Jump to content

avragorn

Members
  • Posts

    16
  • Joined

  • Last visited

Everything posted by avragorn

  1. Hello I just did a full scan with MBAM, and here is the log. I know it is not a scan done in developer mode, but I must go to sleep so if you need the log from the developer mode, I will do a full scan tomorrow afternoon.... Here is the log ( in french ) : Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 07/12/2009 22:33:42 mbam-log-2009-12-07 (22-33-33).txt Type de recherche: Examen complet (C:\|) El
  2. Everything is ok for me too Thank you very much
  3. Hello At first, sorry for posting a similar thread I updated MBAM, with the database 2885 and it still finds the same infections : 01/10/2009 18:19:03 mbam-log-2009-10-01 (18-19-00).txt Scan type: Quick Scan Objects scanned: 105297 Time elapsed: 9 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 13 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{52c01a76-19e2-4a50-ae8a-38ffbccf9182} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146 6702566142025717167686871261825199413014739] HKEY_CLASSES_ROOT\CLSID\{0944d16c-d0f4-4389-982a-a085595a9eb3} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146 6702566142025717167686871261825199413014739] HKEY_CLASSES_ROOT\CLSID\{3831331e-0d11-4716-871d-68f3b11d23c9} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146 6702566142025717167686871261825199413014739] HKEY_CLASSES_ROOT\CLSID\{3dcd2bc5-8489-48ae-891f-90c8b2f19f56} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146 6702566142025717167686871261825199413014739] HKEY_CLASSES_ROOT\CLSID\{5954ea75-9bfa-461a-bd34-cea3a861ff19} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146 6702566142025717167686871261825199413014739] HKEY_CLASSES_ROOT\CLSID\{762ec429-1a5d-4ab8-844a-9a552e1241da} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146 6702566142025717167686871261825199413014739] HKEY_CLASSES_ROOT\CLSID\{a506ef88-9efc-4522-bfe1-a8e886a64d80} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146 6702566142025717167686871261825199413014739] HKEY_CLASSES_ROOT\CLSID\{a5704c37-40da-49ef-904b-97e5f5f9b1c5} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146 6702566142025717167686871261825199413014739] HKEY_CLASSES_ROOT\CLSID\{b87799af-2ce9-4daa-93cf-65f002035369} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146 6702566142025717167686871261825199413014739] HKEY_CLASSES_ROOT\CLSID\{bbc73c94-337c-43cc-b52c-31eb9fa34013} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146 6702566142025717167686871261825199413014739] HKEY_CLASSES_ROOT\CLSID\{c406f816-318d-4f7d-81cb-ba93ca7b70d5} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146 6702566142025717167686871261825199413014739] HKEY_CLASSES_ROOT\CLSID\{d502d4a3-03e6-4eae-a14e-69606ca63430} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146 6702566142025717167686871261825199413014739] HKEY_CLASSES_ROOT\CLSID\{ec22770d-3343-4c56-8a8d-3e560475f655} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146 6702566142025717167686871261825199413014739] Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192221968171866242314182670191421662217146 6702566142025717167686871261825199413014739]
  4. I did a little error in the title : it's actskin4.ocx and not actskin4.osx ( .oCx )
  5. Hello I just updated MBAM, and I scanned my pc and it has found 15 infected objects that come from "actskin4.ocx". I didn't put them in quarantine because I searched on google and I found that it is an element of AVAST antivirus I have on my pc ( I use only 1 antivirus, it is AVAST, I don't have other antivirus ). I scanned in developer mode, and it found 14 objects and not 15 ... Here is the log file : Malwarebytes' Anti-Malware 1.41 Database version: 2881 Windows 5.1.2600 Service Pack 3 01/10/2009 09:33:42 mbam-log-2009-10-01 (09-33-34).txt Scan type: Quick Scan Objects scanned: 103607 Time elapsed: 5 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 13 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{3831331e-0d11-4716-871d-68f3b11d23c9} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142 5241869142325712067181869192068269413014739] HKEY_CLASSES_ROOT\CLSID\{0944d16c-d0f4-4389-982a-a085595a9eb3} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142 5241869142325712067181869192068269413014739] HKEY_CLASSES_ROOT\CLSID\{3dcd2bc5-8489-48ae-891f-90c8b2f19f56} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142 5241869142325712067181869192068269413014739] HKEY_CLASSES_ROOT\CLSID\{52c01a76-19e2-4a50-ae8a-38ffbccf9182} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142 5241869142325712067181869192068269413014739] HKEY_CLASSES_ROOT\CLSID\{5954ea75-9bfa-461a-bd34-cea3a861ff19} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142 5241869142325712067181869192068269413014739] HKEY_CLASSES_ROOT\CLSID\{762ec429-1a5d-4ab8-844a-9a552e1241da} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142 5241869142325712067181869192068269413014739] HKEY_CLASSES_ROOT\CLSID\{a506ef88-9efc-4522-bfe1-a8e886a64d80} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142 5241869142325712067181869192068269413014739] HKEY_CLASSES_ROOT\CLSID\{a5704c37-40da-49ef-904b-97e5f5f9b1c5} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142 5241869142325712067181869192068269413014739] HKEY_CLASSES_ROOT\CLSID\{b87799af-2ce9-4daa-93cf-65f002035369} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142 5241869142325712067181869192068269413014739] HKEY_CLASSES_ROOT\CLSID\{bbc73c94-337c-43cc-b52c-31eb9fa34013} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142 5241869142325712067181869192068269413014739] HKEY_CLASSES_ROOT\CLSID\{c406f816-318d-4f7d-81cb-ba93ca7b70d5} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142 5241869142325712067181869192068269413014739] HKEY_CLASSES_ROOT\CLSID\{d502d4a3-03e6-4eae-a14e-69606ca63430} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142 5241869142325712067181869192068269413014739] HKEY_CLASSES_ROOT\CLSID\{ec22770d-3343-4c56-8a8d-3e560475f655} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142 5241869142325712067181869192068269413014739] Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142 5241869142325712067181869192068269413014739] I think they are false positives because I scanned my pc with AVAST yesterday. Or they come on my pc between yesterday and now ! Thank you very much in anticipation, - avragorn -
  6. Hello Fatdcuk I was about to go , I came again before going Thank you very much for your help, and no problems, I wasn't worried because these are files I have since 2004 so all the antivirus programs I had until now would have found them if they were malwares Thank you very much again, you all do an amazing work to protect us all Have a great day ( here we will have storms :'( ) Cheers, - avragorn -
  7. I must go, and there will be storms too, so I will maybe come only tomorrow ... I am almost sure the files are FP since they are on my computer since 2004 .
  8. I didn't scan in developer mode as asked, so I just did, here is the log : Malwarebytes' Anti-Malware 1.37 Database version: 2236 Windows 5.1.2600 Service Pack 3 06/06/2009 13:36:16 mbam-log-2009-06-06 (13-36-11).txt Scan type: Quick Scan Objects scanned: 87740 Time elapsed: 4 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/aolsetup.dat (Rootkit.Agent) -> No action taken. [3857535134303627615642473748565261323232323232323215696685] Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\WINDOWS\AOLSetup.dat (Rootkit.Agent) -> No action taken. [3857535134303627615642473748565261323232323232323215696685] Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\AOLSetup.dat (Rootkit.Agent) -> No action taken. [3857535134303627615642473748565261323232323232323215696685]
  9. Hello ! I just updated MALWAREBYTE'S ANTIMALWARE and I scanned my computer and the program found : Malwarebytes' Anti-Malware 1.37 Version de la base de donn
  10. Yes, sorry, I didn't thank the developers, so ... Thank you very much
  11. The new update is available I just updated MALWAREBYTE'S ANTIMALWARE , I scanned my computer and it found nothing Everything is Ok !
  12. Hello I have the same problem , I have 5 "infected" elements : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bfast.com (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\commission-junction.com (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.com (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.net (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\linksynergy.com (Adware.BHO) -> Quarantined and deleted successfully. I didn't test with my antivirus yet, but on a french forum, someone says that SPYBOT Search & Destroy finds the same elements as MALWAREBYTES' ANTIMALWARE .... I can't test because I deleted SPYBOT because it took 4 hours to scan my computer !
  13. Hello Thank you very much to everyone Someone on a french forum told me that it's good , my computer will work . The proof is that I installed Service Pack 3 ... and wextract is used for extract .cab files from the windows updates . The guy on the french forum asked me to post a RSIT log to show him all created files and everything .... and he told me everything is ok To maalim : I tried the system restore , it doesn't work ! I had an error message : "the restore can't be completed , please choose another restore point" ( something like that , and I try to translate into english since it's written in french ! ) . So I didn't can restore the system to a previous date Thank you very much to everyone again , you can consider that my problem is resolved Thank you very much again - avra -
  14. Thank you very much Someone on a french forum advised me almost the same thing .... I installed Windows Service Pack 3 because I had Service Pack 2 . Most of the files are back , the only one file I don't find anymore is : c:\WINDOWS\system32\dllcache\wextract.exe I don't know if it's very important , I have all the other wextract.exe in the other folders .
  15. These are the files MALWAREBYTE'S ANTIMALWARE has found last wednesday , don't delete them ! I deleted them forever and now I don't know how to have them again !
  16. Hello ! I am new there I am a french user ... I use MALWAREBYTE'S ANTIMALWARE since approximately 1 year and I love it , it is very powerful ! Last wednesday MALWAREBYTE'S ANTIMALWARE has found wextract.exe and other files as trojan.vundo . I know it's a false positive . But until I read this on french forums , I had time to delete the files from the quarantine and now I don't have them on my computer anymore ! With the logs I found all the files I deleted forever last wednesday , files that MALWAREBYTE'S ANTIMALWARE has found as trojan.vundo : C:\System Volume Information\_restore{02F74351-7C8E-45A0-B01F-D8177EAA33A9}\R
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.