|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
09-13-2007, 02:20 PM
|
#1 (permalink) |
|
Registered User
Join Date: Sep 2007
Posts: 3
OS: XP
|
popup and security alert
Hi!
I follow the 5 steps before writting my post... From maybe 1 week, I got somes popup from my broser and security alert from avg... hope we can find what's wrong..(popup show me some internet pages where to buy some antivirus and **** like that..) This is the scan with Panda: Incident Status Location Adware:adware/spywarequake Not disinfected c:\windows\system32\1024\ld1B29.tmp Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Charley\Application Data\Mozilla\Firefox\Profiles\oz77y1qg.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Charley\Application Data\Mozilla\Firefox\Profiles\oz77y1qg.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Charley\Application Data\Mozilla\Firefox\Profiles\oz77y1qg.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Charley\Application Data\Mozilla\Firefox\Profiles\oz77y1qg.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Charley\Application Data\Mozilla\Firefox\Profiles\oz77y1qg.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Charley\Application Data\Mozilla\Firefox\Profiles\oz77y1qg.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Charley\Application Data\Mozilla\Firefox\Profiles\oz77y1qg.default\cookies.txt[.xiti.com/] Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Charley\Application Data\Mozilla\Firefox\Profiles\oz77y1qg.default\cookies.txt[systemdoctor.com/] Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Charley\Application Data\Mozilla\Firefox\Profiles\oz77y1qg.default\cookies.txt[www.winantiviruspro.com/] Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Charley\Application Data\Mozilla\Firefox\Profiles\oz77y1qg.default\cookies.txt[stats1.reliablestats.com/] Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Charley\Application Data\Mozilla\Firefox\Profiles\oz77y1qg.default\cookies.txt[www.winantiviruspro.com/] Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Charley\Application Data\Mozilla\Firefox\Profiles\oz77y1qg.default\cookies.txt[stats1.reliablestats.com/] Spyware:Cookie/Smartadserver Not disinfected C:\Documents and Settings\Charley\Application Data\Mozilla\Firefox\Profiles\oz77y1qg.default\cookies.txt[.smartadserver.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Charley\Application Data\Mozilla\Firefox\Profiles\oz77y1qg.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Charley\Application Data\Mozilla\Firefox\Profiles\oz77y1qg.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Charley\Application Data\Mozilla\Firefox\Profiles\oz77y1qg.default\cookies.txt[.mediaplex.com/] Hacktool:HackTool/MailPassView.A Not disinfected C:\Documents and Settings\Charley\Mes documents\programme\Pass.View\pspv.exe Hacktool:Hacktool/PWCrack Not disinfected C:\Documents and Settings\Charley\Mes documents\tampon\charles\ti jeux\7 wonders mp a trouvé\PasswarePasswordRecoveryKitEnterprisev7.0\kitd.exe[efsdll.dll] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Charley\Mes documents\tampon\ComboFix.exe[nircmd.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Charley\Mes documents\tampon\SDFix\apps\Process.exe Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\ahunwcik.exe.vir Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\uhtrjyod.exe.vir Spyware:Spyware/Virtumonde Not disinfected C:\qoobox\Quarantine\catchme2007-09-13_150121.17.zip[mljjjki.dll] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe Virus:W32/Kelvir.CU.worm Not disinfected F:\image\seigneur des anneaux\Le Seigneur Des Anneaux La Bataille Pour La Terre Du Milieu Jeux Pc Complet Fr Avec Crack.rar[Le Seigneur Des Anneaux La Bataille Pour La Terre Du Milieu\Comment Gagner gros sur internet by ANGE.zip][Comment Gagner gros sur inter Here's my log with dss: Deckard's System Scanner v20070905.67 Run by Charley on 2007-09-13 16:05:35 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 3 Restore Point(s) -- 3: 2007-09-13 20:05:39 UTC - RP3 - Deckard's System Scanner Restore Point 2: 2007-09-13 18:58:47 UTC - RP2 - ComboFix created restore point 1: 2007-09-13 16:59:48 UTC - RP1 - Point de vérification système Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of HijackThis v1.99.1 Scan saved at 2007-09-13 16  35Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16512) Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Grisoft\AVG7\avgamsvr.exe C:\Program Files\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Documents and Settings\Charley\Mes documents\tampon\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKEY_LOCAL_MACHINE\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKEY_LOCAL_MACHINE\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKEY_LOCAL_MACHINE\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKEY_LOCAL_MACHINE\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKEY_LOCAL_MACHINE\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - Global Startup: Event Reminder.lnk = F:\Josyane\PrintMaster\PMremind.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O15 - Trusted Zone: https://infoservice.cum.qc.ca (HKCU) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...tent/opuc3.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} () - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System> R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.> R1 StarOpen - c:\windows\system32\drivers\staropen.sys R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT> R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools> R2 ithsgt - c:\windows\system32\drivers\ithsgt.sys R2 lilsgt - c:\windows\system32\drivers\lilsgt.sys R3 catchme - c:\docume~1\charley\locals~1\temp\catchme.sys (file missing) R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not Verified; SlySoft, Inc.; CloneCD> R3 MTsensor (ATK0110 ACPI UTILITY) - c:\windows\system32\drivers\asacpi.sys <Not Verified; ; ATK0110 ACPI Utility> R3 Tetri5 (Tetri5 driver) - c:\windows\system32\drivers\tetri5.sys S0 fcdabus - c:\windows\system32\drivers\fcdabus.sys (file missing) S0 FVDSCSI - c:\windows\system32\drivers\fvdscsi.sys (file missing) S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing) S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing) S3 wceusbsh (Windows CE USB Serial Host Driver) - c:\windows\system32\drivers\wceusbsh.sys <Not Verified; Microsoft Corporation; Windows CE USB Serial Host Driver> S3 ZSMC301b (USB PC Camera 301P) - c:\windows\system32\drivers\usbvm31b.sys <Not Verified; VM; > S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service> R2 UserAccess7 (SecuROM User Access Service (V7)) - c:\windows\system32\uaservice7.exe -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E980-E325-11CE-BFC1-08002BE10318} Description: Lecteur de disquettes Device ID: FDC\GENERIC_FLOPPY_DRIVE\4&15E2DB85&0&0 Manufacturer: (Lecteurs de disquettes standard) Name: Lecteur de disquettes PNP Device ID: FDC\GENERIC_FLOPPY_DRIVE\4&15E2DB85&0&0 Service: flpydisk -- Scheduled Tasks ------------------------------------------------------------- 2007-09-01 18:17:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-08-13 and 2007-09-13 ----------------------------- 2007-09-13 15:14:58 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-09-13 15:14:57 0 d-------- C:\WINDOWS\LastGood 2007-09-13 14:16:54 0 d-------- C:\WINDOWS\ERUNT 2007-09-13 12:11:14 0 dr-h----- C:\Documents and Settings\Charley\Recent 2007-09-13 11:30:48 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2007-09-13 11:30:48 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-09-13 11:30:48 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo 2007-09-13 11:30:48 0 d--h----- C:\Documents and Settings\Administrateur\Recent 2007-09-13 11:30:48 524288 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT 2007-09-13 11:30:48 0 d--h----- C:\Documents and Settings\Administrateur\Modèles 2007-09-13 11:30:48 0 d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-09-13 11:30:48 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2007-09-13 11:30:48 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings 2007-09-13 11:30:48 0 d-------- C:\Documents and Settings\Administrateur\Favoris 2007-09-13 11:30:48 0 d--hs---- C:\Documents and Settings\Administrateur\Cookies 2007-09-13 11:30:48 0 d-------- C:\Documents and Settings\Administrateur\Bureau 2007-09-13 11:30:48 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data 2007-09-13 11:30:48 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft 2007-09-12 14:04:08 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-09-12 14:04:02 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-09-12 14:03:58 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System> 2007-09-12 14:02:49 0 d-------- C:\WINDOWS\Internet Logs 2007-09-12 13:44:10 109600 --a------ C:\WINDOWS\system32\sptll.dll 2007-09-10 21:16:35 0 d-------- C:\temp 2007-09-03 18:27:22 1778 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache 2007-08-26 17:14:43 0 d-------- C:\Program Files\AvantGo Connect 2007-08-26 17:14:24 24652 --a------ C:\WINDOWS\system32\uicom.dll <Not Verified; Microsoft Corporation; Microsoft Pocket Office> 2007-08-26 17:14:24 77899 --a------ C:\WINDOWS\system32\rapi.dll <Not Verified; Microsoft Corporation; Microsoft ActiveSync> 2007-08-26 17:14:24 65613 --a------ C:\WINDOWS\system32\ppvexp.dll <Not Verified; Microsoft Corporation; Microsoft ActiveSync> 2007-08-26 17:14:24 36942 --a------ C:\WINDOWS\system32\ppcload.dll <Not Verified; Microsoft Corporation; Microsoft ActiveSync> 2007-08-26 17:14:24 65615 --a------ C:\WINDOWS\system32\pmailext.dll <Not Verified; Microsoft Corporation; Microsoft Pocket Office> 2007-08-26 17:14:24 57423 --a------ C:\WINDOWS\system32\MsgStRPC.dll <Not Verified; Microsoft Corporation; Microsoft Pocket Office> 2007-08-26 17:14:24 114688 --a------ C:\WINDOWS\system32\malslib.dll <Not Verified; AvantGo, Inc.; AvantGo Connect> 2007-08-26 17:14:24 24653 --a------ C:\WINDOWS\system32\ceutil.dll <Not Verified; Microsoft Corporation; Microsoft ActiveSync> 2007-08-26 17:14:24 0 d-------- C:\Program Files\Microsoft ActiveSync 2007-08-26 17:14:15 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller> 2007-08-26 17:13:55 0 d-------- C:\Program Files\DIFX 2007-08-26 17:13:51 104576 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys <Not Verified; Microsoft Corporation; Windows CE USB Serial Host Driver> 2007-08-26 17:13:37 0 d--hs---- C:\WINDOWS\ftpcache 2007-08-20 10:36:12 0 d-------- C:\WINDOWS\BBSTORE 2007-08-20 10:32:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Broderbund Software 2007-08-20 10:31:02 114176 --a------ C:\WINDOWS\system32\SSCE4132.DLL <Not Verified; Wintertree Software Inc.; Sentry Spelling-Checker Engine> 2007-08-20 10:31:02 53248 --a------ C:\WINDOWS\system32\PretzelSpellCheck.dll <Not Verified; TLC Productivity Properties LLC; PrintMaster 11.0> 2007-08-20 10:31:02 90112 --a------ C:\WINDOWS\system32\ImageServerMI.dll <Not Verified; TLC Productivity Properties LLC; PrintMaster 11.0> 2007-08-20 10:31:02 0 d-------- C:\Program Files\Fichiers communs\Broderbund 2007-08-20 10:31:01 102400 --a------ C:\WINDOWS\system32\PMovieServer.dll <Not Verified; TLC Productivity Properties LLC; PrintMaster 11.0> 2007-08-20 10:31:01 757760 --a------ C:\WINDOWS\system32\PMAppBuilder.dll <Not Verified; TLC Productivity Properties LLC; PrintMaster 11.0> 2007-08-20 10:31:01 45056 --a------ C:\WINDOWS\system32\ImportClient.dll <Not Verified; TLC Productivity Properties LLC; PrintMaster 11.0> 2007-08-14 11:50:01 0 d-------- C:\Documents and Settings\Charley\Application Data\LANCITE -- Find3M Report --------------------------------------------------------------- 2007-09-13 15:34:13 0 d-------- C:\Program Files\DAEMON Tools 2007-09-13 12:02:53 0 d-------- C:\Documents and Settings\Charley\Application Data\AVG7 2007-09-12 13:19:11 0 d-------- C:\Program Files\eMule 2007-09-11 15:52:08 0 d-------- C:\Documents and Settings\Charley\Application Data\Ahead 2007-09-11 12:51:09 458560 --a------ C:\WINDOWS\system32\perfh00C.dat 2007-09-11 12:51:09 71452 --a------ C:\WINDOWS\system32\perfc00C.dat 2007-09-10 21:40:32 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-09-10 21:05:15 0 d-------- C:\Program Files\THQ 2007-09-03 10:23:37 0 d-------- C:\Documents and Settings\Charley\Application Data\AdobeUM 2007-08-26 17:14:42 0 d-------- C:\Program Files\Common Files 2007-08-26 16:44:39 0 d-------- C:\Program Files\Google 2007-08-22 09:03:22 0 d-------- C:\Program Files\Cribbage 2007-08-20 10:31:02 0 d-------- C:\Program Files\Fichiers communs 2007-08-18 18:29:04 0 d-------- C:\Program Files\Anti-Blaxx 2007-08-17 18:15:24 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-08-12 16:27:59 0 d-------- C:\Program Files\Apple Software Update 2007-08-09 23:01:17 0 d-------- C:\Program Files\Fichiers communs\Ahead 2007-08-07 19:27:48 0 d-------- C:\Program Files\Windows Media Connect 2 2007-07-29 11:09:21 0 d-------- C:\Program Files\Xvid 2007-07-25 15:38:08 0 d-------- C:\Program Files\Java 2007-07-25 13:51:33 0 d-------- C:\Program Files\Electronic Arts 2007-07-25 13:51:26 5680 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg 2007-07-25 13:44:24 0 d-------- C:\Program Files\EA SPORTS 2007-07-20 21:54:50 74752 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows> 2007-07-20 21:54:50 290816 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic pour Windows> 2007-07-19 16:53:34 0 dr------- C:\Documents and Settings\Charley\Application Data\Brother 2007-07-06 11:30:48 1771 --a------ C:\WINDOWS\checkip.dat 2007-06-28 18:54:10 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-06-28 18:52:18 765952 --a------ C:\WINDOWS\system32\xvidcore.dll -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 06:20 C:\WINDOWS\SOUNDMAN.EXE] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 09:07] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 10:57] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-13 11:27] "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 08:00] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 11:50] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Event Reminder.lnk - F:\Josyane\PrintMaster\PMremind.exe [2007-08-20 10:31:13] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc -- End of Deckard's System Scanner: finished at 2007-09-13 16:07:48 ------------ THANK YOU VERY MUCH |
|
     
|
|
09-14-2007, 06:07 PM
|
#2 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2007
Posts: 289
OS: ARCH Linux
|
Re: popup and security alert
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Delete the Combofix you now have and get a new/updated version from HERE Don't run it yet. Next download SmitfraudFix (by S!Ri) to your Desktop. Don't run it yet. Next, please reboot your computer in Safe Mode by doing the following :
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows. You can just close the file that opens when windows starts. NOW doubleclick on combofix.exe on your desktop Follow the prompts. Don't click on anything while the fix is running, because that will cause your system to hang. When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt. Please post
Warning : running option #2 on a non infected computer will remove your Desktop background. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm |
|
|
|
|
09-15-2007, 02:24 PM
|
#3 (permalink) |
|
Registered User
Join Date: Sep 2007
Posts: 3
OS: XP
|
Re: popup and security alert
Here is the log.txt:
ComboFix 07-09-14.2 - "Charley" 2007-09-15 16:17:37.2 - NTFSx86 Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.714 [GMT -4:00] * Created a new restore point . ((((((((((((((((((((((((((((( Fichiers créés 2007-08-15 to 2007-09-15 )))))))))))))))))))))))))))))))))))) . 2007-09-15 16:10 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-09-15 16:10 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-09-15 16:10 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-09-15 16:10 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-09-15 16:10 2,734 --a------ C:\WINDOWS\system32\tmp.reg 2007-09-13 16:05 <REP> d-------- C:\Deckard 2007-09-13 15:14 <REP> d-------- C:\WINDOWS\system32\ActiveScan 2007-09-13 14:58 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-13 14:16 <REP> d-------- C:\WINDOWS\ERUNT 2007-09-13 11:30 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer 2007-09-13 11:30 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau 2007-09-13 11:30 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression 2007-09-13 11:30 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles 2007-09-13 11:30 <REP> d-------- C:\DOCUME~1\ADMINI~1\Mes documents 2007-09-13 11:30 <REP> d-------- C:\DOCUME~1\ADMINI~1\Favoris 2007-09-13 11:30 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau 2007-09-12 14:04 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-09-12 14:04 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier 2007-09-12 14:03 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-09-12 14:02 <REP> d-------- C:\WINDOWS\Internet Logs 2007-09-12 13:44 109,600 --a------ C:\WINDOWS\system32\sptll.dll 2007-09-10 21:16 <REP> d-------- C:\temp 2007-09-10 21:05 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-09-10 21:05 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-09-10 21:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-09-10 21:05 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-09-10 21:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-09-10 21:05 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-09-07 12:04 33,280 --a------ C:\WINDOWS\system32\drivers\AmdLLD.sys 2007-08-30 17:02 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2007-08-30 17:02 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2007-08-30 17:02 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2007-08-30 17:02 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2007-08-30 17:02 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2007-08-30 17:02 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2007-08-30 17:02 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2007-08-30 17:02 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2007-08-26 17:14 77,899 --a------ C:\WINDOWS\system32\rapi.dll 2007-08-26 17:14 65,615 --a------ C:\WINDOWS\system32\pmailext.dll 2007-08-26 17:14 65,613 --a------ C:\WINDOWS\system32\ppvexp.dll 2007-08-26 17:14 57,423 --a------ C:\WINDOWS\system32\MsgStRPC.dll 2007-08-26 17:14 36,942 --a------ C:\WINDOWS\system32\ppcload.dll 2007-08-26 17:14 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-08-26 17:14 24,653 --a------ C:\WINDOWS\system32\ceutil.dll 2007-08-26 17:14 24,652 --a------ C:\WINDOWS\system32\uicom.dll 2007-08-26 17:14 114,688 --a------ C:\WINDOWS\system32\malslib.dll 2007-08-26 17:14 <REP> d-------- C:\Program Files\Microsoft ActiveSync 2007-08-26 17:14 <REP> d-------- C:\Program Files\AvantGo Connect 2007-08-26 17:13 104,576 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys 2007-08-26 17:13 <REP> d--hs---- C:\WINDOWS\ftpcache 2007-08-26 17:13 <REP> d-------- C:\Program Files\DIFX 2007-08-20 10:36 <REP> d-------- C:\WINDOWS\BBSTORE 2007-08-20 10:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Broderbund Software 2007-08-20 10:31 <REP> d-------- C:\Program Files\Fichiers communs\Broderbund . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-15 15:10 --------- d-------- C:\DOCUME~1\Charley\APPLIC~1\AdobeUM 2007-09-13 15:34 --------- d-------- C:\Program Files\DAEMON Tools 2007-09-13 12:11 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-09-12 13:19 --------- d-------- C:\Program Files\eMule 2007-09-11 15:52 --------- d-------- C:\DOCUME~1\Charley\APPLIC~1\Ahead 2007-09-10 21:40 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-09-10 21:05 --------- d-------- C:\Program Files\THQ 2007-08-26 17:14 --------- d-------- C:\Program Files\Common Files 2007-08-26 16:44 --------- d-------- C:\Program Files\Google 2007-08-22 09:03 --------- d-------- C:\Program Files\Cribbage 2007-08-18 18:29 --------- d-------- C:\Program Files\Anti-Blaxx 2007-08-17 18:15 --------- d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-08-14 11:50 --------- d-------- C:\DOCUME~1\Charley\APPLIC~1\LANCITE 2007-08-12 16:27 --------- d-------- C:\Program Files\Apple Software Update 2007-08-12 16:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple 2007-08-09 23:01 --------- d-------- C:\Program Files\Fichiers communs\Ahead 2007-08-09 21:18 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink 2007-08-07 19:27 --------- d-------- C:\Program Files\Windows Media Connect 2 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-29 11:09 --------- d-------- C:\Program Files\Xvid 2007-07-25 13:51 5680 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg 2007-07-25 13:51 --------- d-------- C:\Program Files\Electronic Arts 2007-07-25 13:44 --------- d-------- C:\Program Files\EA SPORTS 2007-07-20 21:54 74752 --a------ C:\WINDOWS\ST6UNST.EXE 2007-07-20 21:54 290816 --------- C:\WINDOWS\Setup1.exe 2007-07-19 16:53 --------- dr------- C:\DOCUME~1\Charley\APPLIC~1\Brother 2007-06-28 18:54 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-06-28 18:52 765952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-06-26 02:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 09:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll . ((((((((((((((((((((((((((((( snapshot_2007-09-13_150221.70 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 73,728 2006-08-02 16:39:06 C:\WINDOWS\system32\asuninst.exe ----a-w 11,776 2003-03-25 22:53:50 C:\WINDOWS\system32\ZPORT4AS.dll ----a-w 110,592 2007-03-29 13:20:50 C:\WINDOWS\system32\ActiveScan\as.dll ----a-w 233,472 2006-10-05 20:15:26 C:\WINDOWS\system32\ActiveScan\ascontrol.dll ----a-w 96,256 2005-06-03 18:03:18 C:\WINDOWS\system32\ActiveScan\asmdat.dll ----a-w 36,864 2003-08-01 15:00:16 C:\WINDOWS\system32\ActiveScan\certdll.dll ----a-w 86,016 2005-05-20 17:42:44 C:\WINDOWS\system32\ActiveScan\instlsp.dll ----a-w 4,608 2006-02-16 22:20:20 C:\WINDOWS\system32\ActiveScan\memvfile.dll ----a-w 348,160 2005-10-25 22:08:32 C:\WINDOWS\system32\ActiveScan\msvcr71.dll ----a-w 139,264 2004-05-04 19:01:02 C:\WINDOWS\system32\ActiveScan\pavaleas.dll ----a-w 45,056 2006-07-14 17:04:10 C:\WINDOWS\system32\ActiveScan\pavdr.exe ----a-w 159,832 2006-04-10 14:50:02 C:\WINDOWS\system32\ActiveScan\pavexcom.dll ----a-w 94,208 2006-02-14 17:05:38 C:\WINDOWS\system32\ActiveScan\pavinas.dll ----a-w 180,224 2006-02-16 22:35:38 C:\WINDOWS\system32\ActiveScan\pavoe.dll ----a-w 122,880 2006-10-05 20:15:38 C:\WINDOWS\system32\ActiveScan\pavpz.dll ----a-w 8,704 2006-06-30 18:13:38 C:\WINDOWS\system32\ActiveScan\pfdnnt.exe ----a-w 49,152 2004-02-04 18:08:42 C:\WINDOWS\system32\ActiveScan\port32.dll ----a-w 69,632 2006-08-01 17:23:10 C:\WINDOWS\system32\ActiveScan\pscpu.dll ----a-w 1,388,544 2006-08-23 17 08 C:\WINDOWS\system32\ActiveScan\pskahk.dll----a-w 10,752 2006-08-17 15:38:14 C:\WINDOWS\system32\ActiveScan\pskalloc.dll ----a-w 61,440 2006-09-04 15:49:54 C:\WINDOWS\system32\ActiveScan\pskas.dll ----a-w 779,264 2006-08-18 12:46:18 C:\WINDOWS\system32\ActiveScan\pskavs.dll ----a-w 417,792 2007-03-26 18:25:34 C:\WINDOWS\system32\ActiveScan\pskcmp.dll ----a-w 90,112 2006-08-09 14:42:24 C:\WINDOWS\system32\ActiveScan\pskfss.dll ----a-w 208,896 2006-07-19 14:55:58 C:\WINDOWS\system32\ActiveScan\pskhtml.dll ----a-w 9,728 2006-01-20 20:57:00 C:\WINDOWS\system32\ActiveScan\pskmas.dll ----a-w 14,336 2006-05-17 13:50:12 C:\WINDOWS\system32\ActiveScan\pskmdfs.dll ----a-w 33,280 2006-08-16 14:58:12 C:\WINDOWS\system32\ActiveScan\pskpack.dll ----a-w 266,240 2006-06-30 18:42:36 C:\WINDOWS\system32\ActiveScan\pskscs.dll ----a-w 62,976 2006-08-17 18:33:14 C:\WINDOWS\system32\ActiveScan\pskutil.dll ----a-w 13,312 2006-08-08 17:13:10 C:\WINDOWS\system32\ActiveScan\pskvfile.dll ----a-w 69,632 2006-08-18 12:53:08 C:\WINDOWS\system32\ActiveScan\pskvfs.dll ----a-w 167,936 2006-08-18 12:49:50 C:\WINDOWS\system32\ActiveScan\pskvm.dll ----a-w 353,840 2007-04-18 21:16:04 C:\WINDOWS\system32\ActiveScan\psscan.dll ----a-w 35,328 2007-01-22 18:42:48 C:\WINDOWS\system32\ActiveScan\rawvfile.dll ----a-w 9,488 1997-09-18 10:12:32 C:\WINDOWS\system32\ActiveScan\sporder.dll ----a-w 69,632 2006-02-28 21:23:40 C:\WINDOWS\system32\ActiveScan\tcpvfile.dll . . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 06:20 C:\WINDOWS\SOUNDMAN.EXE] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 09:07] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 10:57] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-13 11:27] "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 08:00] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 11:50] C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ Event Reminder.lnk - F:\Josyane\PrintMaster\PMremind.exe [2007-08-20 10:31:13] R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys R3 Tetri5;Tetri5 driver;C:\WINDOWS\system32\Drivers\Tetri5.sys S0 FVDSCSI;FVDSCSI;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-09-01 22:17:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-15 16:19:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-15 16:19:44 C:\ComboFix-quarantined-files.txt ... 2007-09-15 16:19 C:\ComboFix2.txt ... 2007-09-13 15:02 . --- E O F --- And the rapport.txt SmitFraudFix v2.224 Rapport fait à 16:10:17,60, 2007-09-15 Executé à partir de C:\Documents and Settings\Charley\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\system32\ot.ico supprimé C:\WINDOWS\system32\1024\ supprimé C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url supprimé C:\DOCUME~1\Charley\Favoris\Antivirus Test Online.url supprimé »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CS2\Services\Tcpip\..\{A854B64B-F36A-471C-9181-592BF09165D6}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Thank you again! |
|
|
|
|
09-16-2007, 08:05 PM
|
#4 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2007
Posts: 289
OS: ARCH Linux
|
Re: popup and security alert
I'd like to look at a couple of file (they are probably fine, just double checking.) but log looks really good..everything running alright??
Open notepad and copy/paste the text in the quotebox below into it: Code:
http://www.techsupportforum.com/1077530-post1.html Suspect::[34] C:\WINDOWS\system32\SpOrder.dll C:\WINDOWS\system32\sptll.dll  Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you at C:ComboFix.txt. Post that log in your next reply along with how your machine is running. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis. Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file. |
|
|
|
|
09-17-2007, 02:41 PM
|
#5 (permalink) |
|
Registered User
Join Date: Sep 2007
Posts: 3
OS: XP
|
Re: popup and security alert
SInce a couple of days, it seems to work fine.. I don't know if is the tests that I run with you but... anyway, I do what you asked to me ..
the results: ComboFix 07-09-14.2 - "Charley" 2007-09-17 16:24:30.3 - NTFSx86 Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.448 [GMT -4:00] * Created a new restore point . ((((((((((((((((((((((((((((( Fichiers créés 2007-08-17 to 2007-09-17 )))))))))))))))))))))))))))))))))))) . 2007-09-17 06:56 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-09-17 06:56 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-09-16 21:03 <REP> d-------- C:\Program Files\Windows Live Toolbar 2007-09-16 21:03 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar 2007-09-16 21:02 <REP> d-------- C:\WINDOWS\LastGood 2007-09-15 16:10 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-09-15 16:10 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-09-15 16:10 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-09-15 16:10 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-09-15 16:10 2,734 --a------ C:\WINDOWS\system32\tmp.reg 2007-09-13 16:05 <REP> d-------- C:\Deckard 2007-09-13 15:14 <REP> d-------- C:\WINDOWS\system32\ActiveScan 2007-09-13 14:58 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-13 14:16 <REP> d-------- C:\WINDOWS\ERUNT 2007-09-13 11:30 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer 2007-09-13 11:30 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau 2007-09-13 11:30 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression 2007-09-13 11:30 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles 2007-09-13 11:30 <REP> d-------- C:\DOCUME~1\ADMINI~1\Mes documents 2007-09-13 11:30 <REP> d-------- C:\DOCUME~1\ADMINI~1\Favoris 2007-09-13 11:30 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau 2007-09-12 14:04 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-09-12 14:04 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier 2007-09-12 14:03 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-09-12 14:02 <REP> d-------- C:\WINDOWS\Internet Logs 2007-09-12 13:44 109,600 --a------ C:\WINDOWS\system32\sptll.dll 2007-09-10 21:16 <REP> d-------- C:\temp 2007-09-10 21:05 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-09-10 21:05 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-09-10 21:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-09-10 21:05 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-09-10 21:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-09-10 21:05 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-09-07 12:04 33,280 --a------ C:\WINDOWS\system32\drivers\AmdLLD.sys 2007-08-30 17:02 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2007-08-30 17:02 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2007-08-30 17:02 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2007-08-30 17:02 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2007-08-30 17:02 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2007-08-30 17:02 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2007-08-30 17:02 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2007-08-30 17:02 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2007-08-26 17:14 77,899 --a------ C:\WINDOWS\system32\rapi.dll 2007-08-26 17:14 65,615 --a------ C:\WINDOWS\system32\pmailext.dll 2007-08-26 17:14 65,613 --a------ C:\WINDOWS\system32\ppvexp.dll 2007-08-26 17:14 57,423 --a------ C:\WINDOWS\system32\MsgStRPC.dll 2007-08-26 17:14 36,942 --a------ C:\WINDOWS\system32\ppcload.dll 2007-08-26 17:14 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-08-26 17:14 24,653 --a------ C:\WINDOWS\system32\ceutil.dll 2007-08-26 17:14 24,652 --a------ C:\WINDOWS\system32\uicom.dll 2007-08-26 17:14 114,688 --a------ C:\WINDOWS\system32\malslib.dll 2007-08-26 17:14 <REP> d-------- C:\Program Files\Microsoft ActiveSync 2007-08-26 17:14 <REP> d-------- C:\Program Files\AvantGo Connect 2007-08-26 17:13 104,576 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys 2007-08-26 17:13 <REP> d--hs---- C:\WINDOWS\ftpcache 2007-08-26 17:13 <REP> d-------- C:\Program Files\DIFX 2007-08-20 10:36 <REP> d-------- C:\WINDOWS\BBSTORE 2007-08-20 10:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Broderbund Software 2007-08-20 10:31 <REP> d-------- C:\Program Files\Fichiers communs\Broderbund . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-16 21:02 --------- d-------- C:\Program Files\MSN Messenger 2007-09-15 19:42 --------- d-------- C:\Program Files\eMule 2007-09-15 15:10 --------- d-------- C:\DOCUME~1\Charley\APPLIC~1\AdobeUM 2007-09-13 15:34 --------- d-------- C:\Program Files\DAEMON Tools 2007-09-13 12:11 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-09-11 15:52 --------- d-------- C:\DOCUME~1\Charley\APPLIC~1\Ahead 2007-09-10 21:40 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-09-10 21:05 --------- d-------- C:\Program Files\THQ 2007-08-26 17:14 --------- d-------- C:\Program Files\Common Files 2007-08-26 16:44 --------- d-------- C:\Program Files\Google 2007-08-22 09:03 --------- d-------- C:\Program Files\Cribbage 2007-08-18 18:29 --------- d-------- C:\Program Files\Anti-Blaxx 2007-08-17 18:15 --------- d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-08-14 11:50 --------- d-------- C:\DOCUME~1\Charley\APPLIC~1\LANCITE 2007-08-12 16:27 --------- d-------- C:\Program Files\Apple Software Update 2007-08-12 16:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple 2007-08-09 23:01 --------- d-------- C:\Program Files\Fichiers communs\Ahead 2007-08-09 21:18 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink 2007-08-07 19:27 --------- d-------- C:\Program Files\Windows Media Connect 2 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-29 11:09 --------- d-------- C:\Program Files\Xvid 2007-07-25 13:51 5680 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg 2007-07-25 13:51 --------- d-------- C:\Program Files\Electronic Arts 2007-07-25 13:44 --------- d-------- C:\Program Files\EA SPORTS 2007-07-20 21:54 74752 --a------ C:\WINDOWS\ST6UNST.EXE 2007-07-20 21:54 290816 --------- C:\WINDOWS\Setup1.exe 2007-07-19 16:53 --------- dr------- C:\DOCUME~1\Charley\APPLIC~1\Brother 2007-06-28 18:54 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-06-28 18:52 765952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-06-26 02:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 09:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll . ((((((((((((((((((((((((((((( snapshot_2007-09-13_150221.70 ))))))))))))))))))))))))))))))))))))))))) . ----a-r 29,926 2007-09-17 01:02:16 C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe ----a-w 73,728 2006-08-02 16:39:06 C:\WINDOWS\system32\asuninst.exe ----a-w 51,056 2007-01-19 16:53:04 C:\WINDOWS\system32\sirenacm.dll ----a-w 11,776 2003-03-25 22:53:50 C:\WINDOWS\system32\ZPORT4AS.dll ----a-w 110,592 2007-03-29 13:20:50 C:\WINDOWS\system32\ActiveScan\as.dll ----a-w 233,472 2006-10-05 20:15:26 C:\WINDOWS\system32\ActiveScan\ascontrol.dll ----a-w 96,256 2005-06-03 18:03:18 C:\WINDOWS\system32\ActiveScan\asmdat.dll ----a-w 36,864 2003-08-01 15:00:16 C:\WINDOWS\system32\ActiveScan\certdll.dll ----a-w 86,016 2005-05-20 17:42:44 C:\WINDOWS\system32\ActiveScan\instlsp.dll ----a-w 4,608 2006-02-16 22:20:20 C:\WINDOWS\system32\ActiveScan\memvfile.dll ----a-w 348,160 2005-10-25 22:08:32 C:\WINDOWS\system32\ActiveScan\msvcr71.dll ----a-w 139,264 2004-05-04 19:01:02 C:\WINDOWS\system32\ActiveScan\pavaleas.dll ----a-w 45,056 2006-07-14 17:04:10 C:\WINDOWS\system32\ActiveScan\pavdr.exe ----a-w 159,832 2006-04-10 14:50:02 C:\WINDOWS\system32\ActiveScan\pavexcom.dll ----a-w 94,208 2006-02-14 17:05:38 C:\WINDOWS\system32\ActiveScan\pavinas.dll ----a-w 180,224 2006-02-16 22:35:38 C:\WINDOWS\system32\ActiveScan\pavoe.dll ----a-w 122,880 2006-10-05 20:15:38 C:\WINDOWS\system32\ActiveScan\pavpz.dll ----a-w 8,704 2006-06-30 18:13:38 C:\WINDOWS\system32\ActiveScan\pfdnnt.exe ----a-w 49,152 2004-02-04 18:08:42 C:\WINDOWS\system32\ActiveScan\port32.dll ----a-w 69,632 2006-08-01 17:23:10 C:\WINDOWS\system32\ActiveScan\pscpu.dll ----a-w 1,388,544 2006-08-23 17 08 C:\WINDOWS\system32\ActiveScan\pskahk.dll----a-w 10,752 2006-08-17 15:38:14 C:\WINDOWS\system32\ActiveScan\pskalloc.dll ----a-w 61,440 2006-09-04 15:49:54 C:\WINDOWS\system32\ActiveScan\pskas.dll ----a-w 779,264 2006-08-18 12:46:18 C:\WINDOWS\system32\ActiveScan\pskavs.dll ----a-w 417,792 2007-03-26 18:25:34 C:\WINDOWS\system32\ActiveScan\pskcmp.dll ----a-w 90,112 2006-08-09 14:42:24 C:\WINDOWS\system32\ActiveScan\pskfss.dll ----a-w 208,896 2006-07-19 14:55:58 C:\WINDOWS\system32\ActiveScan\pskhtml.dll ----a-w 9,728 2006-01-20 20:57:00 C:\WINDOWS\system32\ActiveScan\pskmas.dll ----a-w 14,336 2006-05-17 13:50:12 C:\WINDOWS\system32\ActiveScan\pskmdfs.dll ----a-w 33,280 2006-08-16 14:58:12 C:\WINDOWS\system32\ActiveScan\pskpack.dll ----a-w 266,240 2006-06-30 18:42:36 C:\WINDOWS\system32\ActiveScan\pskscs.dll ----a-w 62,976 2006-08-17 18:33:14 C:\WINDOWS\system32\ActiveScan\pskutil.dll ----a-w 13,312 2006-08-08 17:13:10 C:\WINDOWS\system32\ActiveScan\pskvfile.dll ----a-w 69,632 2006-08-18 12:53:08 C:\WINDOWS\system32\ActiveScan\pskvfs.dll ----a-w 167,936 2006-08-18 12:49:50 C:\WINDOWS\system32\ActiveScan\pskvm.dll ----a-w 353,840 2007-04-18 21:16:04 C:\WINDOWS\system32\ActiveScan\psscan.dll ----a-w 35,328 2007-01-22 18:42:48 C:\WINDOWS\system32\ActiveScan\rawvfile.dll ----a-w 9,488 1997-09-18 10:12:32 C:\WINDOWS\system32\ActiveScan\sporder.dll ----a-w 69,632 2006-02-28 21:23:40 C:\WINDOWS\system32\ActiveScan\tcpvfile.dll . ----a-w 48,936 2006-07-29 23:32:50 C:\WINDOWS\system32\sirenacm.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 06:20 C:\WINDOWS\SOUNDMAN.EXE] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 09:07] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 10:57] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-13 11:27] "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 08:00] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 11:50] C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ Event Reminder.lnk - F:\Josyane\PrintMaster\PMremind.exe [2007-08-20 10:31:13] R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys R3 Tetri5;Tetri5 driver;C:\WINDOWS\system32\Drivers\Tetri5.sys S0 FVDSCSI;FVDSCSI;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ssm_bus.sys S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys *Newly Created Service* - USNJSVC . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-09-15 22:17:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-09-17 20:11:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-17 16:26:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-17 16:26:50 C:\ComboFix-quarantined-files.txt ... 2007-09-17 16:26 C:\ComboFix2.txt ... 2007-09-15 16:19 C:\ComboFix3.txt ... 2007-09-13 15:02 . --- E O F --- |
|
|
|
|
09-17-2007, 11:38 PM
|
#6 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2007
Posts: 289
OS: ARCH Linux
|
Re: popup and security alert
The infection was taken care of by running SmitfraudFix.
Good job your log is clean. You can delete the combofix, smitfraudfix, C:\QooFix folder/files now.. AVG you have is a fine AntiVirus/Anti-Spyware but it doesn't LOOK like you have a Firewall running other than the XP default. Unless you are behind a NAT router you should really get a software firewall... Comodo makes an excellent one available HERE. There are a couple more mentioned in the speech at the very end of here. First, let's clean your restore points and set a new one: Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
You Java is up to date but you NEED to uninstall the old ones J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard and IE/Spyad. SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts. IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It is free. More info and download is available at links in the following article by TonyKlein Make SURE to read How Did I Get Infected in the First Place?? |
|
|
|
|
| Thread Tools | |
|
|
