Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix


  • This topic is locked This topic is locked
5 replies to this topic

#1 zebuth007

zebuth007

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 26 January 2012 - 10:40 AM

Hello

pc worked slow

removed first old version reader ...

after runned combofix offline;

that's my log:

ComboFix 12-01-21.02 - papa 25/01/2012 20:01:48.3.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.32.1036.18.3070.1966 [GMT 1:00]
Lancé depuis: c:\users\papa\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\papa\AppData\Local\TempDIR
c:\users\papa\AppData\Local\TempDIR\BetterInstaller.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-12-25 au 2012-01-25 ))))))))))))))))))))))))))))))))))))
.
.
2012-01-25 19:05 . 2012-01-25 19:06 -------- d-----w- c:\users\papa\AppData\Local\temp
2012-01-25 19:05 . 2012-01-25 19:05 -------- d-----w- c:\users\anne\AppData\Local\temp
2012-01-25 19:00 . 2012-01-25 19:00 -------- d-----w- c:\users\Public
2012-01-25 17:15 . 2012-01-25 17:15 -------- d-----w- c:\users\papa\AppData\Roaming\SUPERAntiSpyware.com
2012-01-25 17:15 . 2012-01-25 17:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-25 17:11 . 2012-01-25 17:11 -------- d-----w- c:\users\papa\AppData\Local\Microsoft Help
2012-01-25 17:06 . 2012-01-25 17:06 20534 ----a-w- c:\windows\cscmondump.bin
2012-01-25 16:27 . 2012-01-25 16:27 -------- d-----w- c:\program files\Windows Live
2012-01-24 16:21 . 2012-01-24 16:21 -------- d-----w- c:\program files\Defraggler
2012-01-24 15:31 . 2012-01-24 15:31 -------- d-----w- c:\program files\Common Files\Windows Live
2012-01-24 06:38 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0677257-2613-40BC-A5E9-5D9629ABD89C}\mpengine.dll
2012-01-21 06:04 . 2012-01-21 06:04 -------- d-----w- c:\users\anne\AppData\Local\Logitech® Webcam Software
2012-01-19 17:14 . 2012-01-19 17:14 -------- d-----w- c:\users\papa\AppData\Local\Logitech® Webcam Software
2012-01-19 17:04 . 2012-01-19 17:04 -------- d-----w- c:\program files\Wikikou
2012-01-19 15:36 . 2012-01-19 17:05 -------- d-----w- c:\program files\Microsoft
2012-01-19 15:36 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-01-19 15:36 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-01-19 15:36 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-01-19 15:32 . 2012-01-19 15:32 -------- d-----w- c:\users\papa\AppData\Roaming\Leadertech
2012-01-19 15:32 . 2012-01-19 15:32 -------- d-----w- c:\programdata\Logitech
2012-01-19 15:31 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-01-19 15:11 . 2012-01-19 15:11 -------- d-----w- c:\program files\CCleaner
2012-01-19 14:35 . 2012-01-19 14:35 -------- d-----w- c:\program files\Temp File Cleaner
2012-01-19 14:35 . 2012-01-25 16:04 -------- d-----w- c:\windows\system32\catroot2
2012-01-19 14:24 . 2012-01-19 14:24 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-19 14:24 . 2012-01-19 14:24 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-19 14:24 . 2012-01-19 14:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-19 14:24 . 2012-01-19 14:24 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-18 09:26 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-18 09:26 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-18 09:26 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-18 09:26 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-18 09:26 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-18 09:26 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-11 06:59 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 06:59 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 06:59 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 06:59 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 06:59 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 06:59 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 06:59 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 06:59 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 17:27 . 2011-12-20 17:27 3584 ----a-r- c:\users\papa\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-12-19 18:59 . 2011-05-07 14:17 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 18:59 . 2011-05-02 18:36 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 18:59 . 2011-05-02 18:36 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 18:59 . 2011-05-02 18:36 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 18:58 . 2011-10-24 08:03 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 18:58 . 2011-05-02 18:36 301224 ----a-w- c:\windows\system32\guard32.dll
2011-11-23 13:37 . 2011-12-14 07:23 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-17 17:06 . 2011-12-20 13:31 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-11-17 17:06 . 2011-08-13 09:59 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-15 13:29 . 2009-10-03 07:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-14 09:58 . 2011-11-14 09:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-08 14:42 . 2011-12-14 07:23 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-15 02:03 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-15 02:03 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 02:03 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-15 02:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-01-19 14:24 . 2011-10-03 13:43 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0cnat
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
2009-06-04 16:51 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart]
2009-04-09 21:22 185640 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
2009-09-09 13:26 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2008-11-20 08:47 62768 ----a-w- c:\program files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-12-04 11:00 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
2009-03-05 16:28 915512 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-11-02 51632]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2009-06-15 37632]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2012-01-18 2998832]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
------- Examen supplémentaire -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\papa\AppData\Roaming\Mozilla\Firefox\Profiles\l6ztlgqe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.dhnet.be/
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM-Run-HP Health Check Scheduler - (no file)
MSConfigStartUp-HPADVISOR - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
AddRemove-Microsoft .NET Framework 4 Client Profile - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-25 20:06
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\JavaSoft\Prefs]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3790488275-2234851889-1404318780-1000\Software\Theorica\Safe XP]
@DACL=(02 0000)
"BackupData"="8D2010002000000"
"LangID"=dword:0000040c
"Top"="227"
"Left"="277"
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\0\AV\Settings\Exclusions]
@DACL=(02 0000)
"Num"=dword:00000002
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\0\AV\Settings\Manual]
@DACL=(02 0000)
"Flags"=dword:000001e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\0\AV\Settings\RealTime]
@DACL=(02 0000)
"Flags"=dword:00000320
"ScanningMode"=dword:00000003
"MaxScanFileSize"=dword:00000028
"MaxScriptFileSize"=dword:00000004
"MaxFileScanTime"=dword:0000003c
"MaxAlertDuration"=dword:00000078
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\0\AV\Settings\ScheduledScan]
@DACL=(02 0000)
"Flags"=dword:000006e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\AV\Settings\Exclusions]
@DACL=(02 0000)
"Num"=dword:00000002
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\AV\Settings\Manual]
@DACL=(02 0000)
"Flags"=dword:000001e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\AV\Settings\RealTime]
@DACL=(02 0000)
"Flags"=dword:00000320
"ScanningMode"=dword:00000003
"MaxScanFileSize"=dword:00000028
"MaxScriptFileSize"=dword:00000004
"MaxFileScanTime"=dword:0000003c
"MaxAlertDuration"=dword:00000078
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\AV\Settings\ScheduledScan]
@DACL=(02 0000)
"Flags"=dword:000006e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\Firewall\Policy\25\Rules]
@DACL=(02 0000)
"Num"=dword:00000012
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Policy\11\Protections]
@DACL=(02 0000)
"Num"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Policy\11\Rules]
@DACL=(02 0000)
"Num"=dword:00000003
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\AV\Settings\Exclusions]
@DACL=(02 0000)
"Num"=dword:00000002
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\AV\Settings\Manual]
@DACL=(02 0000)
"Flags"=dword:000001e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\AV\Settings\RealTime]
@DACL=(02 0000)
"Flags"=dword:00000320
"ScanningMode"=dword:00000003
"MaxScanFileSize"=dword:00000028
"MaxScriptFileSize"=dword:00000004
"MaxFileScanTime"=dword:0000003c
"MaxAlertDuration"=dword:00000078
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\AV\Settings\ScheduledScan]
@DACL=(02 0000)
"Flags"=dword:000006e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\0\Protections]
@DACL=(02 0000)
"Num"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\0\Rules]
@DACL=(02 0000)
"Num"=dword:0000000f
.
Heure de fin: 2012-01-25 20:07:03
ComboFix-quarantined-files.txt 2012-01-25 19:07
.
Avant-CF: 927.406.166.016 octets libres
Après-CF: 926.621.515.776 octets libres
.
- - End Of File - - F06012A91F13CB87BEADBAC9F478E329

my computer is clean now or not ?

Edited by zebuth007, 27 January 2012 - 04:06 AM.


BC AdBot (Login to Remove)

 


#2 zebuth007

zebuth007
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 27 January 2012 - 04:16 AM

ps: comodo is removed ... why i saw key ?

i don't have antivirus for the moment;

was avira antivirus&comodo firewall...

detected nothing;

mbam clean:detect nothing

Edited by zebuth007, 27 January 2012 - 08:17 AM.


#3 zebuth007

zebuth007
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 28 January 2012 - 09:40 AM

New combofix online updated

ComboFix 12-01-28.01 - papa 28/01/2012 15:20:12.4.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.32.1036.18.3070.2067 [GMT 1:00]
Lancé depuis: c:\users\papa\Desktop\ComboFix.exe
Commutateurs utilisés :: /u
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-12-28 au 2012-01-28 ))))))))))))))))))))))))))))))))))))
.
.
2012-01-28 14:24 . 2012-01-28 14:24 -------- d-----w- c:\users\papa\AppData\Local\temp
2012-01-28 14:24 . 2012-01-28 14:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-28 14:24 . 2012-01-28 14:24 -------- d-----w- c:\users\anne\AppData\Local\temp
2012-01-27 15:27 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1CA39F0-09DE-4CD0-AE0F-317807AD8F01}\mpengine.dll
2012-01-27 13:27 . 2009-06-30 09:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2012-01-27 13:27 . 2012-01-27 13:27 -------- d-----w- c:\program files\Panda Security
2012-01-27 09:18 . 2012-01-27 09:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-27 09:18 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-26 15:45 . 2012-01-26 15:45 -------- d-----w- c:\users\papa\AppData\Roaming\Malwarebytes
2012-01-26 15:45 . 2012-01-26 15:45 -------- d-----w- c:\programdata\Malwarebytes
2012-01-25 19:00 . 2012-01-25 19:07 -------- d-----w- c:\users\Public
2012-01-25 17:37 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-01-25 17:37 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-01-25 17:37 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-01-25 17:37 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-01-25 17:37 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-01-25 17:15 . 2012-01-25 17:15 -------- d-----w- c:\users\papa\AppData\Roaming\SUPERAntiSpyware.com
2012-01-25 17:15 . 2012-01-25 17:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-25 17:11 . 2012-01-25 17:11 -------- d-----w- c:\users\papa\AppData\Local\Microsoft Help
2012-01-25 17:06 . 2012-01-25 17:06 20534 ----a-w- c:\windows\cscmondump.bin
2012-01-25 16:27 . 2012-01-27 14:48 -------- d-----w- c:\program files\Windows Live
2012-01-24 16:21 . 2012-01-24 16:21 -------- d-----w- c:\program files\Defraggler
2012-01-21 06:04 . 2012-01-21 06:04 -------- d-----w- c:\users\anne\AppData\Local\Logitech® Webcam Software
2012-01-19 17:04 . 2012-01-19 17:04 -------- d-----w- c:\program files\Wikikou
2012-01-19 15:36 . 2012-01-19 17:05 -------- d-----w- c:\program files\Microsoft
2012-01-19 15:36 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-01-19 15:36 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-01-19 15:36 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-01-19 15:32 . 2012-01-19 15:32 -------- d-----w- c:\users\papa\AppData\Roaming\Leadertech
2012-01-19 15:32 . 2012-01-19 15:32 -------- d-----w- c:\programdata\Logitech
2012-01-19 15:31 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-01-19 15:11 . 2012-01-19 15:11 -------- d-----w- c:\program files\CCleaner
2012-01-19 14:35 . 2012-01-19 14:35 -------- d-----w- c:\program files\Temp File Cleaner
2012-01-19 14:35 . 2012-01-25 16:04 -------- d-----w- c:\windows\system32\catroot2
2012-01-19 14:24 . 2012-01-19 14:24 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-19 14:24 . 2012-01-19 14:24 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-19 14:24 . 2012-01-19 14:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-19 14:24 . 2012-01-19 14:24 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-18 09:26 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-18 09:26 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-18 09:26 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-18 09:26 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-18 09:26 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-18 09:26 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-11 06:59 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 06:59 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 06:59 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 06:59 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 06:59 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 06:59 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 06:59 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 06:59 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 17:27 . 2011-12-20 17:27 3584 ----a-r- c:\users\papa\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-12-19 18:59 . 2011-05-07 14:17 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 18:59 . 2011-05-02 18:36 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 18:59 . 2011-05-02 18:36 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 18:59 . 2011-05-02 18:36 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 18:58 . 2011-10-24 08:03 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 18:58 . 2011-05-02 18:36 301224 ----a-w- c:\windows\system32\guard32.dll
2011-12-07 09:08 . 2009-10-03 07:15 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-23 13:37 . 2011-12-14 07:23 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-17 17:06 . 2011-12-20 13:31 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-11-17 17:06 . 2011-08-13 09:59 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-14 09:58 . 2011-11-14 09:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-08 14:42 . 2011-12-14 07:23 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-15 02:03 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-15 02:03 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 02:03 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-15 02:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-01-19 14:24 . 2011-10-03 13:43 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0cnat
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
2009-06-04 16:51 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart]
2009-04-09 21:22 185640 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
2009-09-09 13:26 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2008-11-20 08:47 62768 ----a-w- c:\program files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-12-04 11:00 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
2009-03-05 16:28 915512 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-11-02 51632]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2009-06-15 37632]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2012-01-18 2998832]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
------- Examen supplémentaire -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\papa\AppData\Roaming\Mozilla\Firefox\Profiles\l6ztlgqe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.dhnet.be/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-28 15:24
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
[0] 0x4589C0B7
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
.
c:\users\papa\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan terminé avec succès
Fichiers cachés: 1
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\JavaSoft\Prefs]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3790488275-2234851889-1404318780-1000\Software\Theorica\Safe XP]
@DACL=(02 0000)
"BackupData"="8D2010002000000"
"LangID"=dword:0000040c
"Top"="227"
"Left"="277"
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\0\AV\Settings\Exclusions]
@DACL=(02 0000)
"Num"=dword:00000002
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\0\AV\Settings\Manual]
@DACL=(02 0000)
"Flags"=dword:000001e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\0\AV\Settings\RealTime]
@DACL=(02 0000)
"Flags"=dword:00000320
"ScanningMode"=dword:00000003
"MaxScanFileSize"=dword:00000028
"MaxScriptFileSize"=dword:00000004
"MaxFileScanTime"=dword:0000003c
"MaxAlertDuration"=dword:00000078
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\0\AV\Settings\ScheduledScan]
@DACL=(02 0000)
"Flags"=dword:000006e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\AV\Settings\Exclusions]
@DACL=(02 0000)
"Num"=dword:00000002
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\AV\Settings\Manual]
@DACL=(02 0000)
"Flags"=dword:000001e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\AV\Settings\RealTime]
@DACL=(02 0000)
"Flags"=dword:00000320
"ScanningMode"=dword:00000003
"MaxScanFileSize"=dword:00000028
"MaxScriptFileSize"=dword:00000004
"MaxFileScanTime"=dword:0000003c
"MaxAlertDuration"=dword:00000078
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\AV\Settings\ScheduledScan]
@DACL=(02 0000)
"Flags"=dword:000006e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\Firewall\Policy\25\Rules]
@DACL=(02 0000)
"Num"=dword:00000012
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Policy\11\Protections]
@DACL=(02 0000)
"Num"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\1\HIPS\Policy\11\Rules]
@DACL=(02 0000)
"Num"=dword:00000003
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\AV\Settings\Exclusions]
@DACL=(02 0000)
"Num"=dword:00000002
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\AV\Settings\Manual]
@DACL=(02 0000)
"Flags"=dword:000001e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\AV\Settings\RealTime]
@DACL=(02 0000)
"Flags"=dword:00000320
"ScanningMode"=dword:00000003
"MaxScanFileSize"=dword:00000028
"MaxScriptFileSize"=dword:00000004
"MaxFileScanTime"=dword:0000003c
"MaxAlertDuration"=dword:00000078
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\AV\Settings\ScheduledScan]
@DACL=(02 0000)
"Flags"=dword:000006e0
"MaxScanFileSize"=dword:00000028
"HeurLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\0\Protections]
@DACL=(02 0000)
"Num"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\0\Rules]
@DACL=(02 0000)
"Num"=dword:0000000f
.
Heure de fin: 2012-01-28 15:25:39
ComboFix-quarantined-files.txt 2012-01-28 14:25
ComboFix2.txt 2012-01-25 19:07
.
Avant-CF: 908.553.940.992 octets libres
Après-CF: 908.528.238.592 octets libres
.
- - End Of File - - 19CA593A51BF144D5DDF83E5DB059C3E



#4 zebuth007

zebuth007
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 28 January 2012 - 10:33 AM

https://www.virustotal.com/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1327764274/

What you think about it ?

I think i have a problem whith Nvidia drivers

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:52 PM

Posted 29 January 2012 - 10:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

To help me analyse your ComboFix I would like to see the result of this scan.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

If needed.
The scan will also create this Attach.txt log I would also like to see the content.
Please post it in a other post for my review, do not attach the file.

Posted Image
===

While I have your attention please post this one as well.

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

The file you submitted to Jotti is clean.
Why do you think you have a problem with your Nvidia drivers?

===

It not wise nor is is recommended to not having a Virus protection program and a Firewall.
Can you reinstall what you had?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:52 PM

Posted 04 February 2012 - 09:20 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users