Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Generic.dx


  • This topic is locked This topic is locked
12 replies to this topic

#1 Bergy

Bergy

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 16 February 2009 - 10:07 PM

I have a virus/trojan, i have installed HiJackThis and here is my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:57:43, on 2009-02-16
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\WINDOWS\fxstaller.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration Prince of Persia Warrior Within.LNK = C:\Program Files\Ubisoft\Prince of Persia Warrior Within\Support\Register\RegistrationReminder.exe
O4 - Startup: Ubisoft register.lnk = C:\Program Files\UBISOFT\Register\schedule.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8686 bytes

BC AdBot (Login to Remove)

 


#2 Bergy

Bergy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 16 February 2009 - 10:14 PM

I got infected by some MSN link

(I'm new to this forum)

Thank you,

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:48 AM

Posted 17 February 2009 - 03:36 AM

Hi,

A question first...
Is your McAfee up to date? Because it suprises me that the malware you're dealing with is not deleted by McAfee. This IRCBot is already 6 months old and should be detected by every scanner by now..

Anyway, other malware it downloads may still be present here as well, so do next please...

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.


Extra note: The combofix tutorial recommends to disable your Antivirus, in your case McAfee. For McAfee, I rather recommend to temporary uninstall it, because Mcafee causes a lot of problems with Combofix after reboot, this because McAfee enables again after reboot. So please temporary uninstall McAfee first, then reboot and then scan with Combofix.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 Bergy

Bergy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 17 February 2009 - 04:54 PM

ok this is the log from ComboFix


By the way, thanks a lot for helping me !

ComboFix 09-02-15.01 - Alexandre 2009-02-17 16:48:09.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.653 [GMT -5:00]
Lancé depuis: c:\documents and settings\Alexandre\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\fxstaller.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-17 au 2009-02-17 ))))))))))))))))))))))))))))))))))))
.

2009-02-16 21:57 . 2009-02-16 21:57 <REP> d-------- c:\program files\Trend Micro
2009-02-16 21:22 . 2009-02-16 21:28 <REP> d-------- C:\QUARANTINE
2009-02-08 12:44 . 2009-02-08 12:44 <REP> d-------- c:\program files\Free M4a to MP3 Converter
2009-02-06 22:48 . 2009-02-06 22:48 <REP> d-------- c:\program files\MSXML 4.0
2009-02-05 17:08 . 2009-02-05 17:08 <REP> d-------- c:\program files\Motorola
2009-02-05 17:08 . 2009-02-05 17:08 <REP> d-------- c:\program files\Common Files
2009-02-05 17:08 . 2007-10-10 17:41 42,112 --a------ c:\windows\system32\drivers\motodrv.sys
2009-02-05 17:03 . 2009-02-05 17:03 <REP> d-------- c:\program files\Avanquest update
2009-02-05 16:57 . 2009-02-05 16:57 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-02-05 16:57 . 2009-02-05 16:57 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-02-05 16:56 . 2006-11-13 14:45 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll
2009-02-05 16:56 . 2007-06-18 14:18 23,680 --a------ c:\windows\system32\drivers\motmodem.sys
2009-02-05 16:55 . 2009-02-09 22:26 <REP> d-------- c:\program files\Motorola Phone Tools
2009-02-05 16:55 . 2009-02-09 22:05 <REP> d-------- c:\program files\Fichiers communs\Motorola Shared
2009-02-05 16:55 . 2009-02-05 17:02 <REP> d-------- c:\documents and settings\All Users\Application Data\BVRP Software
2009-02-05 16:55 . 2009-02-05 16:55 <REP> d-------- c:\documents and settings\Alexandre\Application Data\InstallShield
2009-02-05 16:54 . 2008-04-13 14:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys
2009-02-05 16:54 . 2008-04-13 14:45 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys
2009-02-03 20:57 . 2009-02-03 20:57 268 --ah----- C:\sqmdata19.sqm
2009-02-03 20:57 . 2009-02-03 20:57 244 --ah----- C:\sqmnoopt19.sqm
2009-02-02 19:59 . 2009-02-02 19:59 268 --ah----- C:\sqmdata18.sqm
2009-02-02 19:59 . 2009-02-02 19:59 244 --ah----- C:\sqmnoopt18.sqm
2009-01-31 18:56 . 2009-01-31 18:56 268 --ah----- C:\sqmdata17.sqm
2009-01-31 18:56 . 2009-01-31 18:56 244 --ah----- C:\sqmnoopt17.sqm
2009-01-30 16:39 . 2009-01-30 16:39 268 --ah----- C:\sqmdata16.sqm
2009-01-30 16:39 . 2009-01-30 16:39 244 --ah----- C:\sqmnoopt16.sqm
2009-01-29 22:01 . 2009-01-29 22:01 268 --ah----- C:\sqmdata15.sqm
2009-01-29 22:01 . 2009-01-29 22:01 244 --ah----- C:\sqmnoopt15.sqm
2009-01-28 22:03 . 2009-01-28 22:03 268 --ah----- C:\sqmdata14.sqm
2009-01-28 22:03 . 2009-01-28 22:03 244 --ah----- C:\sqmnoopt14.sqm
2009-01-27 20:45 . 2009-01-27 20:45 268 --ah----- C:\sqmdata13.sqm
2009-01-27 20:45 . 2009-01-27 20:45 244 --ah----- C:\sqmnoopt13.sqm
2009-01-25 17:43 . 2009-01-25 17:43 268 --ah----- C:\sqmdata12.sqm
2009-01-25 17:43 . 2009-01-25 17:43 244 --ah----- C:\sqmnoopt12.sqm
2009-01-24 18:55 . 2009-01-24 18:55 268 --ah----- C:\sqmdata11.sqm
2009-01-24 18:55 . 2009-01-24 18:55 244 --ah----- C:\sqmnoopt11.sqm
2009-01-23 23:04 . 2009-01-23 23:04 268 --ah----- C:\sqmdata10.sqm
2009-01-23 23:04 . 2009-01-23 23:04 244 --ah----- C:\sqmnoopt10.sqm
2009-01-21 20:48 . 2009-01-21 20:48 268 --ah----- C:\sqmdata09.sqm
2009-01-21 20:48 . 2009-01-21 20:48 244 --ah----- C:\sqmnoopt09.sqm
2009-01-19 20:00 . 2009-01-19 20:00 268 --ah----- C:\sqmdata08.sqm
2009-01-19 20:00 . 2009-01-19 20:00 244 --ah----- C:\sqmnoopt08.sqm
2009-01-18 22:37 . 2009-02-15 13:06 268 --ah----- C:\sqmdata07.sqm
2009-01-18 22:37 . 2009-02-15 13:06 244 --ah----- C:\sqmnoopt07.sqm
2009-01-18 17:36 . 2009-01-18 17:36 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-18 17:13 . 2009-01-18 17:13 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
2009-01-18 17:09 . 2009-01-18 17:57 <REP> d-------- c:\program files\Adobe CS3
2009-01-17 17:15 . 2009-02-14 22:50 268 --ah----- C:\sqmdata06.sqm
2009-01-17 17:15 . 2009-02-14 22:50 244 --ah----- C:\sqmnoopt06.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 21:30 --------- d-----w c:\program files\Steam
2009-02-15 21:17 --------- d-----w c:\documents and settings\Alexandre\Application Data\uTorrent
2009-02-14 17:38 --------- d-----w c:\documents and settings\Alexandre\Application Data\LimeWire
2009-02-11 03:32 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-10 03:17 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-01 19:24 --------- d-----w c:\documents and settings\Alexandre\Application Data\dvdcss
2009-01-18 22:26 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-10 23:26 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-10 23:26 --------- d-----w c:\program files\Java
2009-01-08 01:31 --------- d-----w c:\program files\Bonjour
2009-01-01 19:34 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-31 02:54 --------- d-----w c:\documents and settings\Alexandre\Application Data\vlc
2008-12-25 19:03 --------- d-----w c:\program files\Picasa2
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 02:31 --------- d-----w c:\program files\QuickTime
2008-12-19 18:59 --------- d-----w c:\program files\Fichiers communs\DVDVideoSoft
2008-12-19 18:58 --------- d-----w c:\program files\DVDVideoSoft
2008-12-19 18:19 --------- d-----w c:\program files\iTunes
2008-12-19 18:19 --------- d-----w c:\program files\iPod
2008-12-19 18:19 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-19 18:15 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-12 16:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 16:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-11-02 00:48 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008110120081102\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-09-23 533944]
"Steam"="c:\program files\Steam\Steam.exe" [2008-12-23 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\nash_benoit@hotmail.com\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\nash_benoit@hotmail.com\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-02-05 42112]
.
Contenu du dossier 'Tâches planifiées'

2009-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\fbhc2vb9.default\
FF - prefs.js: browser.startup.homepage - hxxp://ca.youtube.com/
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 16:49:39
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-02-17 16:51:12
ComboFix-quarantined-files.txt 2009-02-17 21:51:09

Avant-CF: 60 584 755 200 octets libres
Après-CF: 60,915,933,184 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

171 --- E O F --- 2009-02-11 03:33:55

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:48 AM

Posted 17 February 2009 - 05:17 PM

Hi,

This looks OK again.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 Bergy

Bergy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 17 February 2009 - 05:31 PM

I'm not sure to understand that... (Go to start ????)

Thanks again

#7 Bergy

Bergy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 17 February 2009 - 05:49 PM

it's ok I now understand (Windows is in french so ^^)

So I'm ok, things looks good :thumbup2:

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:48 AM

Posted 17 February 2009 - 05:57 PM

Glad I could help. :thumbup2:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Bergy

Bergy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 17 February 2009 - 06:00 PM

Again, Thank you a lot for your time and help !

Can I re-install my antivirus ?

Also, Should i uninstall HiJackThis ?

Thank you :thumbup2:

Bergy

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:48 AM

Posted 17 February 2009 - 06:26 PM

Yes, you can reinstall your Antivirus and uninstall HijackThis :thumbup2:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 Bergy

Bergy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 17 February 2009 - 06:27 PM

Perfect ! :thumbup2:

Again and again thank you a lot !!

Bergy

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:48 AM

Posted 17 February 2009 - 06:33 PM

You're most welcome :thumbup2:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:48 AM

Posted 21 February 2009 - 06:36 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users