Problems following infection with SMART_HDD

malwarekiller · Apr 7, 2012

Welcome to the forums!

Lets check what else bad is on your system and check your system for rootkits

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

sushi-33 · Apr 8, 2012

Thank you for your help ! I've run ComboFix, you can see the log below. It is still impossible to do a system restore and Panda Internet Security can go further in the analysis but is still blocked at some point (when analysing c:\cmdcons\kdcom.dl).

ComboFix 12-04-07.03 - ssesion 08/04/2012 9:39.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1100 [GMT 2:00]
Lancé depuis: c:\documents and settings\ssesion\Bureau\ComboFix.exe
AV: Panda Internet Security 2012 *Disabled/Updated* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Panda Personal Firewall 2012 *Disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\gastro4_DESCR.log
c:\data\IVE.dta
c:\documents and settings\Administrateur\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\ssesion\WINDOWS
c:\windows\jestertb.dll
c:\windows\system32\config\systemprofile\WINDOWS
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-03-08 au 2012-04-08 ))))))))))))))))))))))))))))))))))))
.
.
2012-04-07 12:19 . 2012-04-07 12:19 -------- d-----w- c:\program files\Fichiers communs\Java
2012-04-07 12:19 . 2012-04-07 12:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-07 10:40 . 2012-04-07 10:40 26400 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-04-07 10:10 . 2012-04-07 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-04-07 10:00 . 2012-04-07 10:00 -------- d-----w- c:\documents and settings\ssesion\Local Settings\Application Data\Threat Expert
2012-04-06 20:04 . 2012-04-07 18:40 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2012-04-06 18:40 . 2012-04-06 18:40 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Help
2012-04-06 18:40 . 2012-04-06 18:40 -------- d-s---w- c:\documents and settings\Administrateur\UserData
2012-04-06 18:32 . 2012-04-06 18:32 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2012-04-06 18:31 . 2012-04-06 18:31 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Panda Security
2012-04-06 18:23 . 2011-09-28 11:14 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-04-06 18:23 . 2012-02-17 13:08 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-04-06 18:23 . 2012-02-17 13:08 2250704 ----a-w- c:\windows\PCTBDCore.dll
2012-04-06 18:23 . 2012-02-17 13:08 1681360 ----a-w- c:\windows\PCTBDRes.dll
2012-04-06 18:23 . 2012-02-17 13:08 767952 ----a-w- c:\windows\BDTSupport.dll
2012-04-06 18:21 . 2012-04-06 18:21 -------- d-----w- c:\program files\PC Tools
2012-04-06 18:14 . 2012-04-07 08:48 -------- d-----w- c:\program files\Fichiers communs\PC Tools
2012-04-06 18:14 . 2012-02-24 08:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-04-06 18:13 . 2012-04-06 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-04-06 18:13 . 2012-04-06 18:13 -------- d-----w- c:\documents and settings\Administrateur\Application Data\TestApp
2012-04-05 19:39 . 2012-04-05 19:39 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-05 19:39 . 2012-04-05 19:39 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 16:23 . 2012-04-01 17:14 -------- d-----w- C:\Pre_Scan
2012-04-01 16:06 . 2012-04-01 16:08 -------- d-----w- C:\ZHP
2012-04-01 16:06 . 2012-04-01 16:08 -------- d-----w- c:\program files\ZHPDiag
2012-04-01 15:06 . 2012-04-01 15:06 -------- d-----w- c:\windows\system32\GroupPolicy
2012-04-01 09:33 . 2012-04-01 09:33 -------- d-----w- c:\documents and settings\ssesion\Application Data\Malwarebytes
2012-04-01 09:33 . 2012-04-01 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-01 09:33 . 2012-04-01 09:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-01 09:33 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 15:53 . 2012-03-30 15:53 -------- d-----w- c:\program files\iPod
2012-03-27 18:48 . 2012-03-27 18:48 -------- d-----w- c:\program files\Paint.NET
2012-03-27 18:48 . 2012-03-27 19:03 -------- d-----w- c:\documents and settings\ssesion\Local Settings\Application Data\Paint.NET
2012-03-27 18:41 . 2012-04-01 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM
2012-03-27 18:41 . 2012-03-27 18:42 -------- d-----w- c:\program files\SweetIM
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-07 12:18 . 2011-12-17 20:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 09:01 . 2010-12-04 15:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 09:01 . 2010-12-04 15:11 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-03 09:58 . 2006-09-15 12:24 1860224 ----a-w- c:\windows\system32\win32k.sys
2012-01-19 07:23 . 2012-02-12 16:55 339320 ----a-w- c:\windows\system32\HMIPCore.dll
2012-01-09 16:20 . 2006-09-15 12:35 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 04:38 . 2012-04-07 12:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\ssesion\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\ssesion\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\ssesion\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\ssesion\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7557120]
"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2006-05-01 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-21 221184]
"APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE" [2011-04-13 1000768]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2012\Inicio.exe" [2011-02-02 70464]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 11:55 55552 ----a-w- c:\windows\system32\avldr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-09-09 01:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-12-13 14:50 88204 ----a-w- c:\windows\agrsmmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 16:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 11:34 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
2004-06-01 10:46 196608 ------w- c:\program files\Logitech\Video\ManifestEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2004-06-01 11:09 458752 ------w- c:\program files\Logitech\Video\ISStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2004-06-01 11:03 217088 ------w- c:\program files\Logitech\Video\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 19:34 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-05-01 20:04 1519616 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-05 13:59 16206848 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2006-08-25 11:47 356352 ----a-w- c:\program files\Toshiba\TOSHIBA Applet\THotkey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2005-04-11 14:08 65536 ----a-w- c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2005-08-03 14:09 266240 ----a-w- c:\windows\system32\TPSMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
2006-02-02 11:11 73728 ----a-w- c:\program files\Toshiba\Tvs\TvsTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Reference Manager 12 Demo\\WebPublisher\\thirdparty\\Apache2\\bin\\RMWP_Apache.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\ssesion\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [21/02/2012 11:57 26696]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [21/02/2012 11:57 83528]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [21/02/2012 11:58 53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [21/02/2012 11:57 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [21/02/2012 11:58 193864]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [21/02/2012 11:57 159112]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [21/02/2012 11:56 37448]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [21/02/2012 11:58 46856]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [21/02/2012 11:56 59080]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [06/04/2012 20:23 550864]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [21/02/2012 11:56 163848]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2012\psksvc.exe [21/02/2012 11:57 28992]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [06/04/2012 22:04 13880]
R3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP\HideMyIpSrv.exe [12/02/2012 18:55 3337216]
R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [21/02/2012 11:56 201032]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [22/09/2006 13:56 7040]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05/04/2012 21:39 253600]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [07/04/2012 12:40 26400]
S3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [14/02/2011 21:44 13824]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [14/02/2011 21:44 17408]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [06/04/2012 20:23 56840]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [06/12/2009 22:46 163328]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RMWPService;RMWPService;c:\program files\Reference Manager 12 Demo\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe [28/01/2004 17:25 20537]
.
Contenu du dossier 'Tâches planifiées'
.
2012-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:39]
.
2012-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
.
2012-04-07 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2012-02-21 16:09]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Rechercher sur le Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
LSP: c:\windows\system32\HMIPCore.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\ssesion\Application Data\Mozilla\Firefox\Profiles\n5l7aomg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig|http://du110w.dub110.mail.live.com/default.aspx#fid=1&n=357179671
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-SmoothView - c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
MSConfigStartUp-Symantec PIF AlertEng - c:\program files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
MSConfigStartUp-TFncKy - TFncKy.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-08 09:47
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(1484)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\avldr.dll
.
- - - - - - - > 'lsass.exe'(1544)
c:\windows\system32\HMIPCore.dll
.
Heure de fin: 2012-04-08 09:54:55
ComboFix-quarantined-files.txt 2012-04-08 07:54
.
Avant-CF: 36,050,264,064 octets libres
Après-CF: 36,285,865,984 octets libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 9EDF61F8666814C7B6FED3B039898928

malwarekiller · Apr 8, 2012

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code:

Folder::
c:\cmdcons

Quarantine::
C:\windows\system32\feclient.dll

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Attach the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

In your next reply please attach the ComboFix log and let me know how your system is running.

NEXT

run farbar service scanner

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

sushi-33 · Apr 8, 2012

ComboFix log:
ComboFix 12-04-07.03 - ssesion 08/04/2012 16:47:34.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1382 [GMT 2:00]
Lancé depuis: c:\documents and settings\ssesion\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\ssesion\Bureau\CFScript.txt
AV: Panda Internet Security 2012 *Disabled/Updated* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Panda Personal Firewall 2012 *Disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\cmdcons
c:\cmdcons\1394BUS.SY_
c:\cmdcons\1394VDBG.SY_
c:\cmdcons\ABP480N5.SY_
c:\cmdcons\ACPI.SY_
c:\cmdcons\ACPIEC.SY_
c:\cmdcons\ADPU160M.SY_
c:\cmdcons\AHA154X.SY_
c:\cmdcons\AIC78U2.SY_
c:\cmdcons\AIC78XX.SY_
c:\cmdcons\ALIIDE.SY_
c:\cmdcons\AMSINT.SY_
c:\cmdcons\ASC.SY_
c:\cmdcons\ASC3350P.SY_
c:\cmdcons\ASC3550.SY_
c:\cmdcons\ATAPI.SY_
c:\cmdcons\autochk.exe
c:\cmdcons\autofmt.exe
c:\cmdcons\BIOSINFO.INF
c:\cmdcons\BOOTFONT.BIN
c:\cmdcons\bootsect.dat
c:\cmdcons\BOOTVID.DL_
c:\cmdcons\C_1252.NL_
c:\cmdcons\C_850.NL_
c:\cmdcons\CBIDF2K.SY_
c:\cmdcons\CD20XRNT.SY_
c:\cmdcons\CDFS.SY_
c:\cmdcons\CDROM.SY_
c:\cmdcons\CLASSPNP.SY_
c:\cmdcons\CMDIDE.SY_
c:\cmdcons\CPQARRAY.SY_
c:\cmdcons\DAC2W2K.SY_
c:\cmdcons\DAC960NT.SY_
c:\cmdcons\DISK.SY_
c:\cmdcons\DISK101
c:\cmdcons\DISK102
c:\cmdcons\DISK103
c:\cmdcons\DISK104
c:\cmdcons\DISK105
c:\cmdcons\DISK106
c:\cmdcons\DMBOOT.SY_
c:\cmdcons\DMIO.SY_
c:\cmdcons\DMLOAD.SY_
c:\cmdcons\DPTI2O.SY_
c:\cmdcons\DRVMAIN.SDB
c:\cmdcons\FASTFAT.SY_
c:\cmdcons\FDC.SY_
c:\cmdcons\FLPYDISK.SY_
c:\cmdcons\FTDISK.SY_
c:\cmdcons\HAL.DL_
c:\cmdcons\HALAACPI.DL_
c:\cmdcons\HALACPI.DL_
c:\cmdcons\HALAPIC.DL_
c:\cmdcons\HALMACPI.DL_
c:\cmdcons\HALMPS.DL_
c:\cmdcons\HALSP.DL_
c:\cmdcons\HIDCLASS.SY_
c:\cmdcons\HIDPARSE.SY_
c:\cmdcons\HIDUSB.SY_
c:\cmdcons\HPN.SY_
c:\cmdcons\I2OMGMT.SY_
c:\cmdcons\I2OMP.SY_
c:\cmdcons\I8042PRT.SY_
c:\cmdcons\INI910U.SY_
c:\cmdcons\INTELIDE.SY_
c:\cmdcons\ISAPNP.SY_
c:\cmdcons\KBDA1.DLL
c:\cmdcons\KBDA2.DLL
c:\cmdcons\KBDA3.DLL
c:\cmdcons\KBDAL.DLL
c:\cmdcons\KBDARME.DLL
c:\cmdcons\KBDARMW.DLL
c:\cmdcons\KBDAZE.DLL
c:\cmdcons\KBDAZEL.DLL
c:\cmdcons\KBDBE.DLL
c:\cmdcons\KBDBLR.DLL
c:\cmdcons\KBDBR.DLL
c:\cmdcons\KBDBU.DLL
c:\cmdcons\KBDCA.DLL
c:\cmdcons\KBDCLASS.SY_
c:\cmdcons\KBDCR.DLL
c:\cmdcons\KBDCZ.DLL
c:\cmdcons\KBDCZ1.DLL
c:\cmdcons\KBDCZ2.DLL
c:\cmdcons\KBDDA.DLL
c:\cmdcons\KBDDIV1.DLL
c:\cmdcons\KBDDIV2.DLL
c:\cmdcons\KBDDV.DLL
c:\cmdcons\KBDES.DLL
c:\cmdcons\KBDEST.DLL
c:\cmdcons\KBDFA.DLL
c:\cmdcons\KBDFC.DLL
c:\cmdcons\KBDFI.DLL
c:\cmdcons\KBDFR.DLL
c:\cmdcons\KBDGAE.DLL
c:\cmdcons\KBDGEO.DLL
c:\cmdcons\KBDGKL.DLL
c:\cmdcons\KBDGR.DLL
c:\cmdcons\KBDGR1.DLL
c:\cmdcons\KBDHE.DLL
c:\cmdcons\KBDHE220.DLL
c:\cmdcons\KBDHE319.DLL
c:\cmdcons\KBDHEB.DLL
c:\cmdcons\KBDHELA2.DLL
c:\cmdcons\KBDHELA3.DLL
c:\cmdcons\KBDHEPT.DLL
c:\cmdcons\KBDHID.SY_
c:\cmdcons\KBDHU.DLL
c:\cmdcons\KBDHU1.DLL
c:\cmdcons\KBDIC.DLL
c:\cmdcons\KBDINDEV.DLL
c:\cmdcons\KBDINGUJ.DLL
c:\cmdcons\KBDINHIN.DLL
c:\cmdcons\KBDINKAN.DLL
c:\cmdcons\KBDINMAR.DLL
c:\cmdcons\KBDINPUN.DLL
c:\cmdcons\KBDINTAM.DLL
c:\cmdcons\KBDINTEL.DLL
c:\cmdcons\KBDIR.DLL
c:\cmdcons\KBDIT.DLL
c:\cmdcons\KBDIT142.DLL
c:\cmdcons\KBDKAZ.DLL
c:\cmdcons\KBDKYR.DLL
c:\cmdcons\KBDLA.DLL
c:\cmdcons\KBDLT.DLL
c:\cmdcons\KBDLT1.DLL
c:\cmdcons\KBDLV.DLL
c:\cmdcons\KBDLV1.DLL
c:\cmdcons\KBDMON.DLL
c:\cmdcons\KBDNE.DLL
c:\cmdcons\KBDNEC.DLL
c:\cmdcons\KBDNO.DLL
c:\cmdcons\KBDPL.DLL
c:\cmdcons\KBDPL1.DLL
c:\cmdcons\KBDPO.DLL
c:\cmdcons\KBDRO.DLL
c:\cmdcons\KBDRU.DLL
c:\cmdcons\KBDRU1.DLL
c:\cmdcons\KBDSF.DLL
c:\cmdcons\KBDSG.DLL
c:\cmdcons\KBDSL.DLL
c:\cmdcons\KBDSL1.DLL
c:\cmdcons\KBDSP.DLL
c:\cmdcons\KBDSW.DLL
c:\cmdcons\KBDSYR1.DLL
c:\cmdcons\KBDSYR2.DLL
c:\cmdcons\KBDTAT.DLL
c:\cmdcons\KBDTH0.DLL
c:\cmdcons\KBDTH1.DLL
c:\cmdcons\KBDTH2.DLL
c:\cmdcons\KBDTH3.DLL
c:\cmdcons\KBDTUF.DLL
c:\cmdcons\KBDTUQ.DLL
c:\cmdcons\KBDUK.DLL
c:\cmdcons\KBDUR.DLL
c:\cmdcons\KBDURDU.DLL
c:\cmdcons\KBDUS.DLL
c:\cmdcons\KBDUSL.DLL
c:\cmdcons\KBDUSR.DLL
c:\cmdcons\KBDUSX.DLL
c:\cmdcons\KBDUZB.DLL
c:\cmdcons\KBDVNTC.DLL
c:\cmdcons\KBDYCC.DLL
c:\cmdcons\KBDYCL.DLL
c:\cmdcons\KD1394.DL_
c:\cmdcons\KDCOM.DL_
c:\cmdcons\KSECDD.SYS
c:\cmdcons\L_INTL.NL_
c:\cmdcons\LBRTFDC.SY_
c:\cmdcons\migrate.inf
c:\cmdcons\MOUNTMGR.SY_
c:\cmdcons\MRAID35X.SY_
c:\cmdcons\NTDETECT.COM
c:\cmdcons\NTFS.SYS
c:\cmdcons\NTKRNLMP.EX_
c:\cmdcons\OHCI1394.SY_
c:\cmdcons\OPRGHDLR.SY_
c:\cmdcons\PARTMGR.SY_
c:\cmdcons\PCI.SY_
c:\cmdcons\PCIIDE.SY_
c:\cmdcons\PCIIDEX.SY_
c:\cmdcons\PCMCIA.SY_
c:\cmdcons\PERC2.SY_
c:\cmdcons\PERC2HIB.SY_
c:\cmdcons\QL1080.SY_
c:\cmdcons\QL10WNT.SY_
c:\cmdcons\QL12160.SY_
c:\cmdcons\QL1240.SY_
c:\cmdcons\QL1280.SY_
c:\cmdcons\RAMDISK.SY_
c:\cmdcons\SBP2PORT.SY_
c:\cmdcons\SCSIPORT.SY_
c:\cmdcons\SERENUM.SY_
c:\cmdcons\SERIAL.SY_
c:\cmdcons\SETUPDD.SY_
c:\cmdcons\SETUPLDR.BIN
c:\cmdcons\SETUPREG.HIV
c:\cmdcons\SFLOPPY.SY_
c:\cmdcons\SLIP.SY_
c:\cmdcons\SPARROW.SY_
c:\cmdcons\SPCMDCON.SYS
c:\cmdcons\SPDDLANG.SY_
c:\cmdcons\STREAMIP.SY_
c:\cmdcons\SYM_HI.SY_
c:\cmdcons\SYM_U3.SY_
c:\cmdcons\SYMC810.SY_
c:\cmdcons\SYMC8XX.SY_
c:\cmdcons\SYSTEM32\NTDLL.DLL
c:\cmdcons\SYSTEM32\SMSS.EXE
c:\cmdcons\TFFSPORT.SY_
c:\cmdcons\TOSIDE.SY_
c:\cmdcons\txtsetup.sif
c:\cmdcons\ULTRA.SY_
c:\cmdcons\USBCCGP.SY_
c:\cmdcons\USBD.SY_
c:\cmdcons\USBEHCI.SY_
c:\cmdcons\USBHUB.SY_
c:\cmdcons\USBOHCI.SY_
c:\cmdcons\USBPORT.SY_
c:\cmdcons\USBSTOR.SY_
c:\cmdcons\USBUHCI.SY_
c:\cmdcons\VGA.SY_
c:\cmdcons\VGA850.FO_
c:\cmdcons\VIAIDE.SY_
c:\cmdcons\VIDEOPRT.SY_
c:\cmdcons\winnt.sif
c:\cmdcons\WMILIB.SY_
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-03-08 au 2012-04-08 ))))))))))))))))))))))))))))))))))))
.
.
2012-04-07 12:19 . 2012-04-07 12:19 -------- d-----w- c:\program files\Fichiers communs\Java
2012-04-07 12:19 . 2012-04-07 12:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-07 10:40 . 2012-04-07 10:40 26400 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-04-07 10:10 . 2012-04-07 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-04-07 10:00 . 2012-04-07 10:00 -------- d-----w- c:\documents and settings\ssesion\Local Settings\Application Data\Threat Expert
2012-04-06 20:04 . 2012-04-08 12:57 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2012-04-06 18:40 . 2012-04-06 18:40 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Help
2012-04-06 18:40 . 2012-04-06 18:40 -------- d-s---w- c:\documents and settings\Administrateur\UserData
2012-04-06 18:32 . 2012-04-06 18:32 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2012-04-06 18:31 . 2012-04-06 18:31 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Panda Security
2012-04-06 18:23 . 2011-09-28 11:14 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-04-06 18:23 . 2012-02-17 13:08 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-04-06 18:23 . 2012-02-17 13:08 2250704 ----a-w- c:\windows\PCTBDCore.dll
2012-04-06 18:23 . 2012-02-17 13:08 1681360 ----a-w- c:\windows\PCTBDRes.dll
2012-04-06 18:23 . 2012-02-17 13:08 767952 ----a-w- c:\windows\BDTSupport.dll
2012-04-06 18:21 . 2012-04-06 18:21 -------- d-----w- c:\program files\PC Tools
2012-04-06 18:14 . 2012-04-07 08:48 -------- d-----w- c:\program files\Fichiers communs\PC Tools
2012-04-06 18:14 . 2012-02-24 08:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-04-06 18:13 . 2012-04-06 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-04-06 18:13 . 2012-04-06 18:13 -------- d-----w- c:\documents and settings\Administrateur\Application Data\TestApp
2012-04-05 19:39 . 2012-04-05 19:39 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-05 19:39 . 2012-04-05 19:39 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 16:23 . 2012-04-01 17:14 -------- d-----w- C:\Pre_Scan
2012-04-01 16:06 . 2012-04-01 16:08 -------- d-----w- C:\ZHP
2012-04-01 16:06 . 2012-04-01 16:08 -------- d-----w- c:\program files\ZHPDiag
2012-04-01 15:06 . 2012-04-01 15:06 -------- d-----w- c:\windows\system32\GroupPolicy
2012-04-01 09:33 . 2012-04-01 09:33 -------- d-----w- c:\documents and settings\ssesion\Application Data\Malwarebytes
2012-04-01 09:33 . 2012-04-01 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-01 09:33 . 2012-04-01 09:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-01 09:33 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 15:53 . 2012-03-30 15:53 -------- d-----w- c:\program files\iPod
2012-03-27 18:48 . 2012-03-27 18:48 -------- d-----w- c:\program files\Paint.NET
2012-03-27 18:48 . 2012-03-27 19:03 -------- d-----w- c:\documents and settings\ssesion\Local Settings\Application Data\Paint.NET
2012-03-27 18:41 . 2012-04-01 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM
2012-03-27 18:41 . 2012-03-27 18:42 -------- d-----w- c:\program files\SweetIM
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-07 12:18 . 2011-12-17 20:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 09:01 . 2010-12-04 15:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 09:01 . 2010-12-04 15:11 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-03 09:58 . 2006-09-15 12:24 1860224 ----a-w- c:\windows\system32\win32k.sys
2012-01-19 07:23 . 2012-02-12 16:55 339320 ----a-w- c:\windows\system32\HMIPCore.dll
2012-01-09 16:20 . 2006-09-15 12:35 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 04:38 . 2012-04-07 12:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-08_07.47.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-08 12:54 . 2012-04-08 12:54 16384 c:\windows\Temp\Perflib_Perfdata_7c0.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 19168 c:\windows\Temp\cteng_8_2_21316952017r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 18708 c:\windows\Temp\cteng_8_2_11316951329r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 90092 c:\windows\Temp\cteng_1_2_921333460919r.dat
+ 2012-04-08 12:40 . 2012-04-08 12:40 77024 c:\windows\Temp\cteng_1_2_81333878781r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 91584 c:\windows\Temp\cteng_1_2_741333006863r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 63196 c:\windows\Temp\cteng_1_2_671333310418r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 59120 c:\windows\Temp\cteng_1_2_651333872018r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 99520 c:\windows\Temp\cteng_1_2_61333220412r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 77144 c:\windows\Temp\cteng_1_2_581333456823r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 72700 c:\windows\Temp\cteng_1_2_311333467571r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 67384 c:\windows\Temp\cteng_1_2_281332858539r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 63840 c:\windows\Temp\cteng_1_2_241333518861r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 69440 c:\windows\Temp\cteng_1_2_221333587621r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 62504 c:\windows\Temp\cteng_1_2_21333756824r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 71776 c:\windows\Temp\cteng_1_2_211333742409r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 73416 c:\windows\Temp\cteng_1_2_191332941648r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 64064 c:\windows\Temp\cteng_1_2_181332831030r.dat
+ 2012-04-08 12:40 . 2012-04-08 12:40 76972 c:\windows\Temp\cteng_1_2_171333878754r.dat
+ 2012-04-08 12:40 . 2012-04-08 12:40 71492 c:\windows\Temp\cteng_1_2_141333878726r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 66128 c:\windows\Temp\cteng_1_2_131332716421r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 64520 c:\windows\Temp\cteng_1_2_11333801711r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 87924 c:\windows\Temp\cteng_1_1_71331931616r.dat
+ 2012-04-08 12:40 . 2012-04-08 12:40 67768 c:\windows\Temp\cteng_1_1_61333885703r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 70444 c:\windows\Temp\cteng_1_1_441333868410r.dat
+ 2012-04-08 12:40 . 2012-04-08 12:40 74704 c:\windows\Temp\cteng_1_1_311333885717r.dat
+ 2012-04-08 12:40 . 2012-04-08 12:40 79560 c:\windows\Temp\cteng_1_1_161333885806r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 89940 c:\windows\Temp\cteng_1_1_111333828811r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 74168 c:\windows\Temp\cteng_1_1_101333861216r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 143284 c:\windows\Temp\cteng_1_2_41330578032r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 374752 c:\windows\Temp\cteng_1_2_361326924029r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 182368 c:\windows\Temp\cteng_1_2_201333411220r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 109812 c:\windows\Temp\cteng_1_2_101333872656r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 117864 c:\windows\Temp\cteng_1_1_151333760409r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 219636 c:\windows\Temp\cteng_1_1_131333455617r.dat
+ 2012-04-08 08:42 . 2012-04-08 08:42 151424 c:\windows\Temp\cteng_1_1_121326078018r.dat
+ 2012-02-21 09:58 . 2012-04-08 12:50 302244 c:\windows\system32\drivers\APPFCONT.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\ssesion\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\ssesion\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\ssesion\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\ssesion\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7557120]
"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2006-05-01 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-21 221184]
"APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE" [2011-04-13 1000768]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2012\Inicio.exe" [2011-02-02 70464]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 11:55 55552 ----a-w- c:\windows\system32\avldr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-09-09 01:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-12-13 14:50 88204 ----a-w- c:\windows\agrsmmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 16:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 11:34 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
2004-06-01 10:46 196608 ------w- c:\program files\Logitech\Video\ManifestEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2004-06-01 11:09 458752 ------w- c:\program files\Logitech\Video\ISStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2004-06-01 11:03 217088 ------w- c:\program files\Logitech\Video\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 19:34 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-05-01 20:04 1519616 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-05 13:59 16206848 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2006-08-25 11:47 356352 ----a-w- c:\program files\Toshiba\TOSHIBA Applet\THotkey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2005-04-11 14:08 65536 ----a-w- c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
2005-08-03 14:09 266240 ----a-w- c:\windows\system32\TPSMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
2006-02-02 11:11 73728 ----a-w- c:\program files\Toshiba\Tvs\TvsTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Reference Manager 12 Demo\\WebPublisher\\thirdparty\\Apache2\\bin\\RMWP_Apache.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\ssesion\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [21/02/2012 11:57 26696]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [21/02/2012 11:57 83528]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [21/02/2012 11:58 53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [21/02/2012 11:57 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [21/02/2012 11:58 193864]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [21/02/2012 11:57 159112]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [21/02/2012 11:56 37448]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [21/02/2012 11:58 46856]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [21/02/2012 11:56 59080]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [06/04/2012 20:23 550864]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [21/02/2012 11:56 163848]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2012\psksvc.exe [21/02/2012 11:57 28992]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [06/04/2012 22:04 13880]
R3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP\HideMyIpSrv.exe [12/02/2012 18:55 3337216]
R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [21/02/2012 11:56 201032]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [22/09/2006 13:56 7040]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05/04/2012 21:39 253600]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [07/04/2012 12:40 26400]
S3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [14/02/2011 21:44 13824]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [14/02/2011 21:44 17408]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [06/04/2012 20:23 56840]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [06/12/2009 22:46 163328]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RMWPService;RMWPService;c:\program files\Reference Manager 12 Demo\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe [28/01/2004 17:25 20537]
.
Contenu du dossier 'Tâches planifiées'
.
2012-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:39]
.
2012-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
.
2012-04-08 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2012-02-21 16:09]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Rechercher sur le Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
LSP: c:\windows\system32\HMIPCore.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\ssesion\Application Data\Mozilla\Firefox\Profiles\n5l7aomg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig|http://du110w.dub110.mail.live.com/default.aspx#fid=1&n=357179671
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-08 16:58
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(1472)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\avldr.dll
.
- - - - - - - > 'lsass.exe'(1528)
c:\windows\system32\HMIPCore.dll
.
Heure de fin: 2012-04-08 17:00:38
ComboFix-quarantined-files.txt 2012-04-08 15:00
ComboFix2.txt 2012-04-08 07:54
.
Avant-CF: 36,027,568,128 octets libres
Après-CF: 36,021,800,960 octets libres
.
- - End Of File - - 81A336DD88BE3210DD9290BF4CA50AFB

Farbar log:
Farbar Service Scanner Version: 01-03-2012
Ran by ssesion (administrator) on 08-04-2012 at 17:53:36
Running from "C:\Documents and Settings\ssesion\Mes documents\Téléchargements"
Microsoft Windows XP Professionnel Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2006-09-15 14:23] - [2009-04-20 19:18] - 0045568 ____A (Microsoft Corporation) 1A1E59377FB6CACD711CC5073C4A7D79

C:\WINDOWS\system32\ipnathlp.dll
[2006-09-15 14:23] - [2008-04-13 21:33] - 0332800 ____A (Microsoft Corporation) F4CE708A7D17A625DE6C0FD746D50E88

C:\WINDOWS\system32\netman.dll
[2006-09-15 14:24] - [2008-04-13 21:33] - 0198144 ____A (Microsoft Corporation) BE0CB143FA427D93440DED18DB8C918B

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2006-09-15 14:35] - [2008-04-13 21:33] - 0145408 ____A (Microsoft Corporation) 5E9DEAE9980FF34BCD6DDE2E9E2BF911

C:\WINDOWS\system32\srsvc.dll
[2006-09-15 14:38] - [2008-04-13 21:33] - 0171520 ____A (Microsoft Corporation) 6ED29124A1C83BD0CF6B26BD01CA6F6F

C:\WINDOWS\system32\Drivers\sr.sys
[2006-09-15 14:38] - [2008-04-13 21:10] - 0073600 ____A (Microsoft Corporation) 39626E6DC1FB39434EC40C42722B660A

C:\WINDOWS\system32\wscsvc.dll
[2006-09-15 14:24] - [2008-04-13 21:33] - 0080896 ____A (Microsoft Corporation) C1FD85DB4A80A98D60ECB7A828E77FE0

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2006-09-15 14:35] - [2008-04-13 21:33] - 0145408 ____A (Microsoft Corporation) 5E9DEAE9980FF34BCD6DDE2E9E2BF911

C:\WINDOWS\system32\wuauserv.dll
[2006-09-15 14:38] - [2008-04-13 21:33] - 0006656 ____A (Microsoft Corporation) 75D6C5C3D2C93B1F9931E5DFB693AE2A

C:\WINDOWS\system32\qmgr.dll
[2006-09-15 14:38] - [2008-04-13 21:33] - 0409088 ____A (Microsoft Corporation) BAA0B6E647C1AD593E9BAE5CC31BCFFB

C:\WINDOWS\system32\es.dll
[2006-09-15 14:23] - [2008-07-07 22:28] - 0253952 ____A (Microsoft Corporation) EC16AE9B37EACF871629227A3F3913FD

C:\WINDOWS\system32\cryptsvc.dll
[2006-09-15 14:23] - [2008-04-13 21:33] - 0062464 ____A (Microsoft Corporation) 7A6D0B71035E123FDDA2156A25578AD3

C:\WINDOWS\system32\svchost.exe
[2006-09-15 14:24] - [2008-04-13 21:34] - 0014336 ____A (Microsoft Corporation) E4BDF223CD75478BF44567B4D5C2634D

C:\WINDOWS\system32\rpcss.dll
[2006-09-15 14:24] - [2009-02-09 12:53] - 0401408 ____A (Microsoft Corporation) 0203B1AAD358F206CB0A3C1F93CCE17A

C:\WINDOWS\system32\services.exe
[2006-09-15 14:24] - [2009-02-09 13:23] - 0111104 ____A (Microsoft Corporation) C3FB1D70CB88722267949694BA51759E

Extra List:
=======
AegisP(9) Gpc(6) IPSec(4) NetBT(5) NETFLTDI(12) NETIMFLT01060044(10) PSched(7) s24trans(8) Tcpip(3)
0x0B000000040000000100000002000000030000000C00000005000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

malwarekiller · Apr 9, 2012

Hi that looks good....what are your current problems??

farbar indicates system restore is working.

sushi-33 · Apr 9, 2012

Hi there.
Everything works properly apart from the system restore and Panda Internet Security 2012. It is impossible to run a system restore and when I ask to deactivate it (to reactivate it afterwards), it asks me to re-start the computer. Panda is still unable to perform a complete scan, it stops at 6% when it comes to analyse c:\windows\system32\imm32.dll.
These are not hue problems but I am a bit worried if I can't use my antivirus anymore and do any system restore in the future.
Thanks for your help.

malwarekiller · Apr 9, 2012

Hi lets purge your system restore problem....

Open System by clicking the Start button , right-clicking Computer, and then clicking Properties.

In the left pane, click System protection. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Under Protection Settings, click Configure.

Under Disk Space Usage, click Delete.

Click Continue, and then click OK.

Next i wouldnt recommend Panda as it has significant weakness....

Use the uninstaller tool from here to remove panda...it can be found here:
http://singularlabs.com/uninstallers/security-software/

I recommend u avast free u can download and install it from here:
www.avast.com

sushi-33 · Apr 9, 2012

Hello
I can't find "System protection" in the computer properties. Is there another way to access the directory?
Thank you.

malwarekiller · Apr 9, 2012

hi right click on my computer

select system properties

go to system restore tab

and select to turn off system restore

Restart the system and re-enable system restore now.

Also please open malwarebytes move towards the logs tab and attach the latest scan log.I need your help since we need to pass on the sample of this malware to the AV companies

sushi-33 · Apr 12, 2012

Hello. I am unable to turn off the system restore (it tells me that it is impossible and that I have to restart the computer).
I will change my antivirus and download Avast.

Here is the malwarebytes log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Version de la base de données: v2012.04.01.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
ssesion :: YOUR-6FBB7B0EF0 [administrateur]

01/04/2012 11:35:47
mbam-log-2012-04-01 (11-35-47).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 208863
Temps écoulé: 27 minute(s), 26 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 2
C:\Documents and Settings\All Users\Application Data\7eX4mCqbkAFOsL.exe (Backdoor.Agent.RCGen) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\All Users\Application Data\IIGbnWFekoXJVBa.exe (Rogue.FakeHDD) -> Mis en quarantaine et supprimé avec succès.

(fin)

malwarekiller · Apr 12, 2012

OK...can u go to quarantine tab of malwarebytes and copy the 2 files in your quarantine to your desktop

Zip them and upload them to www.mediafire.com and post the sharing link.

malwarekiller · Apr 12, 2012

Go to Start -> Run and enter gpedit.msc in the Open box. Click OK.
In the Group Policy console, navigate to the following location.

Computer Configuration -> Administrative Template -> System -> System Restore

In the right hand pane, right click on Turn off Configuration and select
Properties from the menu.
Change the setting to Not Configured.
Click OK.
Check the status of System Restore.

If that doesn't fix the problem run the Registry Editor (Start -> Run ->
regedit.exe) and check the following registry key.

HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore

Look in the right hand pane for a value named DisableConfig. Delete it if it's
present. Check System Restore on the System properties sheet.

Search

Problems following infection with SMART_HDD

sushi-33

New Member

malwarekiller

New Member

sushi-33

New Member

malwarekiller

New Member

sushi-33

New Member

malwarekiller

New Member

sushi-33

New Member

malwarekiller

New Member

sushi-33

New Member

malwarekiller

New Member

sushi-33

New Member

malwarekiller

New Member

malwarekiller

New Member

Similar threads