Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91982 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Trojan downloader Generic8 BWGK


  • This topic is locked This topic is locked
2 replies to this topic

#1 SidMarcus

SidMarcus

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 03 October 2009 - 04:29 PM

Hello, sorry not to present me but I am new on this forum. I have for this morning, a trojan horse downloader generic 8 BWGK was detected by my antivirus: AVG free 8.5, this one having attacked has keys register, I decided to get rid of it. Indeed further to the reading of a quasi-similar case in mine I installed combofix and followed literally the instructions which were given.

Here is the report of combofix:

ComboFix 09-10-01.05 - Bastien 03/10/2009 23:57.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.408 [GMT 2:00]
Lancé depuis: c:\documents and settings\Bastien\Bureau\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-09-03 au 2009-10-03 ))))))))))))))))))))))))))))))))))))
.

2009-09-13 08:42 . 2009-09-13 08:42 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-09-13 08:42 . 2005-10-27 13:06 356096 ----a-w- c:\windows\system32\rt61.sys
2009-09-13 08:42 . 2005-10-20 13:00 243328 ----a-w- c:\windows\system32\rt2500.sys
2009-09-13 08:42 . 2009-09-13 08:42 -------- d-----w- c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
2009-09-12 14:28 . 2009-09-12 15:08 -------- d-----w- c:\program files\Firefly Studios
2009-09-12 07:39 . 2009-09-12 07:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 21:07 . 2009-09-11 21:07 -------- d-----w- c:\documents and settings\Bastien\Local Settings\Application Data\Linksys_LLC_-_A_Division_
2009-09-06 20:57 . 2009-10-03 00:13 72912 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-06 17:07 . 2009-09-06 17:07 -------- d-----w- c:\program files\WebEx
2009-09-06 17:06 . 2009-09-06 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Linksys
2009-09-06 17:04 . 2008-05-16 04:10 23992 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-09-06 17:04 . 2008-05-16 04:10 25272 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-09-06 17:04 . 2009-09-06 17:04 -------- d-----w- c:\program files\Fichiers communs\Pure Networks Shared
2009-09-06 17:04 . 2009-09-06 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-09-06 17:02 . 2009-09-06 17:03 -------- d-----w- c:\program files\Linksys
2009-09-05 23:14 . 2009-09-13 19:33 -------- d-----w- C:\Fraps
2009-09-05 15:49 . 2009-09-09 17:29 -------- d-----w- c:\documents and settings\Bastien\Local Settings\Application Data\id Software
2009-09-05 15:30 . 2009-09-05 15:30 -------- d-----w- c:\program files\Activision
2009-09-05 15:29 . 2009-09-05 15:29 -------- d-sh--w- c:\windows\ftpcache

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 12:21 . 2008-11-15 20:50 -------- d-----w- c:\program files\World of Warcraft officiel
2009-09-24 21:48 . 2001-08-28 14:00 82572 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-24 21:48 . 2001-08-28 14:00 503034 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-19 15:38 . 2008-11-13 23:10 -------- d-----w- c:\program files\Windows Live
2009-09-19 15:20 . 2008-11-29 00:59 18800 ----a-w- c:\documents and settings\Bastien\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-13 19:33 . 2009-05-09 09:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-12 14:28 . 2008-11-13 21:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-12 08:56 . 2009-01-03 15:55 -------- d-----w- c:\program files\Warcraft III
2009-09-12 07:39 . 2009-02-08 09:54 -------- d-----w- c:\program files\Java
2009-09-12 07:27 . 2008-11-13 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-10 15:54 . 2009-04-21 00:34 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 17:11 . 2009-06-27 14:15 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-09 17:11 . 2009-06-27 14:15 189640 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-05 23:13 . 2009-04-23 15:48 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-05 15:47 . 2009-06-27 14:15 139152 ----a-w- c:\documents and settings\Bastien\Application Data\PnkBstrK.sys
2009-09-05 15:46 . 2009-06-27 14:15 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-05 15:46 . 2009-06-27 14:15 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-09-03 18:44 . 2009-08-29 22:18 -------- d-----w- c:\program files\EA Games
2009-09-03 18:42 . 2009-06-07 20:40 -------- d-----w- c:\program files\The Cleaner
2009-09-03 10:09 . 2008-11-13 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-02 13:17 . 2009-07-04 15:15 -------- d-----w- c:\program files\DOSBox-0.73
2009-09-02 13:17 . 2009-05-09 08:18 -------- d-----w- c:\program files\AruaROSE
2009-09-02 13:15 . 2009-08-23 00:44 -------- d-----w- c:\documents and settings\Bastien\Application Data\SystemRequirementsLab
2009-09-01 20:12 . 2009-03-19 18:07 -------- d-----w- c:\program files\LucasArts
2009-09-01 17:59 . 2009-09-01 16:14 -------- d-----w- c:\program files\Time Commando
2009-09-01 10:57 . 2009-08-22 20:22 -------- d-----w- c:\program files\Cryptic Studios
2009-08-25 21:53 . 2009-01-03 15:58 160032 ----a-w- c:\windows\War3Unin.dat
2009-08-23 01:14 . 2009-08-23 01:14 -------- d-----w- c:\program files\NVIDIA Corporation
2009-08-23 01:14 . 2009-08-23 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-08-23 00:44 . 2009-08-23 00:44 -------- d-----w- c:\program files\SystemRequirementsLab
2009-08-22 21:44 . 2009-08-22 20:17 -------- d-----w- c:\program files\CO
2009-08-21 08:05 . 2008-11-13 21:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-21 08:05 . 2008-11-13 21:19 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-21 08:05 . 2008-11-13 21:19 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-20 08:42 . 2009-08-20 08:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-14 13:12 . 2008-11-15 12:03 -------- d-----w- c:\documents and settings\Bastien\Application Data\teamspeak2
2009-08-14 11:12 . 2009-03-19 18:17 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-14 10:44 . 2009-05-01 11:18 -------- d-----w- c:\program files\Electronic Arts
2009-08-09 13:39 . 2009-06-24 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-05 20:48 . 2009-04-21 00:34 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-08-05 09:00 . 2008-04-13 17:33 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:03 . 2008-04-13 17:33 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 18:54 . 2009-08-23 01:14 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-14 18:54 . 2009-08-23 01:13 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-07-14 18:54 . 2009-08-23 01:13 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-07-14 18:54 . 2009-08-23 01:13 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-07-14 18:54 . 2009-08-23 01:13 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-07-14 18:54 . 2009-08-23 01:13 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-07-14 18:54 . 2009-08-23 01:13 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-07-14 18:54 . 2009-08-23 01:13 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-07-14 18:54 . 2009-08-23 01:13 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-07-14 18:54 . 2006-06-01 09:22 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 18:54 . 2006-06-01 09:22 5842816 ----a-w- c:\windows\system32\nv4_disp.dll
2009-07-14 11:34 . 2009-07-14 11:34 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 11:34 . 2009-07-14 11:34 8085504 ----a-w- c:\windows\system32\nvdispsr.dll
2009-07-14 11:34 . 2009-07-14 11:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-07-14 11:34 . 2009-07-14 11:34 4640768 ----a-w- c:\windows\system32\nvgamesr.dll
2009-07-14 11:34 . 2009-07-14 11:34 458752 ----a-w- c:\windows\system32\nvmccssr.dll
2009-07-14 11:34 . 2009-07-14 11:34 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-07-14 11:34 . 2009-07-14 11:34 2854912 ----a-w- c:\windows\system32\nvmoblsr.dll
2009-07-14 11:34 . 2009-07-14 11:34 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-07-14 11:34 . 2009-07-14 11:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-07-14 11:34 . 2009-07-14 11:34 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-07-14 11:34 . 2009-07-14 11:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-07-14 11:34 . 2009-07-14 11:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-07-14 11:34 . 2009-07-14 11:34 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-07-13 21:43 . 2008-04-13 17:33 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 11:01 . 2009-07-10 11:01 307560 ----a-w- c:\windows\WLXPGSS.SCR
2009-07-10 05:01 . 2009-08-23 01:13 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-03-06 20:23 . 2009-03-06 20:23 10610008 ----a-w- c:\program files\Mumble-1.1.7.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 07:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-21 2007832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-08-06 159744]
"nmctxth"="c:\program files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-12 149280]
"VF0060 STISvc"="V0060Pin.dll" - c:\windows\system32\V0060Pin.dll [2004-11-01 36864]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-10-28 17331200]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-21 08:05 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Bastien\\Mes documents\\WoW-2.0.0-frfr-Installer.exe"=
"c:\\Program Files\\GOA\\Gunbound\\GunBound.gme"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\cyberdemon_killer\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\cyberdemon_killer\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires\\Empires.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\cyberdemon_killer\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\cyberdemon_killer\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\ZDaemon\\zlauncher.exe"=
"c:\\Program Files\\ZDaemon\\zdaemon.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\World of Warcraft officiel\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft officiel\\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft officiel\\Launcher.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Program Files\\EA Games\\Battlefield Heroes\\BFHeroes.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\World of Warcraft officiel\\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft officiel\\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"29900:TCP"= 29900:TCP:Gamespy TCP 29900
"29901:TCP"= 29901:TCP:gamespy29901 TCP 29901
"28900:TCP"= 28900:TCP:28900 TCP 28900
"27900:TCP"= 27900:TCP:27900 TCP 27900
"3783:TCP"= 3783:TCP:3783 TCP 3783
"6667:TCP"= 6667:TCP:6667 TCP 6667
"6515:TCP"= 6515:TCP:6515 TCP 6515
"6500:TCP"= 6500:TCP:6500 TCP 6500
"47624:TCP"= 47624:TCP:67624 TCP 47624
"2300:TCP"= 2300:TCP:2300tcp TCP 2300
"2300:UDP"= 2300:UDP:2300udp UDP 2300
"2400:TCP"= 2400:TCP:2400tcp TCP 2400
"2400:UDP"= 2400:UDP:2400udp UDP 2400
"6073:UDP"= 6073:UDP:6073 UDP
"2302:UDP"= 2302:UDP:23022400 UDP 2302-2400
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/11/2008 23:19 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/11/2008 23:19 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [13/11/2008 23:31 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13/11/2008 23:31 297752]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21/04/2009 02:34 54752]
R3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [14/11/2008 00:55 196409]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [26/06/2008 14:52 204800]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - GTNDIS5
.
Contenu du dossier 'Tâches planifiées'

2009-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Bastien\Application Data\Mozilla\Firefox\Profiles\seka69sy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://google.fr/
FF - prefs.js: keyword.URL - hxxp://fr.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_fr&p=
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\Bastien\Application Data\Mozilla\Firefox\Profiles\seka69sy.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHELINS SUPPRIMES - - - -

AddRemove-Notification de cadeaux MSN - c:\documents and settings\Bastien\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 00:03
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3856)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-10-03 0:05
ComboFix-quarantined-files.txt 2009-10-03 22:05

Avant-CF: 22 897 070 080 octets libres
Après-CF: 23 014 232 064 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

258 --- E O F --- 2009-09-09 22:13



PS: Sorry for my bad english, i'm a little bit tired and have used an online translator :s... (not for this sentence :P)

Thanks for your answers.

Edited by SidMarcus, 03 October 2009 - 04:31 PM.

    Advertisements

Register to Remove


#2 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 08 October 2009 - 10:58 AM

Hi SidMarcus,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

It is a really bad idea to run tools like ComboFix on your own.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • Note the space between the X and the U, it needs to be there.
  • Posted Image


  • Download DDS and save it to your desktop from
  • Here
  • here or
  • here.
    • Disable any script blocking protection (How to Disable your Security Programs)
    • Double click DDS icon to run the tool (may take up to 3 minutes to run)
    • When done, DDS.txt will open.
    • After a few moments, attach.txt will open in a second window.
    • Save both reports to your desktop.
  • We Need to check for Rootkits with RootRepeal
    • Download RootRepeal from one of the following locations and save it to your desktop.
    • Open Posted Image on your desktop.
    • Click the Posted Image tab.
    • Click the Posted Image button.
    • In the Select Scan dialog, check
      Posted Image
    • Push Ok
    • Check the box for your main system drive (Usually C:), and press Ok.
    • Allow RootRepeal to run a scan of your system. This may take some time.
    • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt.
  • Copy/paste the log (that you've previously saved to your desktop) from RootRepeal onto your post.

  • Copy/paste the DDS.txt log (that you've previously saved to your desktop) onto your post.

  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#3 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 15 October 2009 - 10:38 AM

Due to inactivity this topic will be closed. If you need help please start a new thread.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users