Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus : double my accents and tremas


  • This topic is locked This topic is locked
1 reply to this topic

#1 Haltèrego

Haltèrego

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 05 March 2012 - 04:36 PM

Dear partners, Hello!

I just come from a big infection, that doubled my accents and tremas and especially, slowed down my computer with a rare efficiency.

I've been implementing advices in some forums and I tried to remove my virus with those cleaner softwares : Toolscleaner, CCleaner, ZHP Diag et Fix, Pre_scan, AD_Remover, MBAM & Spybot SD. I also made various analysis with my antivirus Avira AntiVir, without any success. Then, I've done, in last resort as it is recommended, the implementation of ComboFix. The luck came out and ComboFix found two files and erased them (i think). I haven't had any issues so far with my accents. However, I really would like to understand the report of the ComboFix analysis. Would someone have the kindness to describe it to me ? I would be very thankful. I miss some informatic skills..

Thanks a lot. Excuse my english if I'm not clear enough.

The report is the following :


----------------------------------------------------




ComboFix 12-03-04.02 - pavilion 05/03/2012 21:24:35.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.32.1036.18.2046.1450 [GMT 1:00]
Lancé depuis: c:\documents and settings\pavilion\Bureau\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - svchost.exe: deleted 68 bytes in 1 streams.
ADS - netcfgx.dll: deleted 100 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\pavilion\Application Data\Orus
c:\documents and settings\pavilion\Application Data\Orus\iwqi.exe
c:\documents and settings\pavilion\WINDOWS
c:\windows\daemon.dll
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-02-05 au 2012-03-05 ))))))))))))))))))))))))))))))))))))
.
.
2012-03-05 19:18 . 2012-03-05 20:03 -------- d-----w- C:\ZHP
2012-03-05 19:18 . 2012-03-05 20:03 -------- d-----w- c:\program files\ZHPDiag
2012-03-05 18:34 . 2012-03-05 18:51 -------- d-----w- C:\Pre_Scan
2012-03-05 18:25 . 2012-03-05 18:25 -------- d-----w- c:\program files\Ad-Remover
2012-03-04 14:22 . 2012-03-04 14:22 388096 ----a-r- c:\documents and settings\pavilion\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-04 14:22 . 2012-03-04 14:29 -------- d-----w- c:\program files\Trend Micro
2012-03-04 14:12 . 2012-03-04 14:20 -------- d-----w- c:\documents and settings\pavilion\Application Data\GetRightToGo
2012-03-03 21:59 . 2012-03-03 23:03 -------- d-----w- c:\documents and settings\pavilion\Application Data\Rosahy
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 11:31 . 2011-12-11 22:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-29 07:16 . 2011-10-26 22:45 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-02 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-05 149280]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"DAEMON Tools-1033"="c:\program files\Daemon Tools\daemon.exe" [2004-08-22 81920]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VectorWorks 12.5.1\\VectorWorks.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22967:UDP"= 22967:UDP:UDP 22967
"18506:TCP"= 18506:TCP:TCP 18506
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [15/12/2005 21:36 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [15/12/2005 21:36 5248]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [22/11/2009 15:27 108289]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22/03/2005 15:39 200192]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/05/2010 10:38 136176]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [13/11/2009 13:01 1527900]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16/05/2010 10:38 136176]
S4 Fsiih4xhpst;Fsiih4xhpst; [x]
.
Contenu du dossier 'Tâches planifiées'
.
2012-02-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 09:38]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-16 09:38]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = *.local
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: hotmail.com\www
Trusted Zone: paysagestion.ch\www
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\documents and settings\pavilion\Application Data\Mozilla\Firefox\Profiles\m6240c9k.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-{E084013C-60EA-AD7A-986A-9ED19124BDC3} - c:\documents and settings\pavilion\Application Data\Orus\iwqi.exe
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
AddRemove-ComandoDeinstKey - c:\jeux\Commandos\DeIsL1.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-05 21:31
Windows 5.1.2600 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????3?6?3?7??????? ???B?????????????hLC? ??????
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-3577735851-3508363714-866161452-1006\Software\Microsoft\Windows\Shell\Bags\on*GetDebug*ForwardGadgetMessage*FindStdColor*FindGadgetFromPoint*DetachWndProc*DeleteHandle*DUserSen]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"FFlags"=dword:00000224
"Mode"=dword:00000001
"ScrollPos?????????????????????????????????????t??????c??????????????????????????????????????????????????????????t????????????e?.x"=dword:00000000
"ScrollPos?????????????????????????????????????t??????c??????????????????????????????????????????????????????????t????????????e?.y"=dword:00000000
"Sort"=dword:00000000
"SortDir"=dword:00000001
"Col"=dword:ffffffff
"ColInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,fd,df,df,fd,0f,
00,04,00,20,00,10,00,00,00,28,00,00,00,00,00,01,00,00,00,02,00,00,00,03,00,\
"ItemPos?????????????????????????????????????t??????c??????????????????????????????????????????????????????????t????????????e???"=hex:00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,c0,04,00,00,a2,00,00,00,14,00,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2012-03-05 21:35:31
ComboFix-quarantined-files.txt 2012-03-05 20:35
.
Avant-CF: 9.151.201.280 octets libres
Après-CF: 9.444.941.824 octets libres
.
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
.
- - End Of File - - 3836FB33069C0A6AC1C6FFC56B80EBDD

BC AdBot (Login to Remove)

 


#2 Haltèrego

Haltèrego
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 05 March 2012 - 06:36 PM

Dear All,

Someone has found out my problem and deals with me right now. Please consider this discussion over.

Thanks anyway.
H.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users