Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Voundo, Superjuan, Msjuan, Metajuan... Etc (infected)


  • This topic is locked This topic is locked
2 replies to this topic

#1 Azriel

Azriel

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 11 May 2008 - 09:42 AM

I am getting a headache. I have Voundo trojan, superjuan, MSJuan, Metajuan trojans on my computer and I Can't seem to be able to fix them. Tried Norton Antivirus 2008, tried Voundo Fix, tried to delete registry keys... i'm all out of ideas. I have a hijackthis log file and a combo fix logfile. Can someone help me please?

Thanks a lot.

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:08, on 2008-05-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\sistray.exe
C:\DOCUME~1\Francois\LOCALS~1\Temp\RtkBtMnt.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = amtlbcproxy01:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [e4d53263] rundll32.exe "C:\WINDOWS\system32\ygkiigdk.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [mschkdsk.exe] C:\WINDOWS\system32\mschkdsk.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {B151B524-F451-4036-9663-B3944FA710DF} (ExecuteAgent2p Class) - http://hprssclient.frontrange.com/ENUclientPro.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7787 bytes


Combofix

ComboFix 08-05-09.1 - Francois 2008-05-11 9:40:16.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.2.1036.18.660 [GMT -4:00]
Endroit: C:\Documents and Settings\Francois\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\agngjywt.ini
C:\WINDOWS\system32\cdvbkpkd.dll
C:\WINDOWS\system32\cfNmmnmp.ini
C:\WINDOWS\system32\cfNmmnmp.ini2
C:\WINDOWS\system32\ixtbhdmq.ini
C:\WINDOWS\system32\kdgiikgy.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mvrxjumx.ini
C:\WINDOWS\system32\oemuffmn.dll
C:\WINDOWS\system32\piseyjnm.ini
C:\WINDOWS\system32\pmnmmNfc.dll
C:\WINDOWS\system32\psehhilb.ini
C:\WINDOWS\system32\qybybkka.ini
C:\WINDOWS\system32\rxufpfgd.ini
C:\WINDOWS\system32\shipdttf.ini
C:\WINDOWS\system32\ulbvrxhl.dll
C:\WINDOWS\system32\xnungakq.dll
C:\WINDOWS\winlogon.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-11 to 2008-05-11 ))))))))))))))))))))))))))))))))))))
.

2008-05-10 10:39 . 2008-05-10 12:00 <REP> d-------- C:\Documents and Settings\GrandPapou\Application Data\Vso
2008-05-10 10:23 . 2008-05-10 11:09 0 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-08 21:01 . 2008-05-08 21:01 90,176 --a------ C:\WINDOWS\system32\ygkiigdk.old
2008-05-08 20:58 . 2008-05-08 20:58 2,112 --a------ C:\WINDOWS\system32\jkichvuj.exe
2008-05-07 20:58 . 2008-05-07 20:58 2,112 --a------ C:\WINDOWS\system32\ujfcleni.exe
2008-05-04 17:30 . 2008-05-07 18:36 382,941 --a------ C:\upload_moi_EXAFCONS02.tar.gz
2008-04-30 17:42 . 2008-04-30 17:42 <REP> d-------- C:\Program Files\Windows Sidebar
2008-04-30 17:42 . 2008-04-30 17:50 <REP> d-------- C:\Program Files\Norton AntiVirus
2008-04-30 17:37 . 2008-04-30 18:31 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-30 17:37 . 2008-04-30 18:31 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-30 17:37 . 2008-04-30 18:31 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-30 17:37 . 2008-04-30 18:31 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-30 17:35 . 2008-04-30 18:31 <REP> d-------- C:\Program Files\Symantec
2008-04-30 17:35 . 2008-04-30 18:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-30 17:34 . 2008-05-04 17:22 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-04-29 17:53 . 2008-04-29 17:53 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-29 17:53 . 2008-04-29 17:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-29 11:09 . 2008-05-10 21:19 109,709 --a------ C:\WINDOWS\BMe7e601ff.xml
2008-04-28 17:28 . 2008-04-28 17:29 <REP> d-------- C:\Program Files\DAP Premium
2008-04-28 17:19 . 2008-04-30 18:21 <REP> d-------- C:\Program Files\DAP
2008-04-28 17:19 . 2008-04-28 17:22 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 16:59 --------- d-----w C:\Program Files\DVDFab Platinum 4
2008-05-10 13:18 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-30 02:17 --------- d-----w C:\Documents and Settings\Francois\Application Data\Azureus
2008-04-29 20:51 --------- d-----w C:\Documents and Settings\Francois\Application Data\Vso
2008-04-28 21:19 --------- d-----w C:\Program Files\Google
2008-04-27 04:26 --------- d-----w C:\Program Files\Azureus
2008-04-13 02:31 --------- d-----w C:\Program Files\SopCast
2008-04-05 20:54 --------- d-----w C:\Documents and Settings\Francois\Application Data\SopCast
2008-04-04 19:33 --------- d-----w C:\Documents and Settings\Francois\Application Data\Juniper Networks
2008-04-02 21:56 --------- d-----w C:\Documents and Settings\GrandPapou\Application Data\Juniper Networks
2008-03-30 13:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-03-19 20:54 --------- d-----w C:\Program Files\DVDFab Platinum
2008-03-19 20:44 87,608 ----a-w C:\Documents and Settings\Francois\Application Data\inst.exe
2008-03-19 20:44 47,360 ----a-w C:\Documents and Settings\Francois\Application Data\pcouffin.sys
2008-03-17 13:25 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Juniper Networks
2008-03-17 13:25 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Juniper Networks
2008-03-17 13:22 --------- d-----w C:\Program Files\Juniper Networks
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-30 18:15 116088 --a------ C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"mschkdsk.exe"="C:\WINDOWS\system32\mschkdsk.exe" [ ]
"WeatherEye"="C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-28 17:19 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"SoundMan"="SOUNDMAN.EXE" [2007-03-15 00:48 577536 C:\WINDOWS\soundman.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 15:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 15:43 688218]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 08:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"NWEReboot"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"SiSPower"="SiSPower.dll" [2005-02-25 19:35 49152 C:\WINDOWS\system32\SiSPower.dll]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 13:13 32768]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 18:22 35328]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-07-27 07:58 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-07-26 23:49 713072]
"e4d53263"="C:\WINDOWS\system32\ygkiigdk.dll" [ ]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"idsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\Francois\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

R1 NEOFLTR_600_12507;Juniper Networks TDI Filter Driver (NEOFLTR_600_12507);C:\WINDOWS\system32\Drivers\NEOFLTR_600_12507.SYS [2007-12-27 23:23]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c93481e-6adb-11dc-b1e6-00c09fdd8d99}]
\Shell\AutoRun\command - F:\LaunchU3.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-30 21:55:45 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Francois.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 09:50:05
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\WLTRAY.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\sistray.exe
C:\DOCUME~1\Francois\LOCALS~1\temp\RtkBtMnt.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-11 9:54:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-11 13:54:34

Pre-Run: 7,852,855,296 octets libres
Post-Run: 13,775,388,672 octets libres

181 --- E O F --- 2008-04-09 07:03:37

Edited by Azriel, 11 May 2008 - 09:49 AM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:26 AM

Posted 11 May 2008 - 04:34 PM

Hi,

First of all... not sure where you have read the instructions to use Combofix, but the first step required before you run it is to install the Recovery Console.
Read here how to do this with Combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

The reason why Recovery Console is recommended is because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged. Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

Then, * Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\ygkiigdk.old
C:\WINDOWS\system32\jkichvuj.exe
C:\WINDOWS\system32\ujfcleni.exe
C:\WINDOWS\BMe7e601ff.xml
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mschkdsk.exe"=-
"WeatherEye"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=-
"e4d53263"=-


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:26 AM

Posted 20 May 2008 - 12:43 PM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users