Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by PC Antispyware 2010


  • This topic is locked This topic is locked
2 replies to this topic

#1 prodix

prodix

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 12 August 2009 - 07:29 PM

Hi, my name is Samuel and i'm actually trying to fix the computer of my mother. I want to tell you that i speak french then i'm sorry for my bad english.

I'm infected by PC Antispyware 2010, i'm sure that you know what is it then i wont explain the virus. (a fake anti-virus...).
First of all, i tried to remove it by using ur spyware removal guide with Mbam. it seem to work, but the virus reinstall by itself once my computer rebooted. Then i decided to ask some help here.

This is the Mbam log.

[codebox]Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2614
Windows 5.1.2600 Service Pack 2

2009-08-12 19:58:45
mbam-log-2009-08-12 (19-58-45).txt

Type de recherche: Examen rapide
Eléments examinés: 94406
Temps écoulé: 5 minute(s), 15 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 21

Processus mémoire infecté(s):
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe (Rogue.Multiple) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Delete on reboot.
C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> Delete on reboot.
C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc_antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msword98 (Trojan.FakeAlert.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msword98 (Trojan.FakeAlert.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pc antispyware 2010 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\data (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Propriétaire\msword98.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\msword98.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.cfg (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Uninstall.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\wscui.cpl (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\data\daily.cvd (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\PC_Antispyware2010\PC_Antispyware2010.lnk (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\PC_Antispyware2010\Uninstall.lnk (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Bureau\PC_Antispyware2010.lnk (Rogue.PCAntispy) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
[/codebox]



This is the DDS log :

[codebox]DDS (Ver_09-07-30.01) - NTFSx86
Run by Propri‚taire at 20:09:20,31 on 2009-08-12
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.2.1036.18.767.386 [GMT -4:00]

AV: Gestionnaire de sécurité Sympatico Antivirus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Gestionnaire de sécurité Sympatico Coupe-feu *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Bell\Internet Service Advisor\SSA.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
svchost
C:\WINDOWS\system32\msword98.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe
C:\Documents and Settings\Propriétaire\Bureau\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ca.gdark.com
uSearchMigratedDefaultURL = hxxp://ca.gdark.com/search.php?cx=partner-pub-7902900401080901%3As2gl1nvt99e&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://ca.gdark.com
mSearchAssistant = hxxp://www.google.com
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [msword98] c:\documents and settings\propriétaire\msword98.exe
uRun: [braviax]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [LTMSG] LTMSG.exe 7
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SSA.exe] "c:\program files\bell\internet service advisor\SSA.exe" /AUTORUN
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [msword98] c:\windows\system32\msword98.exe
mRun: [braviax]
mRun: [PC Antispyware 2010] "c:\program files\pc_antispyware2010\PC_Antispyware2010.exe" /hide
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
StartupFolder: c:\documents and settings\propriétaire\menu démarrer\programmes\démarrage\ikowin32.exe
StartupFolder: c:\docume~1\propri~1\menudm~1\progra~1\dmarra~1\speedp~1.lnk - c:\program files\speedplexer\SpeedPlexer.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\dmarra~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: &Search
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38133.3641898148
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\propri~1\applic~1\mozilla\firefox\profiles\s8kob0n7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://ca.gdark.com/search.php?cx=partner-pub-7902900401080901%3As2gl1nvt99e&cof=FORID%3A10&ie=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm428YYCA&fl=0&ptb=cxianopPaZTJcz6aKuTtFg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - plugin: c:\program files\bell\internet service advisor\nprpspa.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 VaultClientUpgrade;Personal Vault Upgrade Service;c:\program files\personal vault\VaultClientUpgrade.exe [2008-3-7 53248]
S1 87539dd9;87539dd9;c:\windows\system32\drivers\87539dd9.sys [2009-8-10 0]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-3-20 33176]
S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;c:\program files\bell\gestionnaire de securite\RpsSecurityAware.exe [2008-3-10 67824]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

=============== Created Last 30 ================

2009-08-12 20:06 19,362 a------- c:\windows\qyhi.inf
2009-08-12 20:06 18,466 a------- c:\windows\system32\cusysy._dl
2009-08-12 20:06 17,865 a------- c:\docume~1\alluse~1\applic~1\akibitixe.reg
2009-08-12 20:06 17,183 a------- c:\program files\fichiers communs\igibogafac.bat
2009-08-12 20:06 15,936 a------- c:\windows\nilene.ban
2009-08-12 20:06 15,792 a------- c:\program files\fichiers communs\cecig.reg
2009-08-12 20:06 15,751 a------- c:\docume~1\alluse~1\applic~1\yhywozyg.exe
2009-08-12 20:06 14,465 a------- c:\windows\system32\icogex.ban
2009-08-12 20:06 14,045 a------- c:\windows\uqyh.reg
2009-08-12 20:06 11,604 a------- c:\windows\somi.bin
2009-08-12 20:06 10,822 a------- c:\windows\utanuxekuj.db
2009-08-12 20:06 10,809 a------- c:\windows\copoh.ban
2009-08-12 20:06 10,447 a------- c:\program files\fichiers communs\cawoh.bat
2009-08-12 20:06 10,273 a------- c:\docume~1\alluse~1\applic~1\kugov.vbs
2009-08-12 20:06 10,216 a------- c:\docume~1\propri~1\applic~1\ibocu.dll
2009-08-12 20:05 347,739 a------- c:\windows\system32\_scui.cpl
2009-08-12 20:05 <DIR> --d----- c:\program files\PC_Antispyware2010
2009-08-12 20:00 191,605 a------- c:\windows\system32\wisdstr.exe
2009-08-12 20:00 47,744 a------- c:\windows\system32\drivers\447c0d1e.sys
2009-08-12 20:00 28,160 ac------ c:\windows\system32\dllcache\figaro.sys
2009-08-12 20:00 28,160 ac------ c:\windows\system32\dllcache\beep.sys
2009-08-12 20:00 10,240 a------- c:\windows\system32\braviax.exe
2009-08-12 20:00 26,686 a------- c:\windows\system32\msword98.exe
2009-08-12 20:00 26,686 a------- c:\documents and settings\propriétaire\msword98.exe
2009-08-12 19:51 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-12 19:51 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-12 19:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-11 18:02 4,224 a------- c:\windows\system32\drivers\beep.sys
2009-08-11 17:58 <DIR> --ds---- C:\Combo-Fix
2009-08-11 17:49 19,901 a------- c:\docume~1\alluse~1\applic~1\amim.pif
2009-08-11 17:49 18,959 a------- c:\docume~1\alluse~1\applic~1\sezyhoz.bin
2009-08-11 17:49 17,762 a------- c:\program files\fichiers communs\azehoza.scr
2009-08-11 17:49 17,167 a------- c:\docume~1\propri~1\applic~1\yqow.reg
2009-08-11 17:49 17,123 a------- c:\windows\system32\byfyhakadu.dat
2009-08-11 17:49 15,116 a------- c:\docume~1\alluse~1\applic~1\esyr.exe
2009-08-11 17:49 14,383 a------- c:\docume~1\propri~1\applic~1\yruburyper.dll
2009-08-11 17:49 13,476 a------- c:\program files\fichiers communs\lewebot.com
2009-08-11 17:49 13,010 a------- c:\docume~1\propri~1\applic~1\awyzuleji.vbs
2009-08-11 17:49 12,907 a------- c:\windows\jesydasur._dl
2009-08-11 17:49 11,778 a------- c:\windows\asusug.com
2009-08-11 17:49 11,497 a------- c:\windows\system32\ipacububac.bin
2009-08-11 17:49 10,455 a------- c:\windows\ofugo._dl
2009-08-11 17:49 10,251 a------- c:\windows\system32\mylilo.bat
2009-08-11 17:49 10,085 a------- c:\windows\system32\tizex.exe
2009-08-11 17:09 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-11 17:00 216,064 a------- c:\windows\PEV.exe
2009-08-11 17:00 161,792 a------- c:\windows\SWREG.exe
2009-08-11 17:00 98,816 a------- c:\windows\sed.exe
2009-08-11 13:07 <DIR> --d----- c:\program files\Common Files
2009-08-11 13:07 <DIR> --d----- c:\program files\BellCanada
2009-08-10 21:37 <DIR> --d----- c:\program files\trend micro
2009-08-10 21:34 19,341 a------- c:\windows\matu.lib
2009-08-10 21:34 15,933 a------- c:\windows\uwypi.sys
2009-08-10 21:34 15,896 a------- c:\docume~1\alluse~1\applic~1\lisigytaj.pif
2009-08-10 21:34 15,295 a------- c:\program files\fichiers communs\orok.bin
2009-08-10 21:34 13,517 a------- c:\program files\fichiers communs\zehinuf.bin
2009-08-10 21:34 19,164 a------- c:\docume~1\alluse~1\applic~1\iqyxaqo.com
2009-08-10 21:34 16,314 a------- c:\windows\imiwati.com
2009-08-10 21:34 14,416 a------- c:\windows\system32\fozoc._dl
2009-08-10 21:34 14,034 a------- c:\program files\fichiers communs\sakyt.scr
2009-08-10 21:34 12,034 a------- c:\docume~1\propri~1\applic~1\joqaxeluf.com
2009-08-10 21:34 11,098 a------- c:\windows\ihuxahimy.vbs
2009-08-10 21:34 11,036 a------- c:\windows\roqepi.db
2009-08-10 19:08 19,173 a------- c:\docume~1\alluse~1\applic~1\vokuduxep.com
2009-08-10 19:08 17,184 a------- c:\windows\ikyf.bat
2009-08-10 19:08 16,523 a------- c:\docume~1\alluse~1\applic~1\bycyhuro.scr
2009-08-10 19:08 14,930 a------- c:\windows\system32\inyvumow.inf
2009-08-10 19:08 14,919 a------- c:\windows\system32\oqoma._dl
2009-08-10 19:08 14,650 a------- c:\windows\oweporek.reg
2009-08-10 19:08 14,259 a------- c:\windows\wabi.scr
2009-08-10 19:08 13,089 a------- c:\docume~1\alluse~1\applic~1\gezav.vbs
2009-08-10 19:08 12,955 a------- c:\docume~1\propri~1\applic~1\efexon.reg
2009-08-10 19:08 11,917 a------- c:\docume~1\alluse~1\applic~1\ikulyk.dll
2009-08-10 19:08 11,239 a------- c:\windows\uferaxorul.db
2009-08-10 18:15 <DIR> --d----- c:\docume~1\propri~1\applic~1\Malwarebytes
2009-08-10 18:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-10 17:44 18,641 a------- c:\program files\fichiers communs\wokanovu.bin
2009-08-10 17:44 16,526 a------- c:\windows\system32\rovabuz._sy
2009-08-10 17:44 13,654 a------- c:\windows\nedysigedo.reg
2009-08-10 17:44 10,869 a------- c:\docume~1\propri~1\applic~1\ypelobe.scr
2009-08-10 17:44 10,714 a------- c:\windows\qeqyricugi.inf
2009-08-10 17:44 19,321 a------- c:\program files\fichiers communs\imotevekol.pif
2009-08-10 17:44 14,741 a------- c:\program files\fichiers communs\ilymuqabuq.bin
2009-08-10 17:44 13,086 a------- c:\windows\zuqyxyg._dl
2009-08-10 17:38 0 a------- c:\windows\system32\drivers\87539dd9.sys
2009-08-08 23:03 0 a------- c:\windows\system32\?fy

==================== Find3M ====================

2009-08-12 20:06 13,799 a------- c:\program files\fichiers communs\yqal.inf
2009-08-12 20:06 10,137 a------- c:\program files\fichiers communs\suhukyryki.dl
2009-08-12 19:59 6,291,456 a------- c:\documents and settings\propriétaire\NTUSER.DAT
2009-08-11 17:49 13,362 a------- c:\program files\fichiers communs\ylid.ban
2009-08-11 17:44 619,200 ac------ c:\windows\system32\drivers\ntfs.sys
2009-08-10 21:34 19,948 a------- c:\program files\fichiers communs\razic.dl
2009-08-10 21:34 17,808 a------- c:\program files\fichiers communs\sosytah.lib
2009-08-10 21:34 11,667 a------- c:\program files\fichiers communs\huliviqoxe.dl
2009-08-10 21:34 17,980 a------- c:\program files\fichiers communs\ogypyqoxeq._sy
2009-08-10 19:08 17,823 a------- c:\program files\fichiers communs\tyzarem.ban
2009-08-10 19:08 14,924 a------- c:\program files\fichiers communs\lumo._dl
2009-08-10 17:44 16,749 a------- c:\program files\fichiers communs\yguj._sy
2009-06-23 20:44 34 a------- c:\documents and settings\propriétaire\jagex_runescape_preferences.dat
2004-11-23 18:05 56 -c-shr-- c:\windows\system32\18F5C0A022.sys

============= FINISH: 20:09:32,50 ===============
[/codebox]

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 13 August 2009 - 04:58 AM

Hello.. Don't use code/quote tags when posting logs.. Just post it as it is.. Will be much easier for my eyes



Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 19 August 2009 - 12:44 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users