Tech Support Forum banner
Status
Not open for further replies.
1 - 8 of 8 Posts

· Registered
Joined
·
5 Posts
Discussion Starter · #1 ·
I have some problem with windows opening each time I go on internet with the title ~http://fp.pc-on-internet.com. I tried many things but no result so far. I have a hijackthis log file if you want to see.

Can someone help me please!!
Thx

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:10:40, on 2007-11-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\iTunes\iTunesHelper.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?pr...11095567540000000115056708432&version=g_4.4.2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "D:\Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/fr/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9FB41C30-E6E4-11D4-8378-0050DA19EB7F} (Calendar Control) - https://infoservices.cum.qc.ca/CalendarProj1.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 10500 bytes
 

· TSF-Enthusiast
Joined
·
923 Posts
Please download Navilog1
  • Right-click and Extract all to the Desktop
  • Double click on navilog1.exe to install
  • When the installation is complete, the tool starts automatically. (If it doesn't start automatically, please double click on the Navilog1 shortcut on the Desktop)
  • From the language menu, press E for English
  • In the next menu, type 1 to select Search and press Enter (Please wait for the Scan to finish (It may take a while)
  • Press any key as requested
The tool produces a document: fixnavi.txt

~~~~
Also download ComboFix.exe

Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Now, run HijackThis once again to obtain a new log.
However, since you are using the Beta version of HijackThis, please remove the version you have, and download the HijackThis Installer
Save to the Desktop.
Double-click on HJTInstall.exe to install the program.
A prompt appears showing that, by default, it installs to C:\Program Files\Trend Micro\HijackThis
Click: Install

Please use version 2.0.2 of HijackThis from now on.

~~~~
Please post the fixnavi.txt, the ComboFix.txt, and a new HijackThis log in your reply.
 

· Registered
Joined
·
5 Posts
Discussion Starter · #3 ·
Thank you very much for helping me Aaflac. I made all you said and here are the results

/////fixnavi.txt//////

Search Navipromo version 3.3.4 began on 2007-09-08 at 10:02:02,90

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Program Files\navilog1
Updated on 02.11.2007 at 12h00 by IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Version Internet Explorer : 6.0.2900.2180

Done in normal mode

*** Searching for installed Software ***




*** Search folders in C:\WINDOWS ***



*** Search folders in C:\Program Files ***



*** Search folders in C:\Documents and Settings\All Users\Application Data ***




*** Search folders in C:\Documents and Settings\Administrateur\Application Data ***


*** Search folders in C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net

No file found in :

- C:\WINDOWS\system32
- C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1



*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in C:\WINDOWS\system32 *

* Scan in C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1 *

Files found :

mukmnpe.exe found !



*** Search files ***




*** Search specific Registry keys ***

HKEY_CURRENT_USER\Software\Lanconfig found !

*** Complementary Search ***
(Search specific files)

1)Search known files:

2)Heuristic Search :



3)Certificates Search :

Egroup certificate found !


*** Search completed on 2007-09-08 at 10:03:19,42 ***


///// Combofix.txt/////

ComboFix 07-11-08.1 - Administrateur 2007-09-08 10:06:04.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.192 [GMT -4:00]
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\Documents and Settings\Administrateur\Local Settings\Application Data\mukmnpe.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\mukmnpe.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\mukmnpe_nav.dat
c:\Documents and Settings\Administrateur\Local Settings\Application Data\mukmnpe_navps.dat
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\Installer\bin\siuninst.exe
C:\Program Files\screensavers.com\Installer\temp\dm10.tmp
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\WINDOWS\system32\MabryObj.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-08 to 2007-11-08 ))))))))))))))))))))))))))))))))))))
.

2007-10-30 07:33 <REP> d-------- C:\WINDOWS\report
2007-10-30 07:32 <REP> d-------- C:\WINDOWS\AU_Backup
2007-10-30 07:32 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-10-30 07:32 267,845 --a------ C:\WINDOWS\tsc.exe
2007-10-30 07:32 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-10-30 07:32 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-10-30 07:25 <REP> d-------- C:\WINDOWS\AU_Temp
2007-10-30 07:25 <REP> d-------- C:\WINDOWS\AU_Log
2007-10-30 07:24 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-10-30 07:24 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-10-30 07:24 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-10-10 03:13 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-03 14:54 --------- d-----w C:\Program Files\Edgar3
2007-11-03 11:22 --------- d-----w C:\Program Files\Norton Internet Security
2007-10-17 12:33 --------- d-----w C:\Program Files\Symantec
2007-09-08 14:04 --------- d-----w C:\Program Files\Navilog1
2007-09-08 13:56 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2005-08-27 14:44 17,144 ----a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 18:26]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" []
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 16:50]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-21 15:29]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-10-14 09:46]
"QuickTime Task"="D:\Quicktime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="D:\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 12:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-08-29 11:44]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 16:51]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R3 ICAM3NT5;Intel(r) PC Camera CS331;C:\WINDOWS\system32\Drivers\ICAM3D2.SYS
R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS
S3 ASUSHWIO;ASUSHWIO;\??\C:\WINDOWS\System32\drivers\ASUSHWIO.sys
S3 SDdriver;SDdriver;\??\C:\WINDOWS\System32\Drivers\sddriver.sys

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-09-05 23:58:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-08 00:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Administrateur.job"
- C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe
"2007-09-07 21:30:00 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
"2007-09-08 04:00:00 C:\WINDOWS\Tasks\Symantec Drmc.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 10:10:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-08 10:22:42 - machine was rebooted
.
--- E O F ---

/////hijackthis log//////////

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:44, on 2007-11-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\iTunes\iTunesHelper.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "D:\Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/fr/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9FB41C30-E6E4-11D4-8378-0050DA19EB7F} (Calendar Control) - https://infoservices.cum.qc.ca/CalendarProj1.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8649 bytes

Thx again, I wait for your reply!!
Tubwood
 

· TSF-Enthusiast
Joined
·
923 Posts


Please temporarily turn off the real time scanner of the Norton AntiVirus program while performing the following.

Open the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner
Click Yes, when prompted to install its ActiveX component.
The program launches and downloads the latest definition files.
  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report.





To obtain the report:
Click on: Save Report As (above - red blinking arrow)

Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save

Please post the contents of the Kaspersky Online Scanner Report in your reply.
 

· Registered
Joined
·
5 Posts
Discussion Starter · #5 ·
Here's the report with the Kaspersky Online Scanner :

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, November 09, 2007 12:55:00 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/11/2007
Kaspersky Anti-Virus database records: 455426
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 38892
Number of viruses found: 14
Number of infected objects: 94
Number of suspicious objects: 0
Duration of the scan process: 00:31:42

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrateur\Bureau\Navilog1\Navilog1.exe/file7 Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Administrateur\Bureau\Navilog1\Navilog1.exe Inno: infected - 1 skipped
C:\Documents and Settings\Administrateur\Bureau\Navilog1.zip/Navilog1.exe/file7 Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Administrateur\Bureau\Navilog1.zip/Navilog1.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Administrateur\Bureau\Navilog1.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Administrateur\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrateur\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrateur\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-11-09_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Log.txt Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Navilog1\reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\00485DE3.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\004B07DF.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\02BB7397.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\02BE02F7.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\04A42D93.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06752AB6.tmp Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0BE13E0B.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0C4C5CAA.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0EB34A30.tmp Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0F956B95.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\11545F9B.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\16015DAC.tmp Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\170C2A13.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\173A5CC7.tmp Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\19925697.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1CFD592F.tmp Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1CFD592F.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D8839A9.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1E0776AC.tmp Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\21CD6C3D.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2285652F.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\24221432.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2984468A.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2A5F625D.tmp Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2AD47BB5.tmp Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2AD47BB5.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2AD725B1.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2D6A6B9B.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2DDE41D2.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2E9E1A14.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2FB45576.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\31307082.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34346FEE.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\343719EB.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34EF15D7.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\361510C0.tmp Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\383506FB.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\38481B5A.tmp Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\385300DB.dll Infected: not-a-virus:AdWare.Win32.Comet.c skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3C4E3CD4.tmp Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\40385669.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\42CE1C43.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\44064D20.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\446477D2.tmp Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\446721CE.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\456652B3.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\45B86B5E.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\46625AF1.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4FD63511.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56896E22.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\59266ED2.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5A9C1531.tmp Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5EFA4291.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\627275A5.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63A94E43.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63BC2E1A.tmp Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63BC2E1A.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\65733EA3.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\66421347.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\66566477.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\66663665.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\66DC4438.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\670768C5.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\681663D2.tmp Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6DED1948.tmp Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6E751AD4.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6FA353FE.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\70684324.tmp Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\74713C34.tmp Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\799B163C.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7B052701.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7B1F3DF2.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7F0223D4.Vir Infected: Exploit.Win32.MS04-028.gen skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0EAF1023.class Infected: Trojan.Java.ClassLoader.Dummy.e skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0EB33A1F.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0EB33A1F.exe Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0EB33A1F.php Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0EBC3815.class Infected: Trojan.Java.ClassLoader.h skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0F0E51BB.htm Infected: Trojan-Downloader.VBS.Psyme.j skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1D6A21CC Infected: Virus.Win32.Nsag.b skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\26EA16AD.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3AAC5E35.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\54771190.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\62AA33D2.htm Infected: Exploit.HTML.Mht skipped
C:\quarantine\00000006.DAT.Vir Object is locked skipped
C:\quarantine\download1148893709251468.dat.Vir Object is locked skipped
C:\quarantine\oleext32.dll.Vir Object is locked skipped
C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{44E95F8C-4204-4AC0-B1F9-B64DFEC5FCB9}\RP682\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\mIRC\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped
D:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
D:\Programmes importants\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
D:\Programmes importants\mirc616.exe mIRC: infected - 1 skipped
D:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
 

· TSF-Enthusiast
Joined
·
923 Posts
If you are not having malware problems, you are good to go!

Please do the following to wrap up:

  • Go to Start then Run
  • Type Combofix /u in the Open box, and click OK. (Notice the space before /u)
This command uninstalls ComboFix, implements some cleanup procedures, and resets System Restore points to prevent re-infection from old Restore points.




Also remove the following folder (bold):
C:\Program Files\navilog1


Some of the best suggestions and programs to remain malware free are contained in Tony Klein’s article:
How Did I Get Infected In The First Place

It is also a very good practice to perform an online virus scan on a regular basis.
Scanners do not have identical malware definitions, and what one misses, another one can catch.
Some of the scanners are:
BitDefender Online Scanner
ESET NOD32 Online Scanner
F-Secure Online Scanner
Panda ActiveScan
TrendMicro HouseCall

~~~~
If you have any questions or comments, post back. Otherwise...

Good luck, and safe journey through the Internet!!
 
1 - 8 of 8 Posts
Status
Not open for further replies.
Top