-annul%C3%A9e-a-cause-d/7531be46-2dce-4909-9849-91d82f18810b
rstassociations d xplode sera peut être à envisager. merci al ;-)
C:\Windows\system32\config\systemprofile\AppData\Roaming\updates\updates.exe ça aussi c'est joli nan?
Sinon tes lignes sont détectées ok dans zhp.. ?
trouvé ça: https://answers.microsoft.com/fr-fr/office/forum/office_2007-outlook/erreur-msg-cette-op%C3%A9ration-a-%C3%A9t%C3%A9-annul%C3%A9e-a-cause-d/7531be46-2dce-4909-9849-91d82f18810b
rstassociations d xplode sera peut être à envisager. merci al ;-)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
qwerty-
Messages postés
14568
Date d'inscription
lundi 11 août 2008
Statut
Contributeur
Dernière intervention
29 décembre 2022
1 447
27 mars 2011 à 00:25
27 mars 2011 à 00:25
salut! bon ben finalement c'est 13 heure, heure locale de la floride !
par contre j'ai pas 2 fichier TXT mais 1 seul
la ya le txt de rogue je fais malware maintenant
RogueKiller V4.3.4 by Tigzy
contact at https://www.luanagames.com/index.fr.html
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.luanagames.com/index.fr.html
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Biloute [Admin rights]
Mode: Remove -- Date : 03/26/2011 16:19:39
Bad processes: 3
[SVCHOST] svchost.exe -- System Folder -> KILLED
[SVCHOST] svchost.exe -- System Folder -> KILLED
[SVCHOST] svchost.exe -- System Folder -> KILLED
Registry Entries: 2
[APPDT/TMP/DESKTOP] HKUS\.DEFAULT[...]\Run : engel (C:\Windows\system32\config\systemprofile\AppData\Roaming\updates\updates.exe) -> DELETED
[APPDT/TMP/DESKTOP] HKUS\.DEFAULT[...]\Run : qubmuncx (C:\Windows\TEMP\joandkwfy\qjtpygouerb.exe) -> DELETED
HOSTS File:
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
Finished : << RKreport[1].txt >>
RKreport[1].txt
par contre j'ai pas 2 fichier TXT mais 1 seul
la ya le txt de rogue je fais malware maintenant
RogueKiller V4.3.4 by Tigzy
contact at https://www.luanagames.com/index.fr.html
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.luanagames.com/index.fr.html
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Biloute [Admin rights]
Mode: Remove -- Date : 03/26/2011 16:19:39
Bad processes: 3
[SVCHOST] svchost.exe -- System Folder -> KILLED
[SVCHOST] svchost.exe -- System Folder -> KILLED
[SVCHOST] svchost.exe -- System Folder -> KILLED
Registry Entries: 2
[APPDT/TMP/DESKTOP] HKUS\.DEFAULT[...]\Run : engel (C:\Windows\system32\config\systemprofile\AppData\Roaming\updates\updates.exe) -> DELETED
[APPDT/TMP/DESKTOP] HKUS\.DEFAULT[...]\Run : qubmuncx (C:\Windows\TEMP\joandkwfy\qjtpygouerb.exe) -> DELETED
HOSTS File:
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
Finished : << RKreport[1].txt >>
RKreport[1].txt
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 796
27 mars 2011 à 11:03
27 mars 2011 à 11:03
Saluuuut =)
Bon relance RogueKiller en option 3 cette fois.
Poste moi le rapport de MBAM stp
(heure locale en Belgique = 11:03)
Bon relance RogueKiller en option 3 cette fois.
Poste moi le rapport de MBAM stp
(heure locale en Belgique = 11:03)
qwerty-
Messages postés
14568
Date d'inscription
lundi 11 août 2008
Statut
Contributeur
Dernière intervention
29 décembre 2022
1 447
27 mars 2011 à 13:41
27 mars 2011 à 13:41
yop l'ami,
voici donc le rapport MBAM, il a trouvé 200 trucs, je dois les supprimer avant de refaire rogue en 3 ou pas ?
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6178
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
27/03/2011 04:38:01
mbam-log-2011-03-27 (04-37-15).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 507623
Time elapsed: 1 hour(s), 27 minute(s), 12 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 185
Memory Processes Infected:
c:\Windows\System32\wuaucldt.exe (Trojan.Downloader) -> 2116 -> No action taken.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF197$ (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Downloader) -> Value: wuaucldt -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Downloader) -> Value: wuaucldt -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Agent) -> Value: wuaucldt -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Value: netsvc -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\Windows\$ntuninstallmtf197$ (Adware.Adrotator) -> No action taken.
Files Infected:
c:\Windows\System32\wuaucldt.exe (Trojan.Downloader) -> No action taken.
c:\Windows\System32\config\systemprofile\wuaucldt.exe (Trojan.Downloader) -> No action taken.
c:\program files\Ubisoft\ubisoft game launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.
c:\Windows\System32\1.exe (Trojan.Setfic) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Roaming\updates\updates.exe (Trojan.Proxy) -> No action taken.
c:\Games\Ubisoft\assassin's creed ii\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz1084.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz1479.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz1526.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz1B1E.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz1C28.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz1D9E.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz22BC.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz2396.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz2472.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz255B.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz2628.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz27BC.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz2E21.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz2FC7.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz3330.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz334F.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz5B1B.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8E98.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzB673.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzD44E.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzFE7A.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\NS8D81.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\NSAA52.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\NSADFA.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\NSAE39.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8E99.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz904E.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz90E9.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz9141.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz91D3.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz91E3.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz931B.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz9482.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz9538.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz958A.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz96B3.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz981.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz9878.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz9A9A.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz9CCC.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz9DD4.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz9FB7.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzA015.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzA14E.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzA3ED.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzA572.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzA5A2.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzA801.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzA89D.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzA9F5.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzAA24.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzAD8.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzAF61.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzB06A.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzB26E.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzB2E9.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzB4BD.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzB50B.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzB616.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz338D.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz3429.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz34F4.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz3580.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz3581.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz35CF.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz35FE.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz36C9.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz3784.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz3811.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz3E47.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz3F6.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz4099.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz4568.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz48F2.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz5012.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz534E.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz557E.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz5936.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz5937.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz5A50.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz5A5E.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzB78B.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzB894.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzB922.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzBA1B.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzBAD6.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzBAF5.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzBBA0.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzBBFE.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzBE9D.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzBEBD.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzC12D.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzC1AA.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzC264.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzC274.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzC5BF.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzC8BA.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzCA40.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzCA8F.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzD0A6.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzD420.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz5CA1.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz5D3D.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz5FAC.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz640F.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz641F.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz65C5.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz6612.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz667.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz667F.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz68B2.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz68C1.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz7ACA.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz7CCD.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz7E05.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz7E53.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz7F1E.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz7F7B.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz80C4.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz81EC.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz821B.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8545.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz85A3.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8739.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8768.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8777.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz87F3.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8A64.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8AA2.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8AA3.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8C19.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8C47.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8D51.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzD45E.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzD681.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzD799.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzD9EA.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzDAE3.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzDDA2.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzDDB2.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzDE4.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzE012.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzE1B6.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzE24.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzE714.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzEC12.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzEEE1.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzEFBB.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzF42D.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzF862.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzFA.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzFAE2.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzFC2A.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\documents\add on & cracks\assassins creed 2 skidrow\SKIDROW\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.
c:\Users\Biloute\documents\add on & cracks\gta.iv.crack-fall_0ut_b0y\launchgtaiv.exe (Risktool.Crack) -> No action taken.
c:\Users\Biloute\documents\add on & cracks\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r\launchgtaiv.exe (Risktool.Crack) -> No action taken.
c:\Users\Biloute\documents\add on & cracks\mw2 coop lan working razor repack\Crack\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> No action taken.
c:\Users\Biloute\documents\add on & cracks\nfs carbon crack + serial\nfs carbon crack + serial\crack + serial\Keygen.exe (Trojan.Downloader) -> No action taken.
c:\Users\Biloute\documents\add on & cracks\powerdvd ultra v9.0.1501.0 preactivated\crack if u need\keygen.exe (Trojan.Dropper.PGen) -> No action taken.
c:\Users\Biloute\documents\add on & cracks\call of duty - modern warfare 2 - spec-ops - lan crack - goodreadme included\04 lan spec-ops\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> No action taken.
c:\Users\Biloute\documents\add on & cracks\call of duty modern warfare 2 no steam installer and missing files upload madwiggynld\game installer\mw2install.exe (Trojan.Dropper) -> No action taken.
c:\Users\Biloute\documents\add on & cracks\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\ru-mw2ns\reunion.patch.exe (RiskWare.Tool.CK) -> No action taken.
c:\Users\Biloute\documents\add on & cracks\SKIDROW\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.
c:\Users\Biloute\documents\Utils\acdsee pro 2 v2.5.332 incl keygen french-fff\Crack\acdsee pro v2.5.332 incl keygen french-bs\BS-ACP20.exe (Trojan.Dropper.PGen) -> No action taken.
c:\Users\Biloute\documents\Utils\powerdvd ultra v9.0.1501.0 preactivated\crack if u need\keygen.exe (Trojan.Dropper.PGen) -> No action taken.
c:\Users\Biloute\downloads\rk_quarantine\updates.exe.vir (Trojan.Proxy) -> No action taken.
d:\Games\activision\modern warfare 2\reunion.patch.exe (RiskWare.Tool.CK) -> No action taken.
d:\Games\activision\modern warfare 2\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> No action taken.
d:\Users\Macfly\documents\add on & cracks\gta.iv.crack-fall_0ut_b0y\launchgtaiv.exe (Risktool.Crack) -> No action taken.
d:\Users\Macfly\documents\add on & cracks\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r\launchgtaiv.exe (Risktool.Crack) -> No action taken.
d:\Users\Macfly\documents\add on & cracks\call of duty - modern warfare 2 - spec-ops - lan crack - goodreadme included\04 lan spec-ops\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> No action taken.
d:\Users\Macfly\documents\add on & cracks\call of duty modern warfare 2 no steam installer and missing files upload madwiggynld\game installer\mw2install.exe (Trojan.Dropper) -> No action taken.
d:\Users\Macfly\documents\add on & cracks\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\ru-mw2ns\reunion.patch.exe (RiskWare.Tool.CK) -> No action taken.
d:\Users\Macfly\documents\add on & cracks\mw2 coop lan working razor repack\Crack\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> No action taken.
d:\Users\Macfly\documents\add on & cracks\nfs carbon crack + serial\nfs carbon crack + serial\crack + serial\Keygen.exe (Trojan.Downloader) -> No action taken.
d:\Users\Macfly\documents\Utils\acdsee pro 2 v2.5.332 incl keygen french-fff\Crack\acdsee pro v2.5.332 incl keygen french-bs\BS-ACP20.exe (Trojan.Dropper.PGen) -> No action taken.
c:\Windows\$ntuninstallmtf197$\apuninstall.exe (Adware.Adrotator) -> No action taken.
c:\Windows\$ntuninstallmtf197$\ginky.exe (Adware.Adrotator) -> No action taken.
c:\Windows\$ntuninstallmtf197$\zrpt.xml (Adware.Adrotator) -> No action taken.
voici donc le rapport MBAM, il a trouvé 200 trucs, je dois les supprimer avant de refaire rogue en 3 ou pas ?
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6178
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
27/03/2011 04:38:01
mbam-log-2011-03-27 (04-37-15).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 507623
Time elapsed: 1 hour(s), 27 minute(s), 12 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 185
Memory Processes Infected:
c:\Windows\System32\wuaucldt.exe (Trojan.Downloader) -> 2116 -> No action taken.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF197$ (Adware.Adrotator) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Downloader) -> Value: wuaucldt -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Downloader) -> Value: wuaucldt -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Agent) -> Value: wuaucldt -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Value: netsvc -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\Windows\$ntuninstallmtf197$ (Adware.Adrotator) -> No action taken.
Files Infected:
c:\Windows\System32\wuaucldt.exe (Trojan.Downloader) -> No action taken.
c:\Windows\System32\config\systemprofile\wuaucldt.exe (Trojan.Downloader) -> No action taken.
c:\program files\Ubisoft\ubisoft game launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.
c:\Windows\System32\1.exe (Trojan.Setfic) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Roaming\updates\updates.exe (Trojan.Proxy) -> No action taken.
c:\Games\Ubisoft\assassin's creed ii\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz1084.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz1479.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz1526.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz1B1E.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz1C28.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz1D9E.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz22BC.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz2396.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz2472.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz255B.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz2628.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz27BC.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz2E21.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz2FC7.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz3330.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz334F.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz5B1B.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8E98.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzB673.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzD44E.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzFE7A.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\NS8D81.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\NSAA52.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\NSADFA.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\NSAE39.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8E99.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz904E.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz90E9.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz9141.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz91D3.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz91E3.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz931B.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz9482.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz9538.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz958A.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz96B3.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz981.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz9878.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz9A9A.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz9CCC.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz9DD4.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz9FB7.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzA015.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzA14E.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzA3ED.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzA572.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzA5A2.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzA801.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzA89D.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzA9F5.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzAA24.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzAD8.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzAF61.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzB06A.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzB26E.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzB2E9.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzB4BD.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzB50B.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzB616.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz338D.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz3429.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz34F4.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz3580.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz3581.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz35CF.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz35FE.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz36C9.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz3784.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz3811.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz3E47.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz3F6.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz4099.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz4568.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz48F2.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz5012.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz534E.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz557E.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz5936.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz5937.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz5A50.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz5A5E.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzB78B.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzB894.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzB922.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzBA1B.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzBAD6.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzBAF5.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzBBA0.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzBBFE.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzBE9D.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzBEBD.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzC12D.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzC1AA.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzC264.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzC274.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzC5BF.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzC8BA.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzCA40.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzCA8F.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzD0A6.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzD420.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz5CA1.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz5D3D.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz5FAC.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz640F.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz641F.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz65C5.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz6612.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz667.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz667F.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz68B2.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz68C1.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz7ACA.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz7CCD.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz7E05.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz7E53.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz7F1E.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz7F7B.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz80C4.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz81EC.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz821B.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8545.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz85A3.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8739.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8768.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8777.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz87F3.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8A64.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8AA2.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8AA3.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8C19.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8C47.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trz8D51.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzD45E.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzD681.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzD799.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzD9EA.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzDAE3.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzDDA2.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzDDB2.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzDE4.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzE012.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzE1B6.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzE24.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzE714.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzEC12.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzEEE1.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzEFBB.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzF42D.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzF862.tmp (Rootkit.Agent) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzFA.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzFAE2.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\AppData\Local\Temp\trzFC2A.tmp (Trojan.PWStealer) -> No action taken.
c:\Users\Biloute\documents\add on & cracks\assassins creed 2 skidrow\SKIDROW\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.
c:\Users\Biloute\documents\add on & cracks\gta.iv.crack-fall_0ut_b0y\launchgtaiv.exe (Risktool.Crack) -> No action taken.
c:\Users\Biloute\documents\add on & cracks\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r\launchgtaiv.exe (Risktool.Crack) -> No action taken.
c:\Users\Biloute\documents\add on & cracks\mw2 coop lan working razor repack\Crack\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> No action taken.
c:\Users\Biloute\documents\add on & cracks\nfs carbon crack + serial\nfs carbon crack + serial\crack + serial\Keygen.exe (Trojan.Downloader) -> No action taken.
c:\Users\Biloute\documents\add on & cracks\powerdvd ultra v9.0.1501.0 preactivated\crack if u need\keygen.exe (Trojan.Dropper.PGen) -> No action taken.
c:\Users\Biloute\documents\add on & cracks\call of duty - modern warfare 2 - spec-ops - lan crack - goodreadme included\04 lan spec-ops\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> No action taken.
c:\Users\Biloute\documents\add on & cracks\call of duty modern warfare 2 no steam installer and missing files upload madwiggynld\game installer\mw2install.exe (Trojan.Dropper) -> No action taken.
c:\Users\Biloute\documents\add on & cracks\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\ru-mw2ns\reunion.patch.exe (RiskWare.Tool.CK) -> No action taken.
c:\Users\Biloute\documents\add on & cracks\SKIDROW\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.
c:\Users\Biloute\documents\Utils\acdsee pro 2 v2.5.332 incl keygen french-fff\Crack\acdsee pro v2.5.332 incl keygen french-bs\BS-ACP20.exe (Trojan.Dropper.PGen) -> No action taken.
c:\Users\Biloute\documents\Utils\powerdvd ultra v9.0.1501.0 preactivated\crack if u need\keygen.exe (Trojan.Dropper.PGen) -> No action taken.
c:\Users\Biloute\downloads\rk_quarantine\updates.exe.vir (Trojan.Proxy) -> No action taken.
d:\Games\activision\modern warfare 2\reunion.patch.exe (RiskWare.Tool.CK) -> No action taken.
d:\Games\activision\modern warfare 2\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> No action taken.
d:\Users\Macfly\documents\add on & cracks\gta.iv.crack-fall_0ut_b0y\launchgtaiv.exe (Risktool.Crack) -> No action taken.
d:\Users\Macfly\documents\add on & cracks\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r\launchgtaiv.exe (Risktool.Crack) -> No action taken.
d:\Users\Macfly\documents\add on & cracks\call of duty - modern warfare 2 - spec-ops - lan crack - goodreadme included\04 lan spec-ops\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> No action taken.
d:\Users\Macfly\documents\add on & cracks\call of duty modern warfare 2 no steam installer and missing files upload madwiggynld\game installer\mw2install.exe (Trojan.Dropper) -> No action taken.
d:\Users\Macfly\documents\add on & cracks\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\ru-mw2ns\reunion.patch.exe (RiskWare.Tool.CK) -> No action taken.
d:\Users\Macfly\documents\add on & cracks\mw2 coop lan working razor repack\Crack\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> No action taken.
d:\Users\Macfly\documents\add on & cracks\nfs carbon crack + serial\nfs carbon crack + serial\crack + serial\Keygen.exe (Trojan.Downloader) -> No action taken.
d:\Users\Macfly\documents\Utils\acdsee pro 2 v2.5.332 incl keygen french-fff\Crack\acdsee pro v2.5.332 incl keygen french-bs\BS-ACP20.exe (Trojan.Dropper.PGen) -> No action taken.
c:\Windows\$ntuninstallmtf197$\apuninstall.exe (Adware.Adrotator) -> No action taken.
c:\Windows\$ntuninstallmtf197$\ginky.exe (Adware.Adrotator) -> No action taken.
c:\Windows\$ntuninstallmtf197$\zrpt.xml (Adware.Adrotator) -> No action taken.
qwerty-
Messages postés
14568
Date d'inscription
lundi 11 août 2008
Statut
Contributeur
Dernière intervention
29 décembre 2022
1 447
27 mars 2011 à 13:42
27 mars 2011 à 13:42
mince y veut pas poster le MBAM, il est auto modéré...
je te le met en MP ou quoi ?
je te le met en MP ou quoi ?
qwerty-
Messages postés
14568
Date d'inscription
lundi 11 août 2008
Statut
Contributeur
Dernière intervention
29 décembre 2022
1 447
27 mars 2011 à 13:45
27 mars 2011 à 13:45
j'essaye le rapport apres avoir tt effacé avec mbam...
on va voir si y passe...
on va voir si y passe...
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 796
27 mars 2011 à 13:43
27 mars 2011 à 13:43
Atta je demande qu'il soit restauré.
Et le roguekiller option 3 j aimerai voir aussi son rapport ;)
Et le roguekiller option 3 j aimerai voir aussi son rapport ;)
qwerty-
Messages postés
14568
Date d'inscription
lundi 11 août 2008
Statut
Contributeur
Dernière intervention
29 décembre 2022
1 447
27 mars 2011 à 13:45
27 mars 2011 à 13:45
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6178
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
27/03/2011 04:43:27
mbam-log-2011-03-27 (04-43-27).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 507623
Time elapsed: 1 hour(s), 27 minute(s), 12 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 185
Memory Processes Infected:
c:\Windows\System32\wuaucldt.exe (Trojan.Downloader) -> 2116 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF197$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Downloader) -> Value: wuaucldt -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Downloader) -> Value: wuaucldt -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Agent) -> Value: wuaucldt -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Value: netsvc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> Delete on reboot.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\Windows\$ntuninstallmtf197$ (Adware.Adrotator) -> Quarantined and deleted successfully.
Files Infected:
c:\Windows\System32\wuaucldt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\wuaucldt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\Ubisoft\ubisoft game launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\Windows\System32\1.exe (Trojan.Setfic) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\updates\updates.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\Games\Ubisoft\assassin's creed ii\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz1084.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz1479.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz1526.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz1B1E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz1C28.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz1D9E.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz22BC.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz2396.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz2472.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz255B.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz2628.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz27BC.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz2E21.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz2FC7.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz3330.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz334F.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz5B1B.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8E98.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzB673.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzD44E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzFE7A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\NS8D81.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\NSAA52.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\NSADFA.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\NSAE39.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8E99.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz904E.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz90E9.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz9141.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz91D3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz91E3.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz931B.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz9482.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz9538.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz958A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz96B3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz981.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz9878.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz9A9A.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz9CCC.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz9DD4.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz9FB7.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzA015.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzA14E.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzA3ED.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzA572.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzA5A2.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzA801.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzA89D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzA9F5.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzAA24.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzAD8.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzAF61.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzB06A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzB26E.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzB2E9.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzB4BD.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzB50B.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzB616.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz338D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz3429.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz34F4.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz3580.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz3581.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz35CF.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz35FE.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz36C9.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz3784.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz3811.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz3E47.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz3F6.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz4099.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz4568.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz48F2.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz5012.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz534E.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz557E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz5936.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz5937.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz5A50.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz5A5E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzB78B.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzB894.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzB922.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzBA1B.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzBAD6.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzBAF5.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzBBA0.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzBBFE.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzBE9D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzBEBD.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzC12D.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzC1AA.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzC264.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzC274.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzC5BF.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzC8BA.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzCA40.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzCA8F.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzD0A6.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzD420.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz5CA1.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz5D3D.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz5FAC.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz640F.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz641F.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz65C5.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz6612.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz667.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz667F.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz68B2.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz68C1.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz7ACA.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz7CCD.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz7E05.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz7E53.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz7F1E.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz7F7B.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz80C4.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz81EC.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz821B.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8545.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz85A3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8739.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8768.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8777.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz87F3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8A64.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8AA2.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8AA3.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8C19.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8C47.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8D51.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzD45E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzD681.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzD799.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzD9EA.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzDAE3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzDDA2.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzDDB2.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzDE4.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzE012.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzE1B6.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzE24.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzE714.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzEC12.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzEEE1.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzEFBB.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzF42D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzF862.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzFA.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzFAE2.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzFC2A.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\add on & cracks\assassins creed 2 skidrow\SKIDROW\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\add on & cracks\gta.iv.crack-fall_0ut_b0y\launchgtaiv.exe (Risktool.Crack) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\add on & cracks\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r\launchgtaiv.exe (Risktool.Crack) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\add on & cracks\mw2 coop lan working razor repack\Crack\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\add on & cracks\nfs carbon crack + serial\nfs carbon crack + serial\crack + serial\Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\add on & cracks\powerdvd ultra v9.0.1501.0 preactivated\crack if u need\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\add on & cracks\call of duty - modern warfare 2 - spec-ops - lan crack - goodreadme included\04 lan spec-ops\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\add on & cracks\call of duty modern warfare 2 no steam installer and missing files upload madwiggynld\game installer\mw2install.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\add on & cracks\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\ru-mw2ns\reunion.patch.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\add on & cracks\SKIDROW\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\Utils\acdsee pro 2 v2.5.332 incl keygen french-fff\Crack\acdsee pro v2.5.332 incl keygen french-bs\BS-ACP20.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\Utils\powerdvd ultra v9.0.1501.0 preactivated\crack if u need\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Users\Biloute\downloads\rk_quarantine\updates.exe.vir (Trojan.Proxy) -> Quarantined and deleted successfully.
d:\Games\activision\modern warfare 2\reunion.patch.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\Games\activision\modern warfare 2\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.
d:\Users\Macfly\documents\add on & cracks\gta.iv.crack-fall_0ut_b0y\launchgtaiv.exe (Risktool.Crack) -> Quarantined and deleted successfully.
d:\Users\Macfly\documents\add on & cracks\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r\launchgtaiv.exe (Risktool.Crack) -> Quarantined and deleted successfully.
d:\Users\Macfly\documents\add on & cracks\call of duty - modern warfare 2 - spec-ops - lan crack - goodreadme included\04 lan spec-ops\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.
d:\Users\Macfly\documents\add on & cracks\call of duty modern warfare 2 no steam installer and missing files upload madwiggynld\game installer\mw2install.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
d:\Users\Macfly\documents\add on & cracks\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\ru-mw2ns\reunion.patch.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\Users\Macfly\documents\add on & cracks\mw2 coop lan working razor repack\Crack\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.
d:\Users\Macfly\documents\add on & cracks\nfs carbon crack + serial\nfs carbon crack + serial\crack + serial\Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
d:\Users\Macfly\documents\Utils\acdsee pro 2 v2.5.332 incl keygen french-fff\Crack\acdsee pro v2.5.332 incl keygen french-bs\BS-ACP20.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Windows\$ntuninstallmtf197$\apuninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
c:\Windows\$ntuninstallmtf197$\ginky.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
c:\Windows\$ntuninstallmtf197$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
www.malwarebytes.org
Database version: 6178
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
27/03/2011 04:43:27
mbam-log-2011-03-27 (04-43-27).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 507623
Time elapsed: 1 hour(s), 27 minute(s), 12 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 185
Memory Processes Infected:
c:\Windows\System32\wuaucldt.exe (Trojan.Downloader) -> 2116 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF197$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Downloader) -> Value: wuaucldt -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Downloader) -> Value: wuaucldt -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Agent) -> Value: wuaucldt -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Value: netsvc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> Delete on reboot.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\Windows\$ntuninstallmtf197$ (Adware.Adrotator) -> Quarantined and deleted successfully.
Files Infected:
c:\Windows\System32\wuaucldt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\wuaucldt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\Ubisoft\ubisoft game launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\Windows\System32\1.exe (Trojan.Setfic) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\updates\updates.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\Games\Ubisoft\assassin's creed ii\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz1084.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz1479.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz1526.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz1B1E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz1C28.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz1D9E.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz22BC.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz2396.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz2472.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz255B.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz2628.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz27BC.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz2E21.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz2FC7.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz3330.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz334F.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz5B1B.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8E98.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzB673.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzD44E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzFE7A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\NS8D81.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\NSAA52.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\NSADFA.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\NSAE39.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8E99.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz904E.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz90E9.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz9141.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz91D3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz91E3.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz931B.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz9482.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz9538.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz958A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz96B3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz981.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz9878.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz9A9A.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz9CCC.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz9DD4.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz9FB7.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzA015.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzA14E.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzA3ED.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzA572.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzA5A2.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzA801.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzA89D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzA9F5.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzAA24.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzAD8.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzAF61.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzB06A.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzB26E.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzB2E9.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzB4BD.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzB50B.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzB616.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz338D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz3429.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz34F4.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz3580.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz3581.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz35CF.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz35FE.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz36C9.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz3784.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz3811.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz3E47.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz3F6.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz4099.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz4568.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz48F2.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz5012.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz534E.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz557E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz5936.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz5937.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz5A50.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz5A5E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzB78B.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzB894.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzB922.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzBA1B.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzBAD6.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzBAF5.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzBBA0.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzBBFE.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzBE9D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzBEBD.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzC12D.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzC1AA.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzC264.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzC274.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzC5BF.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzC8BA.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzCA40.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzCA8F.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzD0A6.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzD420.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz5CA1.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz5D3D.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz5FAC.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz640F.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz641F.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz65C5.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz6612.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz667.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz667F.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz68B2.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz68C1.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz7ACA.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz7CCD.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz7E05.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz7E53.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz7F1E.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz7F7B.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz80C4.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz81EC.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz821B.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8545.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz85A3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8739.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8768.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8777.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz87F3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8A64.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8AA2.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8AA3.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8C19.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8C47.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trz8D51.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzD45E.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzD681.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzD799.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzD9EA.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzDAE3.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzDDA2.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzDDB2.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzDE4.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzE012.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzE1B6.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzE24.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzE714.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzEC12.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzEEE1.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzEFBB.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzF42D.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzF862.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzFA.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzFAE2.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\AppData\Local\Temp\trzFC2A.tmp (Trojan.PWStealer) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\add on & cracks\assassins creed 2 skidrow\SKIDROW\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\add on & cracks\gta.iv.crack-fall_0ut_b0y\launchgtaiv.exe (Risktool.Crack) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\add on & cracks\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r\launchgtaiv.exe (Risktool.Crack) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\add on & cracks\mw2 coop lan working razor repack\Crack\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\add on & cracks\nfs carbon crack + serial\nfs carbon crack + serial\crack + serial\Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\add on & cracks\powerdvd ultra v9.0.1501.0 preactivated\crack if u need\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\add on & cracks\call of duty - modern warfare 2 - spec-ops - lan crack - goodreadme included\04 lan spec-ops\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\add on & cracks\call of duty modern warfare 2 no steam installer and missing files upload madwiggynld\game installer\mw2install.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\add on & cracks\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\ru-mw2ns\reunion.patch.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\add on & cracks\SKIDROW\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\Utils\acdsee pro 2 v2.5.332 incl keygen french-fff\Crack\acdsee pro v2.5.332 incl keygen french-bs\BS-ACP20.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Users\Biloute\documents\Utils\powerdvd ultra v9.0.1501.0 preactivated\crack if u need\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Users\Biloute\downloads\rk_quarantine\updates.exe.vir (Trojan.Proxy) -> Quarantined and deleted successfully.
d:\Games\activision\modern warfare 2\reunion.patch.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\Games\activision\modern warfare 2\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.
d:\Users\Macfly\documents\add on & cracks\gta.iv.crack-fall_0ut_b0y\launchgtaiv.exe (Risktool.Crack) -> Quarantined and deleted successfully.
d:\Users\Macfly\documents\add on & cracks\gta.iv.crack.securom.bypass.launcher.uber-proper-fed0r\launchgtaiv.exe (Risktool.Crack) -> Quarantined and deleted successfully.
d:\Users\Macfly\documents\add on & cracks\call of duty - modern warfare 2 - spec-ops - lan crack - goodreadme included\04 lan spec-ops\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.
d:\Users\Macfly\documents\add on & cracks\call of duty modern warfare 2 no steam installer and missing files upload madwiggynld\game installer\mw2install.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
d:\Users\Macfly\documents\add on & cracks\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\call.of.duty.modern.warfare.2.razor.release.no.steam.patch\ru-mw2ns\reunion.patch.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\Users\Macfly\documents\add on & cracks\mw2 coop lan working razor repack\Crack\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.
d:\Users\Macfly\documents\add on & cracks\nfs carbon crack + serial\nfs carbon crack + serial\crack + serial\Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
d:\Users\Macfly\documents\Utils\acdsee pro 2 v2.5.332 incl keygen french-fff\Crack\acdsee pro v2.5.332 incl keygen french-bs\BS-ACP20.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Windows\$ntuninstallmtf197$\apuninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
c:\Windows\$ntuninstallmtf197$\ginky.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
c:\Windows\$ntuninstallmtf197$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
qwerty-
Messages postés
14568
Date d'inscription
lundi 11 août 2008
Statut
Contributeur
Dernière intervention
29 décembre 2022
1 447
27 mars 2011 à 13:45
27 mars 2011 à 13:45
ouais rogue c'est en route, et le 2èmè MBAM passe po non, plus !
=)
=)
qwerty-
Messages postés
14568
Date d'inscription
lundi 11 août 2008
Statut
Contributeur
Dernière intervention
29 décembre 2022
1 447
27 mars 2011 à 13:47
27 mars 2011 à 13:47
RogueKiller V4.3.4 by Tigzy
contact at https://www.luanagames.com/index.fr.html
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.luanagames.com/index.fr.html
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Biloute [Admin rights]
Mode: HOSTSFix -- Date : 03/27/2011 04:46:39
Bad processes: 3
[SVCHOST] svchost.exe -- System Folder -> KILLED
[SVCHOST] svchost.exe -- System Folder -> KILLED
[SVCHOST] svchost.exe -- System Folder -> KILLED
HOSTS File:
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
Resetted HOSTS:
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
contact at https://www.luanagames.com/index.fr.html
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.luanagames.com/index.fr.html
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Biloute [Admin rights]
Mode: HOSTSFix -- Date : 03/27/2011 04:46:39
Bad processes: 3
[SVCHOST] svchost.exe -- System Folder -> KILLED
[SVCHOST] svchost.exe -- System Folder -> KILLED
[SVCHOST] svchost.exe -- System Folder -> KILLED
HOSTS File:
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
Resetted HOSTS:
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
qwerty-
Messages postés
14568
Date d'inscription
lundi 11 août 2008
Statut
Contributeur
Dernière intervention
29 décembre 2022
1 447
27 mars 2011 à 13:47
27 mars 2011 à 13:47
eeeeh voila.
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 796
27 mars 2011 à 13:47
27 mars 2011 à 13:47
c est bon message restauré.
> No action taken. tu n'as rien supprimé !!
? A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
? Clique sur Ok pour poursuivre.
? Si des malwares ont été détectés, cliques sur Afficher les résultats
? Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection . Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
? Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse. Copie/colle le ici (ctrl+a pour tout sélectionner, ctrl+c pour copier, ctrl+v pour coller)
? ? Il se peut que MBAM ait besoin de redémarrer le pc pour finaliser la suppression, donc pas de panique, redémarre ton pc !!!
? Une fois le PC redémarré, rends toi dans l'onglet rapport/log
? Tu clique dessus pour l'afficher, une fois affiché
? Copie/colle le ici (ctrl+a pour tout sélectionner, ctrl+c pour copier, ctrl+v pour coller)
> No action taken. tu n'as rien supprimé !!
? A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
? Clique sur Ok pour poursuivre.
? Si des malwares ont été détectés, cliques sur Afficher les résultats
? Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection . Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
? Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse. Copie/colle le ici (ctrl+a pour tout sélectionner, ctrl+c pour copier, ctrl+v pour coller)
? ? Il se peut que MBAM ait besoin de redémarrer le pc pour finaliser la suppression, donc pas de panique, redémarre ton pc !!!
? Une fois le PC redémarré, rends toi dans l'onglet rapport/log
? Tu clique dessus pour l'afficher, une fois affiché
? Copie/colle le ici (ctrl+a pour tout sélectionner, ctrl+c pour copier, ctrl+v pour coller)
qwerty-
Messages postés
14568
Date d'inscription
lundi 11 août 2008
Statut
Contributeur
Dernière intervention
29 décembre 2022
1 447
27 mars 2011 à 13:51
27 mars 2011 à 13:51
lol m@t comment que ça va ? tu viens juste faire ton nez ?
tu connais la différence entre un belge et un français ?
les 2 sont cons, mais le belge en est fier ! ="DDD
tu connais la différence entre un belge et un français ?
les 2 sont cons, mais le belge en est fier ! ="DDD
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 796
27 mars 2011 à 13:52
27 mars 2011 à 13:52
joli :o)
qwerty-
Messages postés
14568
Date d'inscription
lundi 11 août 2008
Statut
Contributeur
Dernière intervention
29 décembre 2022
1 447
27 mars 2011 à 13:52
27 mars 2011 à 13:52
sinon ici c'est apres delete ! pour MBAM
https://forums.commentcamarche.net/forum/affich-21389162-infections-avec-certitude#13
https://forums.commentcamarche.net/forum/affich-21389162-infections-avec-certitude#13
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 796
27 mars 2011 à 13:53
27 mars 2011 à 13:53
j ai vu :o) merci mat ^^
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 796
27 mars 2011 à 13:49
27 mars 2011 à 13:49
OK c est bon !
La suite.... y'a du rootkit... :)
Attention, avant de commencer, lit attentivement la procédure, et imprime la
Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
La simple désactivation du résident n'est pas suffisante.
Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
Choisis la version adéquate (32 ou 64 bits)/!\
Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :
▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau
▶ Lance le
▶ Une fenêtre apparait : clique sur "Disable"
▶ Fais redémarrer l'ordinateur si l'outil te le demande
Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"
/!\ Ne pas utiliser ce logiciel en dehors du cadre de cette désinfection : DANGEUREUX /!\
tutoriel combofix
▶ Fais un clic droit sur le lien ci dessous, choisi "Enregistrer la cible du lien sous", comme destination : ton Bureau, change son nom (ton_pseudo.exe par exemple) :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
▶ /!\ Déconnecte-toi du net et ARRÊTE TES LOGICIELS DE PROTECTION /!\
▶ Double-clique sur ComboFix.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter
▶ ▶ SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
(si il te propose de l'installer remets internet)
▶ Mets-le en langue française F
▶ Tape sur la touche 1 (Yes) pour démarrer le scan.
▶ Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC
▶En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
▶ Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
▶ ▶ /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
▶ Note : Le rapport se trouve également là : C:\ComboFix.txt
La suite.... y'a du rootkit... :)
Attention, avant de commencer, lit attentivement la procédure, et imprime la
Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
La simple désactivation du résident n'est pas suffisante.
Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
Choisis la version adéquate (32 ou 64 bits)/!\
Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :
▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau
▶ Lance le
▶ Une fenêtre apparait : clique sur "Disable"
▶ Fais redémarrer l'ordinateur si l'outil te le demande
Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"
/!\ Ne pas utiliser ce logiciel en dehors du cadre de cette désinfection : DANGEUREUX /!\
tutoriel combofix
▶ Fais un clic droit sur le lien ci dessous, choisi "Enregistrer la cible du lien sous", comme destination : ton Bureau, change son nom (ton_pseudo.exe par exemple) :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
▶ /!\ Déconnecte-toi du net et ARRÊTE TES LOGICIELS DE PROTECTION /!\
▶ Double-clique sur ComboFix.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter
▶ ▶ SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
(si il te propose de l'installer remets internet)
▶ Mets-le en langue française F
▶ Tape sur la touche 1 (Yes) pour démarrer le scan.
▶ Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC
▶En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
▶ Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
▶ ▶ /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
▶ Note : Le rapport se trouve également là : C:\ComboFix.txt
qwerty-
Messages postés
14568
Date d'inscription
lundi 11 août 2008
Statut
Contributeur
Dernière intervention
29 décembre 2022
1 447
27 mars 2011 à 13:58
27 mars 2011 à 13:58
avec AVAST ça changes rien ?
pfouh y a blindé, j'fais faire du café quelqu'un en veut ?
lol
pfouh y a blindé, j'fais faire du café quelqu'un en veut ?
lol
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 796
27 mars 2011 à 13:59
27 mars 2011 à 13:59
non avast il sert à rien ... mdrrr
tu le désactive c est bon....
Et OKK pour le café !!! :]
tu le désactive c est bon....
Et OKK pour le café !!! :]
qwerty-
Messages postés
14568
Date d'inscription
lundi 11 août 2008
Statut
Contributeur
Dernière intervention
29 décembre 2022
1 447
27 mars 2011 à 14:38
27 mars 2011 à 14:38
bon ben voilou !
je devrais mettre lequel a la place d'avast, dans les antivirus gratuits ?
ComboFix 11-03-26.01 - Biloute 27/03/2011 5:25.1.8 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3326.2213 [GMT -7:00]
Running from: c:\users\Biloute\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Biloute\AppData\Roaming\inst.exe
.
----- BITS: Possible infected sites -----
.
hxxp://download.xbox.com:80
.
((((((((((((((((((((((((( Files Created from 2011-02-27 to 2011-03-27 )))))))))))))))))))))))))))))))
.
.
2011-03-27 12:21 . 2011-03-27 12:22 -------- d-----w- C:\32788R22FWJFW
2011-03-26 23:27 . 2011-03-26 23:27 -------- d-----w- c:\users\Biloute\AppData\Roaming\Malwarebytes
2011-03-26 23:27 . 2011-03-26 23:27 -------- d-----w- c:\programdata\Malwarebytes
2011-03-26 23:27 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-26 23:27 . 2011-03-26 23:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-26 23:27 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-25 22:24 . 2011-03-25 22:24 -------- d-----w- c:\program files\Trend Micro
2011-03-20 12:18 . 2011-03-20 12:18 -------- d-----w- c:\users\Biloute\AppData\Local\CrashRpt
2011-03-20 11:49 . 2011-03-20 11:49 -------- d-----w- c:\program files\Atari
2011-03-19 19:53 . 2011-03-19 19:53 -------- d-----w- c:\program files\MyDefrag v4.3.1
2011-03-19 15:56 . 2011-03-19 15:56 -------- d-----w- c:\program files\uTorrent
2011-03-19 15:55 . 2011-03-23 08:34 -------- d-----w- c:\users\Biloute\AppData\Roaming\uTorrent
2011-03-02 18:28 . 2011-03-02 18:28 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2011-02-27 14:27 . 2007-12-10 00:00 57344 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ZIMFPRNT.DLL
2011-02-27 14:26 . 2011-02-27 14:26 -------- d-----w- c:\program files\HP
2011-02-27 14:26 . 2007-12-10 00:00 61440 ----a-w- c:\windows\system32\ZIMF.DLL
2011-02-27 14:26 . 2007-12-10 00:00 53248 ----a-w- c:\windows\system32\ZTAG.DLL
2011-02-27 14:26 . 2007-12-10 00:00 430080 ----a-w- c:\windows\system32\ZSHP1018.EXE
2011-02-27 14:26 . 2007-12-10 00:00 106496 ----a-w- c:\windows\system32\ZSPOOL.DLL
2011-02-27 14:26 . 2007-12-10 00:00 102400 ----a-w- c:\windows\system32\ZLhp1018.DLL
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 01:10 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2011-03-10 15:42 . 2009-08-18 19:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-03-10 15:42 . 2009-08-18 19:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-01-08 05:06 . 2011-01-08 05:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-08 05:06 . 2011-01-08 05:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-08 05:06 . 2011-01-08 05:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-08 05:06 . 2011-01-08 05:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-08 05:06 . 2011-01-08 05:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-08 03:27 . 2011-02-05 13:34 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27 . 2011-02-05 13:34 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27 . 2011-02-05 13:34 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2011-02-05 13:34 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2011-02-05 13:34 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2011-02-05 13:34 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2011-02-05 13:34 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-08 03:27 . 2011-02-05 13:34 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2011-02-05 13:34 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2011-02-05 13:34 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-08 03:27 . 2011-02-05 13:34 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-08 03:27 . 2010-04-17 17:51 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27 . 2010-04-10 02:12 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"Razer Mamba Driver"="c:\program files\Razer\Mamba\RazerTray.exe" [2009-12-15 3278728]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-03 9808488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 zlaqbbkf;Microsoft USB Generic Parent Helper;c:\windows\System32\svchost.exe [2009-07-14 20992]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-19 691696]
S1 aswSP;aswSP; [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/05/08 18:43];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-03-01 02:40 87536]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 19720]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 14856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zlaqbbkf
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Biloute\AppData\Roaming\Mozilla\Firefox\Profiles\d2e6mzwn.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD3200AAJS-00L7A0 rev.01.03E01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x866E6CA1]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x58; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8552190b; SUB DWORD [EBP-0x4], 0x85521113; PUSH EDI; CALL 0xffffffffffffdedd; }
1 ntkrnlpa!IofCallDriver[0x82E80458] -> \Device\Harddisk0\DR0[0x8689B7C8]
3 CLASSPNP[0x8BFA659E] -> ntkrnlpa!IofCallDriver[0x82E80458] -> [0x8666D918]
5 ACPI[0x83AC53B2] -> ntkrnlpa!IofCallDriver[0x82E80458] -> \IdeDeviceP2T0L0-2[0x866B5030]
[0x86E7D3B8] -> IRP_MJ_CREATE -> 0x866E6CA1
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-2 -> \??\IDE#DiskWDC_WD3200AAJS-00L7A0___________________01.03E01#5&1a097928&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-775051654-1451683621-3101022131-1000\Software\SecuROM\License information*]
"datasecu"=hex:a5,85,7b,19,86,fe,4f,b2,61,56,19,64,3a,d8,9f,dc,0b,cc,bc,4c,60,
4a,1f,a7,bd,a0,13,cb,39,77,17,38,8e,f3,8a,1b,4c,0b,40,3b,bb,73,11,2c,62,ae,\
"rkeysecu"=hex:de,4b,25,a7,a3,1b,9b,d1,c0,33,47,34,a7,8d,4a,37
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-27 05:34:47
ComboFix-quarantined-files.txt 2011-03-27 12:34
.
Pre-Run: 41.214.840.832 bytes free
Post-Run: 40.633.122.816 bytes free
.
- - End Of File - - DA3672D2C8A2AF1110B58A2CA5BB5BE3
je devrais mettre lequel a la place d'avast, dans les antivirus gratuits ?
ComboFix 11-03-26.01 - Biloute 27/03/2011 5:25.1.8 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3326.2213 [GMT -7:00]
Running from: c:\users\Biloute\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Biloute\AppData\Roaming\inst.exe
.
----- BITS: Possible infected sites -----
.
hxxp://download.xbox.com:80
.
((((((((((((((((((((((((( Files Created from 2011-02-27 to 2011-03-27 )))))))))))))))))))))))))))))))
.
.
2011-03-27 12:21 . 2011-03-27 12:22 -------- d-----w- C:\32788R22FWJFW
2011-03-26 23:27 . 2011-03-26 23:27 -------- d-----w- c:\users\Biloute\AppData\Roaming\Malwarebytes
2011-03-26 23:27 . 2011-03-26 23:27 -------- d-----w- c:\programdata\Malwarebytes
2011-03-26 23:27 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-26 23:27 . 2011-03-26 23:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-26 23:27 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-25 22:24 . 2011-03-25 22:24 -------- d-----w- c:\program files\Trend Micro
2011-03-20 12:18 . 2011-03-20 12:18 -------- d-----w- c:\users\Biloute\AppData\Local\CrashRpt
2011-03-20 11:49 . 2011-03-20 11:49 -------- d-----w- c:\program files\Atari
2011-03-19 19:53 . 2011-03-19 19:53 -------- d-----w- c:\program files\MyDefrag v4.3.1
2011-03-19 15:56 . 2011-03-19 15:56 -------- d-----w- c:\program files\uTorrent
2011-03-19 15:55 . 2011-03-23 08:34 -------- d-----w- c:\users\Biloute\AppData\Roaming\uTorrent
2011-03-02 18:28 . 2011-03-02 18:28 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2011-02-27 14:27 . 2007-12-10 00:00 57344 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ZIMFPRNT.DLL
2011-02-27 14:26 . 2011-02-27 14:26 -------- d-----w- c:\program files\HP
2011-02-27 14:26 . 2007-12-10 00:00 61440 ----a-w- c:\windows\system32\ZIMF.DLL
2011-02-27 14:26 . 2007-12-10 00:00 53248 ----a-w- c:\windows\system32\ZTAG.DLL
2011-02-27 14:26 . 2007-12-10 00:00 430080 ----a-w- c:\windows\system32\ZSHP1018.EXE
2011-02-27 14:26 . 2007-12-10 00:00 106496 ----a-w- c:\windows\system32\ZSPOOL.DLL
2011-02-27 14:26 . 2007-12-10 00:00 102400 ----a-w- c:\windows\system32\ZLhp1018.DLL
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 01:10 . 2009-07-13 23:11 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2011-03-10 15:42 . 2009-08-18 19:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-03-10 15:42 . 2009-08-18 19:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-01-08 05:06 . 2011-01-08 05:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-08 05:06 . 2011-01-08 05:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-08 05:06 . 2011-01-08 05:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-08 05:06 . 2011-01-08 05:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-08 05:06 . 2011-01-08 05:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-08 03:27 . 2011-02-05 13:34 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27 . 2011-02-05 13:34 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27 . 2011-02-05 13:34 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2011-02-05 13:34 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2011-02-05 13:34 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2011-02-05 13:34 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2011-02-05 13:34 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-08 03:27 . 2011-02-05 13:34 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2011-02-05 13:34 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2011-02-05 13:34 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-08 03:27 . 2011-02-05 13:34 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-08 03:27 . 2010-04-17 17:51 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27 . 2010-04-10 02:12 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"Razer Mamba Driver"="c:\program files\Razer\Mamba\RazerTray.exe" [2009-12-15 3278728]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-03 9808488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 zlaqbbkf;Microsoft USB Generic Parent Helper;c:\windows\System32\svchost.exe [2009-07-14 20992]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-19 691696]
S1 aswSP;aswSP; [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/05/08 18:43];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-03-01 02:40 87536]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 19720]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 14856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zlaqbbkf
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Biloute\AppData\Roaming\Mozilla\Firefox\Profiles\d2e6mzwn.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD3200AAJS-00L7A0 rev.01.03E01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x866E6CA1]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x58; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8552190b; SUB DWORD [EBP-0x4], 0x85521113; PUSH EDI; CALL 0xffffffffffffdedd; }
1 ntkrnlpa!IofCallDriver[0x82E80458] -> \Device\Harddisk0\DR0[0x8689B7C8]
3 CLASSPNP[0x8BFA659E] -> ntkrnlpa!IofCallDriver[0x82E80458] -> [0x8666D918]
5 ACPI[0x83AC53B2] -> ntkrnlpa!IofCallDriver[0x82E80458] -> \IdeDeviceP2T0L0-2[0x866B5030]
[0x86E7D3B8] -> IRP_MJ_CREATE -> 0x866E6CA1
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-2 -> \??\IDE#DiskWDC_WD3200AAJS-00L7A0___________________01.03E01#5&1a097928&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-775051654-1451683621-3101022131-1000\Software\SecuROM\License information*]
"datasecu"=hex:a5,85,7b,19,86,fe,4f,b2,61,56,19,64,3a,d8,9f,dc,0b,cc,bc,4c,60,
4a,1f,a7,bd,a0,13,cb,39,77,17,38,8e,f3,8a,1b,4c,0b,40,3b,bb,73,11,2c,62,ae,\
"rkeysecu"=hex:de,4b,25,a7,a3,1b,9b,d1,c0,33,47,34,a7,8d,4a,37
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-27 05:34:47
ComboFix-quarantined-files.txt 2011-03-27 12:34
.
Pre-Run: 41.214.840.832 bytes free
Post-Run: 40.633.122.816 bytes free
.
- - End Of File - - DA3672D2C8A2AF1110B58A2CA5BB5BE3
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 796
Modifié par juju666 le 4/04/2011 à 00:47
Modifié par juju666 le 4/04/2011 à 00:47
désinstalle spybot
garde avast ;)
fais ceci : https://forums.commentcamarche.net/forum/affich-21389162-infections-avec-certitude#32
puis tu passe à ça:
DÉSACTIVE TON ANTIVIRUS ET TON PARE-FEU SI PRÉSENTS !!!!! (car l'outil est détecté a tort comme infection contenant un module qui sert à arrêter des processus , et un autre servant à prendre des droits dans le registre pour effectuer des suppressions)
▶ Télécharge ici :List_Kill'em de gen-hackman
et télécharge Pre_scan de gen-hackman
et enregistre les sur ton bureau
▶ Lance Pre_Scan.exe. Laisse le travailler et poste le contenu du rapport rapport.txt sur ton bureau ici directement.
Puis:
Exécute List_Kill'em_Instal.exe sur ton bureau pour lancer l'installation
Laisse coché :
♦ Exécuter List_Kill'em
une fois terminée , clic sur "terminer"
▶ ▶ Une fois le programme lancé choisis l'option Recherche
▶ laisse travailler l'outil
▶ Envoie list'em.txt sur ton bureau
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier List'em.txt sur ton bureau
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Fais de même avec more.txt qui se trouve sur ton bureau
▶ Copie ces liens dans ta réponse.
.::. Contributeur Sécurité .::.
garde avast ;)
fais ceci : https://forums.commentcamarche.net/forum/affich-21389162-infections-avec-certitude#32
puis tu passe à ça:
DÉSACTIVE TON ANTIVIRUS ET TON PARE-FEU SI PRÉSENTS !!!!! (car l'outil est détecté a tort comme infection contenant un module qui sert à arrêter des processus , et un autre servant à prendre des droits dans le registre pour effectuer des suppressions)
▶ Télécharge ici :List_Kill'em de gen-hackman
et télécharge Pre_scan de gen-hackman
et enregistre les sur ton bureau
▶ Lance Pre_Scan.exe. Laisse le travailler et poste le contenu du rapport rapport.txt sur ton bureau ici directement.
Puis:
Exécute List_Kill'em_Instal.exe sur ton bureau pour lancer l'installation
Laisse coché :
♦ Exécuter List_Kill'em
une fois terminée , clic sur "terminer"
▶ ▶ Une fois le programme lancé choisis l'option Recherche
▶ laisse travailler l'outil
▶ Envoie list'em.txt sur ton bureau
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier List'em.txt sur ton bureau
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Fais de même avec more.txt qui se trouve sur ton bureau
▶ Copie ces liens dans ta réponse.
.::. Contributeur Sécurité .::.
qwerty-
Messages postés
14568
Date d'inscription
lundi 11 août 2008
Statut
Contributeur
Dernière intervention
29 décembre 2022
1 447
4 avril 2011 à 00:05
4 avril 2011 à 00:05
ah oue tiens au fait chuis parti pour 10 jours, donc je continuerai apres celu !
ça changes rien pour la désinfection ??
ça changes rien pour la désinfection ??
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 796
4 avril 2011 à 00:12
4 avril 2011 à 00:12
non ^^
qwerty-
Messages postés
14568
Date d'inscription
lundi 11 août 2008
Statut
Contributeur
Dernière intervention
29 décembre 2022
1 447
4 avril 2011 à 01:23
4 avril 2011 à 01:23
t'es pas encore couché toi ???? =)
sinon t'es de ou ? moi c'est evere a bxl
sinon t'es de ou ? moi c'est evere a bxl
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 796
4 avril 2011 à 06:09
4 avril 2011 à 06:09
si j'étais couché =P
du hainaut ;)
du hainaut ;)
afideg
Messages postés
10517
Date d'inscription
lundi 10 octobre 2005
Statut
Contributeur sécurité
Dernière intervention
12 avril 2022
602
Modifié par afideg le 4/04/2011 à 12:18
Modifié par afideg le 4/04/2011 à 12:18
Et moi, Wallon et fier de l'être !
Evere ? C'est flamand ça ? ==> non, c'est SABCA !
Al.
Salut à tous.
Evere ? C'est flamand ça ? ==> non, c'est SABCA !
Al.
Salut à tous.
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 796
4 avril 2011 à 00:15
4 avril 2011 à 00:15
au fait avant de passer à list_kill'em fait ça; j'avais pas vu:
▶ Télécharge TDSS Killer (de Kaspersky Labs) sur ton Bureau
▶ Double-clique sur tdsskiller.exe (sous Vista/Seven, clic droit
dessus, et sur exécuter en tant qu'administrateur)
▶ Clique sur Start Scan
▶ Si l'outil a trouvé des éléments, choisi Cure,
puis sur Reboot Now
▶ Le PC va redémarrer, et un rapport va s'ouvrir
▶ Copie/colle le rapport (il est sauvegardé dans C:\TDSS Killer
N° de version_Date_Heure_log.txt)
▶ Télécharge TDSS Killer (de Kaspersky Labs) sur ton Bureau
▶ Double-clique sur tdsskiller.exe (sous Vista/Seven, clic droit
dessus, et sur exécuter en tant qu'administrateur)
▶ Clique sur Start Scan
▶ Si l'outil a trouvé des éléments, choisi Cure,
puis sur Reboot Now
▶ Le PC va redémarrer, et un rapport va s'ouvrir
▶ Copie/colle le rapport (il est sauvegardé dans C:\TDSS Killer
N° de version_Date_Heure_log.txt)
