Trojan Vondo and win32

View previous topic View next topic Go down

Trojan Vondo and win32

Post by premiums on 10th June 2009, 3:03 am

Hello guys I have trojan vondo and win32 on my pc and here is my hjack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:01:19, on 2009-06-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Swift To-Do List\Swift To-Do List.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\ICQ6\ICQ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {165fe1c2-eb4b-444d-b628-da692ad4870e} - c:\windows\system32\insykyn.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SwiftToDoList] "C:\Program Files\Swift To-Do List\Swift To-Do List.exe" minimized
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Administrateur\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [un3s3dvobnvm71l0snkozs15f3iznxnk7vlhu3vdj7fls1pp] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\l5junkzewa.exe
O4 - HKCU\..\Run: [fn3ejs5f9ja3urz0zne] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iqb7znfzy7nnr.exe
O4 - HKCU\..\Run: [hw68a5wvpw3hli2nydq45hvx8nva071mufdx] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nah02hmx28.exe
O4 - HKCU\..\Run: [g6svv30hk2pj9aoux] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\x7lehl0unn.exe
O4 - HKCU\..\Run: [k7hwqzno79ex3zqbdqlh3y2hn55awt7s1n3] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iux1htk.exe
O4 - HKCU\..\Run: [yrqbmh15py6ueq8osqyo6l3noi0cf80tc7zcls0tkvuu] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rvy6fq3cc83.exe
O4 - HKCU\..\Run: [ocgpxpbgd] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bl1d0isiksg.exe
O4 - HKCU\..\Run: [x6vfol74gvv63hza2p72u4v9j5ju1m2] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zi92xkl.exe
O4 - HKCU\..\Run: [mwme9w7azpnyutu3thjttzzqbog] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsqagw.exe
O4 - HKCU\..\Run: [vq0hxvrgpgmi1] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sytnx3twp7fe.exe
O4 - HKCU\..\Run: [ed8xy1wc1mme1022jd5v57ly4j9sdpnmws0zdn385e] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zxj8gf685j.exe
O4 - HKCU\..\Run: [dg0rjo9hmqu8d8a7gtigoehpxig85uwaer7g] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jbxdl6tn7.exe
O4 - HKCU\..\Run: [uw5cr0p7kmksjux] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\u84wbhjdhjknn.exe
O4 - HKCU\..\Run: [qxqn7w603vgvmbllktdu6v5yfysn] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qjyv828y8.exe
O4 - HKCU\..\Run: [zsveuttn0s01qnfm4y1lpi8wtnhghufoffz] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qpem3en4ko.exe
O4 - HKCU\..\Run: [slcczpqipyhy6wwrc3q28cntid] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gskyciwv.exe
O4 - HKCU\..\Run: [oa7ag299pgjtzmo3b7zj9u0bqy2c58h68qedaf7wk] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zfwgj47xb.exe
O4 - HKCU\..\Run: [bmx3vcsh19vc883d1en35nv7u] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\irwul7nzh0ig.exe
O4 - HKCU\..\Run: [qqiukgpwvuzrsfbaimc9tho2ngmrhp64apd] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pjiy8f.exe
O4 - HKCU\..\Run: [lrc6dlphl8j1cyjiofay53bi1cu] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\n9f6lic6tsu.exe
O4 - HKCU\..\Run: [sxpzx6ymeps0t49pg57wr2703hxst1q4d0fzxm5cndcbndn] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\payj8bee.exe
O4 - HKCU\..\Run: [o77ew946qq92caps6vw5svbps243a49o0y] C:\WINDOWS\TEMP\okw9wp6.exe
O4 - HKCU\..\Run: [dp24p3fnil2y8aiwq8hvrwwr6f9xydy4wd6qx6oel94g6b] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\f133bynin.exe
O4 - HKCU\..\Run: [nhn56u21iemrek7tb6awjfc8eh01n] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fmeg61kmp95n.exe
O4 - HKCU\..\Run: [rvvkixr2tu96bc1ltc7hrzowzx] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nfgl1ivi98.exe
O4 - HKCU\..\Run: [wguzaczkw6ryern] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\x2m16buewq.exe
O4 - HKCU\..\Run: [zxxahkgc2d3] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\t3cduzh.exe
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Administrateur] C:\Documents and Settings\Administrateur\Administrateur.exe /i
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

premiums
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-06-06
OS OS : XP SP2
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by premiums on 10th June 2009, 3:03 am

O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {ca11eb7c-1c85-4577-8a49-9e28efb30184} (UMediaPlayer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: bvrxmh.dll hxdfxg.dll ,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: bagqxwbs - C:\WINDOWS\SYSTEM32\insykyn.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Système d'événements de COM+ EventSystemwampapache (eventsystemwampapache) - Unknown owner - C:\WINDOWS\system32\1037x.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.10\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe

--
End of file - 15300 bytes

premiums
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-06-06
OS OS : XP SP2
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by Belahzur on 10th June 2009, 2:14 pm

Hello.

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Please make sure Teatimer is disable before we do this, otherwise this fix will fail.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {165fe1c2-eb4b-444d-b628-da692ad4870e} - c:\windows\system32\insykyn.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Administrateur\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [un3s3dvobnvm71l0snkozs15f3iznxnk7vlhu3vdj7fls1pp] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\l5junkzewa.exe
    O4 - HKCU\..\Run: [fn3ejs5f9ja3urz0zne] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iqb7znfzy7nnr.exe
    O4 - HKCU\..\Run: [hw68a5wvpw3hli2nydq45hvx8nva071mufdx] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nah02hmx28.exe
    O4 - HKCU\..\Run: [g6svv30hk2pj9aoux] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\x7lehl0unn.exe
    O4 - HKCU\..\Run: [k7hwqzno79ex3zqbdqlh3y2hn55awt7s1n3] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iux1htk.exe
    O4 - HKCU\..\Run: [yrqbmh15py6ueq8osqyo6l3noi0cf80tc7zcls0tkvuu] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rvy6fq3cc83.exe
    O4 - HKCU\..\Run: [ocgpxpbgd] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bl1d0isiksg.exe
    O4 - HKCU\..\Run: [x6vfol74gvv63hza2p72u4v9j5ju1m2] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zi92xkl.exe
    O4 - HKCU\..\Run: [mwme9w7azpnyutu3thjttzzqbog] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsqagw.exe
    O4 - HKCU\..\Run: [vq0hxvrgpgmi1] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sytnx3twp7fe.exe
    O4 - HKCU\..\Run: [ed8xy1wc1mme1022jd5v57ly4j9sdpnmws0zdn385e] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zxj8gf685j.exe
    O4 - HKCU\..\Run: [dg0rjo9hmqu8d8a7gtigoehpxig85uwaer7g] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jbxdl6tn7.exe
    O4 - HKCU\..\Run: [uw5cr0p7kmksjux] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\u84wbhjdhjknn.exe
    O4 - HKCU\..\Run: [qxqn7w603vgvmbllktdu6v5yfysn] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qjyv828y8.exe
    O4 - HKCU\..\Run: [zsveuttn0s01qnfm4y1lpi8wtnhghufoffz] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qpem3en4ko.exe
    O4 - HKCU\..\Run: [slcczpqipyhy6wwrc3q28cntid] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gskyciwv.exe
    O4 - HKCU\..\Run: [oa7ag299pgjtzmo3b7zj9u0bqy2c58h68qedaf7wk] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zfwgj47xb.exe
    O4 - HKCU\..\Run: [bmx3vcsh19vc883d1en35nv7u] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\irwul7nzh0ig.exe
    O4 - HKCU\..\Run: [qqiukgpwvuzrsfbaimc9tho2ngmrhp64apd] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pjiy8f.exe
    O4 - HKCU\..\Run: [lrc6dlphl8j1cyjiofay53bi1cu] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\n9f6lic6tsu.exe
    O4 - HKCU\..\Run: [sxpzx6ymeps0t49pg57wr2703hxst1q4d0fzxm5cndcbndn] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\payj8bee.exe
    O4 - HKCU\..\Run: [o77ew946qq92caps6vw5svbps243a49o0y] C:\WINDOWS\TEMP\okw9wp6.exe
    O4 - HKCU\..\Run: [dp24p3fnil2y8aiwq8hvrwwr6f9xydy4wd6qx6oel94g6b] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\f133bynin.exe
    O4 - HKCU\..\Run: [nhn56u21iemrek7tb6awjfc8eh01n] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fmeg61kmp95n.exe
    O4 - HKCU\..\Run: [rvvkixr2tu96bc1ltc7hrzowzx] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nfgl1ivi98.exe
    O4 - HKCU\..\Run: [wguzaczkw6ryern] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\x2m16buewq.exe
    O4 - HKCU\..\Run: [zxxahkgc2d3] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\t3cduzh.exe
    O20 - AppInit_DLLs: bvrxmh.dll hxdfxg.dll ,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O20 - Winlogon Notify: bagqxwbs - C:\WINDOWS\SYSTEM32\insykyn.dll
    O23 - Service: Système d'événements de COM+ EventSystemwampapache (eventsystemwampapache) - Unknown owner - C:\WINDOWS\system32\1037x.exe (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by premiums on 10th June 2009, 3:06 pm

here is the log
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1827
Windows 5.1.2600 Service Pack 2

2009-06-10 10:58:09
mbam-log-2009-06-10 (10-58-09).txt

Type de recherche: Examen rapide
Eléments examinés: 83405
Temps écoulé: 12 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{165fe1c2-eb4b-444d-b628-da692ad4870e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\bagqxwbs (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{165fe1c2-eb4b-444d-b628-da692ad4870e} (Trojan.Vundo.H) -> Delete on reboot.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\insykyn.dll (Trojan.Vundo.H) -> Delete on reboot.

premiums
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-06-06
OS OS : XP SP2
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by Belahzur on 10th June 2009, 3:13 pm

You have an ancient version of MBAM.
Please re-download it via my link in my post so you have the most updated version.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by premiums on 10th June 2009, 3:30 pm

here is the new one
Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2182
Windows 5.1.2600 Service Pack 2

2009-06-10 11:29:27
mbam-log-2009-06-10 (11-29-26).txt

Type de recherche: Examen rapide
Eléments examinés: 99359
Temps écoulé: 11 minute(s), 50 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 50
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 8
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{165fe1c2-eb4b-444d-b628-da692ad4870e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\bagqxwbs (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{165fe1c2-eb4b-444d-b628-da692ad4870e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\TypeLib\{61ddcb65-ffa8-42ee-9ab9-88ec8184120c} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a4ab5d2e-ceae-4dd2-b99f-c9508575adc7} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1be669b7-d464-438a-94a7-7fda6c47ba47} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati64si (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\port135sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\WINDOWS\system32\memman.vxd (Rogue.SysCleanerPro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\skinboxer43.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: runswme2.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Trojan.JSRedir.H) -> Bad: (C:\WINDOWS\system32\..\jqfa.njk) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\insykyn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\runswme2.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\jqfa.njk (Trojan.JSRedir.H) -> Quarantined and deleted successfully.
c:\WINDOWS\pkoyhm.jls (Trojan.Gumblar) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\memman.vxd (Rogue.SysCleanerPro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\skinboxer43.dll (Trojan.Agent) -> Quarantined and deleted successfully.

premiums
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-06-06
OS OS : XP SP2
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by Belahzur on 10th June 2009, 3:37 pm

Before we can deal with the rest, a few things need to go.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by premiums on 10th June 2009, 3:40 pm

Voila

Ad-Aware
Ad-Aware
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Download Manager 2.0 (Supprimer uniquement)
Adobe Dreamweaver CS3
Adobe Dreamweaver CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos 1.0
Advanced USB Port Monitor
AIM 6
AMP Font Viewer
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AutoCAD R14.0
AVI/MPEG/RM/WMV Splitter 4.28
AXIS Media Control Embedded
Boilsoft Video Splitter 5.01
Bonjour
CloneCD
CodeCharge Studio 4
Correctif Windows XP - KB873333
Correctif Windows XP - KB873339
Correctif Windows XP - KB885250
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB885884
Correctif Windows XP - KB886185
Correctif Windows XP - KB887742
Correctif Windows XP - KB888113
Correctif Windows XP - KB888302
Correctif Windows XP - KB890859
Correctif Windows XP - KB891781
Correctif Windows XP - KB893086
CSS Tab Designer v2.0
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
EasyPHP 2.0b1
FeedForAll v1.0
FileZilla Client 3.0.3
FlashGet(JetCar)
Google Earth
Google Talk (remove only)
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
ICQ
ICQ6
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Kaspersky Internet Security 2009
Kaspersky Internet Security 2009
K-Lite Mega Codec Pack 1.64
Lecteur Windows Media 11
Linking The Web 2.0
Macromedia Dreamweaver 4
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia Flash MX 2004
MailBoy 2004
Malwarebytes' Anti-Malware
Media Wizard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Standard
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Windows XP (KB890046)
Mise à jour de sécurité pour Windows XP (KB893066)
Mise à jour de sécurité pour Windows XP (KB893756)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896422)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896424)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour de sécurité pour Windows XP (KB896688)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899588)
Mise à jour de sécurité pour Windows XP (KB899589)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB904706)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB905915)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour de sécurité pour Windows XP (KB908531)
Mise à jour de sécurité pour Windows XP (KB911562)
Mise à jour de sécurité pour Windows XP (KB911567)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB912812)
Mise à jour de sécurité pour Windows XP (KB912919)
Mise à jour de sécurité pour Windows XP (KB913446)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour de sécurité pour Windows XP (KB914388)
Mise à jour de sécurité pour Windows XP (KB914389)
Mise à jour de sécurité pour Windows XP (KB916281)
Mise à jour de sécurité pour Windows XP (KB917159)
Mise à jour de sécurité pour Windows XP (KB917344)
Mise à jour de sécurité pour Windows XP (KB917422)
Mise à jour de sécurité pour Windows XP (KB917953)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB918439)
Mise à jour de sécurité pour Windows XP (KB918899)
Mise à jour de sécurité pour Windows XP (KB919007)
Mise à jour de sécurité pour Windows XP (KB920213)
Mise à jour de sécurité pour Windows XP (KB920214)
Mise à jour de sécurité pour Windows XP (KB920670)
Mise à jour de sécurité pour Windows XP (KB920683)
Mise à jour de sécurité pour Windows XP (KB920685)
Mise à jour de sécurité pour Windows XP (KB921398)
Mise à jour de sécurité pour Windows XP (KB921883)
Mise à jour de sécurité pour Windows XP (KB922616)
Mise à jour de sécurité pour Windows XP (KB922760)
Mise à jour de sécurité pour Windows XP (KB922819)
Mise à jour de sécurité pour Windows XP (KB923191)
Mise à jour de sécurité pour Windows XP (KB923414)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB923694)
Mise à jour de sécurité pour Windows XP (KB923980)
Mise à jour de sécurité pour Windows XP (KB924191)
Mise à jour de sécurité pour Windows XP (KB924270)
Mise à jour de sécurité pour Windows XP (KB924496)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Windows XP (KB925454)
Mise à jour de sécurité pour Windows XP (KB925486)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926255)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour de sécurité pour Windows XP (KB928090)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB929969)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour pour Windows XP (KB894391)
Mise à jour pour Windows XP (KB896727)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB900485)
Mise à jour pour Windows XP (KB910437)
Mise à jour pour Windows XP (KB911280)
Mise à jour pour Windows XP (KB916595)
Mise à jour pour Windows XP (KB920872)
Mise à jour pour Windows XP (KB922582)
Mise à jour pour Windows XP (KB929338)
Mise à jour pour Windows XP (KB931836)
Mozilla Firefox (3.0.10)
Natural Color
NDAS Software 3.20.1523
Nero 7 Demo
NetBeans IDE 6.5
OpenOffice.org Installer 1.0
Paint Shop Pro 7 Evaluation
Personal Stock Streamer
PHP DESIGNER 2006 - BETA 4.0.5
POP3 Scan Mailbox
PuTTY version 0.58
QuickTime
RadioPirate Player 1.0
RealPlayer
Skype™ 3.8
Sothink DHTMLMenu
Sothink SWF Decompiler
SoundMAX
Spybot - Search & Destroy
Swift To-Do List 6.99
SWiSHmax
TeamSpeak 2 RC2
Tetris Revolution
The KMPlayer (remove only)
UltraEdit-32
Van Dyke Technologies SecureCRT 3.4
Video Edit Magic 4.14
VideoLAN VLC media player 0.8.6
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VIGOS Gsitemap 0.97a
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WampServer 2.0
Winamp (remove only)
WinAVI Video Converter
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 2
WinRAR archiver
WinZip
Yahoo! Messenger
Zend SafeGuard

premiums
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-06-06
OS OS : XP SP2
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by Belahzur on 10th June 2009, 3:43 pm

Hello.

You are running two antivirus', I see from the uninstall list you have NOD32 installed, along with Kaspersky. This is a bad idea as they can conflict and cause more problems. I would recommend that you remove Kaspersky to avoid conflict and other future problems.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 3
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 13
    Java(TM) 6 Update 7
    Kaspersky Internet Security 2009
    Kaspersky Internet Security 2009
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player

Next,

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV. (NOD32)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by premiums on 10th June 2009, 3:46 pm

Hello

I don`t have nod32 anymore. I have bought Kaspersky few days ago and I want to keep this one. So how I can remove nod32 because I don't see it in
Start > Control Panel > Add/Remove Programs

Thank again for your quick support

premiums
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-06-06
OS OS : XP SP2
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by premiums on 10th June 2009, 3:53 pm

I mean how I can remove nod32 from my system if he is not here Start > Control Panel > Add/Remove Programs ?

premiums
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-06-06
OS OS : XP SP2
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by Belahzur on 10th June 2009, 4:04 pm

Ah.

Completely Uninstall NOD32 Software

Download the [You must be registered and logged in to see this link.]

Nod32 Removal tool is developed by Nod32 Netherlands so it is available only in the Dutch language.

To remove your NOD32 software double-click on nod32removal.exe, select Yes, and wait for confirmation to completely remove Nod32 antivirus software from your computer.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by premiums on 10th June 2009, 4:59 pm

ComboFix 09-06-09.06 - Administrateur 2009-06-10 12:39.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.655 [GMT -4:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur\Local Settings\Temporary Internet Files\behegavyge.sys
c:\documents and settings\Administrateur\Local Settings\Temporary Internet Files\gavyjev.reg
c:\documents and settings\Administrateur\Local Settings\Temporary Internet Files\MF9729ED.gif
c:\documents and settings\Administrateur\Local Settings\Temporary Internet Files\novab.dl
c:\documents and settings\Administrateur\Local Settings\Temporary Internet Files\qytidemyxo.reg
c:\documents and settings\Administrateur\Local Settings\Temporary Internet Files\rudona.dll
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\iwohwhmv.sys
c:\windows\system32\Drivers\ppnopp.sys
c:\windows\system32\drivers\ydlkfaic.sys
c:\windows\system32\insykyn.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\v5
c:\windows\system32\vxjlway.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPI32
-------\Legacy_ATI64SI
-------\Legacy_eventsystemwampapache
-------\Legacy_FIPS32CUP
-------\Legacy_I386SI
-------\Legacy_KSI32SK
-------\Legacy_NETSIK
-------\Legacy_NICSK32
-------\Legacy_PORT135SIK
-------\Legacy_securentm
-------\Legacy_SYSTEMNTMI
-------\Legacy_TDSSSERV.SYS
-------\Legacy_WS2_32SIK
-------\Legacy_ydlkfaic
-------\Service_eventsystemwampapache
-------\Service_TDSSserv.sys
-------\Service_ydlkfaic


((((((((((((((((((((((((((((( Fichiers créés du 2009-05-10 au 2009-06-10 ))))))))))))))))))))))))))))))))))))
.

2009-06-10 13:21 . 2009-06-10 13:21 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2009-06-10 13:21 . 2009-06-10 13:21 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-06-10 13:21 . 2009-06-10 13:21 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-06-10 13:21 . 2009-06-10 13:21 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-06-10 13:21 . 2009-06-10 13:21 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-06-10 13:21 . 2009-06-10 13:21 294240 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-06-10 13:21 . 2009-06-10 13:21 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-06-10 13:21 . 2009-06-10 13:21 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-06-10 13:21 . 2009-06-10 13:21 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-06-10 13:21 . 2009-06-10 13:21 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-06-10 13:21 . 2009-06-10 13:21 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-06-10 13:20 . 2009-06-10 13:20 540536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-06-10 13:20 . 2009-06-10 13:20 559464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-06-10 13:20 . 2009-06-10 13:20 2352456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-06-10 13:20 . 2009-06-10 13:20 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-06-10 13:20 . 2009-06-10 13:20 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-06-10 13:20 . 2009-06-10 13:20 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-06-10 03:01 . 2009-06-10 03:01 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 16:47 . 2008-12-29 01:19 -------- d-----w- c:\program files\Swift To-Do List
2009-06-10 16:47 . 2009-04-22 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-10 16:45 . 2009-04-22 20:15 96012 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-10 16:45 . 2009-04-22 20:15 925728 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-10 16:45 . 2009-04-22 20:15 5292 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-10 16:45 . 2009-04-22 20:15 12017184 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-10 16:20 . 2006-01-03 01:28 -------- d-----w- c:\program files\Java
2009-06-10 15:34 . 2005-09-17 04:28 107992 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 15:15 . 2008-10-17 12:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 12:05 . 2005-09-22 17:27 -------- d-----w- c:\program files\PSM
2009-06-09 21:28 . 2009-04-22 20:15 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-09 21:28 . 2009-04-22 20:15 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-09 20:45 . 2006-01-03 01:27 -------- d-----w- c:\program files\LimeWire
2009-06-09 20:18 . 2002-09-07 00:00 48616 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-09 20:18 . 2002-09-07 00:00 367658 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-26 17:20 . 2008-10-17 12:54 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 17:19 . 2008-10-17 12:54 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-27 14:57 . 2005-12-26 15:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-27 14:57 . 2005-12-26 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-26 22:16 . 2009-04-26 22:16 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-04-22 21:05 . 2009-04-22 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-22 20:15 . 2009-04-22 20:15 -------- d-----w- c:\program files\Kaspersky Lab
2009-04-22 20:08 . 2005-09-17 04:51 -------- d-----w- c:\program files\Symantec AntiVirus
2009-04-22 20:07 . 2005-09-17 04:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-04-22 17:29 . 2009-04-22 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-04-21 21:38 . 2009-04-21 21:38 -------- d-----w- c:\program files\Alwil Software
2009-04-21 17:03 . 2009-04-21 17:03 -------- d-----w- c:\program files\AVG
2009-04-21 16:47 . 2005-11-09 17:47 -------- d-----w- c:\documents and settings\Administrateur\Application Data\AdobeUM
2009-04-21 16:27 . 2009-04-21 16:27 451076 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\ThreatWork\Submit\uninstall.exe
2009-04-21 16:27 . 2009-04-21 16:27 129028 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\ThreatWork\Submit\hxdfxg.dll
2009-04-21 16:27 . 2009-04-21 16:27 129028 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\ThreatWork\Submit\bvrxmh.dll
2009-04-21 15:47 . 2009-04-20 13:08 32 --s-a-w- c:\windows\system32\1552107411.dat
2009-04-21 15:13 . 2009-04-21 15:13 127 ----a-w- c:\windows\~alitb98.bat
2009-04-21 15:13 . 2007-01-08 16:33 -------- d-----w- c:\program files\TextBridge Classic 2.0
2009-04-21 15:10 . 2007-03-22 22:06 -------- d-----w- c:\program files\HTMLPad 2006
2009-04-21 14:35 . 2009-04-21 14:59 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-04-21 14:35 . 2009-04-21 14:35 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-21 14:35 . 2009-04-21 14:35 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-04-21 14:32 . 2009-04-21 14:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-21 14:31 . 2006-05-31 00:07 -------- d-----w- c:\program files\Lavasoft
2009-04-17 21:47 . 2008-11-14 16:08 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Skype
2009-04-17 20:04 . 2008-11-14 16:11 -------- d-----w- c:\documents and settings\Administrateur\Application Data\skypePM
2009-03-31 16:09 . 2009-03-31 16:09 152576 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2008-10-16 20:17 . 2008-10-16 20:17 14887 ----a-w- c:\program files\Fichiers communs\ynobugagiv.dat
2008-10-16 20:07 . 2008-10-16 20:07 19964 ----a-w- c:\program files\Fichiers communs\apoty.exe
2008-10-16 20:07 . 2008-10-16 20:07 18603 ----a-w- c:\program files\Fichiers communs\acetekoxum.bin
2008-10-16 20:07 . 2008-10-16 20:07 15827 ----a-w- c:\program files\Fichiers communs\axoz.com
2008-10-16 20:07 . 2008-10-16 20:07 18225 ----a-w- c:\program files\Fichiers communs\ikypetufec.exe
2008-10-16 20:07 . 2008-10-16 20:07 16000 ----a-w- c:\program files\Fichiers communs\idax.bin
2008-01-24 19:30 . 2008-01-24 19:30 36382550 ----a-w- c:\program files\ICQ.zip
2005-09-17 11:45 . 2005-09-17 11:45 1395 --sha-w- c:\windows\rreg32.dll
2005-09-17 11:45 . 2005-09-17 11:45 1414 --sha-w- c:\windows\utapi32.dll
2007-08-19 19:58 . 2007-08-19 19:58 80 --sh--r- c:\windows\system32\C5E7F98446.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

premiums
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-06-06
OS OS : XP SP2
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by premiums on 10th June 2009, 4:59 pm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-11-24 94208]
"SwiftToDoList"="c:\program files\Swift To-Do List\Swift To-Do List.exe" [2008-11-02 1474560]
"ICQ"="c:\progra~1\ICQ6\ICQ.exe" [2008-09-01 173304]
"Google Update"="c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2001-12-06 45056]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-10 518488]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2007-07-05 206088]
"nerofiltercheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ituneshelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lavasoft ad-aware service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"f:\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\1138221311\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\1138221311\\ee\\aim6.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\Administrateur\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"36278:TCP"= 36278:TCP:PORT_36278
"44036:TCP"= 44036:TCP:PORT_44036
"32292:TCP"= 32292:TCP:PORT_32292

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-04-21 64160]
R0 lfsfilt;Lean File Sharing;c:\windows\system32\drivers\lfsfilt.sys [2008-01-07 254440]
R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2007-06-29 62056]
R1 ndasfat;NDAS FAT;c:\windows\system32\drivers\ndasfat.sys [2008-01-07 372584]
R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 1005904]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2007-06-29 75880]
S1 dc87347f;dc87347f;c:\windows\system32\drivers\dc87347f.sys --> c:\windows\system32\drivers\dc87347f.sys [?]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - YDLKFAIC
*Deregistered* - ydlkfaic

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
jartrogv
.
Contenu du dossier 'Tâches planifiées'

2009-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 13:20]

2009-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1500820517-682003330-500.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:10]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Administrateur - c:\documents and settings\Administrateur\Administrateur.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-ViewMgr - c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
Notify-NavLogon - (no file)


.
------- Examen supplémentaire -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Subscribe this RSS Channel
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
IE: Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Télécharger tout avec FlashGet - c:\program files\FlashGet\jc_all.htm
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {ca11eb7c-1c85-4577-8a49-9e28efb30184} - [You must be registered and logged in to see this link.]
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\sgfbxw02.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-10 12:47
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3516)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\NDAS\System\ndassvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-06-10 12:56 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-10 16:56

Avant-CF: 859 766 784 octets libres
Après-CF: 1 210 056 704 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

278

premiums
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-06-06
OS OS : XP SP2
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by Belahzur on 10th June 2009, 5:36 pm

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
ekrn
dc87347f
YDLKFAIC

File::
c:\windows\system32\1552107411.dat
c:\windows\~alitb98.bat
c:\program files\Fichiers communs\ynobugagiv.dat
c:\program files\Fichiers communs\apoty.exe
c:\program files\Fichiers communs\acetekoxum.bin
c:\program files\Fichiers communs\axoz.com
c:\program files\Fichiers communs\ikypetufec.exe
c:\program files\Fichiers communs\idax.bin

Folder::
c:\program files\LimeWire
c:\documents and settings\All Users\Application Data\ESET
c:\documents and settings\All Users\Application Data\Symantec
c:\program files\Alwil Software
c:\program files\AVG
c:\program files\ESET

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"36278:TCP"=-
"44036:TCP"=-
"32292:TCP"=-

NetSvc::
jartrogv

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by premiums on 10th June 2009, 5:43 pm

Any tip for the drag and drop? when I drag the file in combofix it just move away in the desktop

premiums
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-06-06
OS OS : XP SP2
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by Belahzur on 10th June 2009, 5:56 pm

Hello.
Make sure you get it right in the middle of Combofix, or try this.

Goto Start > Run. In the run box, copy and paste this in exactly as seen, do not alter it in anyway.

cfscript.txt "c:\documents and settings\Administrateur\Bureau\ComboFix.exe"

Hit enter.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by premiums on 10th June 2009, 6:11 pm

I have put cfscript.txt "c:\documents and settings\Administrateur\Bureau\ComboFix.exe" but it say that cfscript.txt can't be found...and it is really named like that cfscript.txt in my Bureau

premiums
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-06-06
OS OS : XP SP2
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by Belahzur on 10th June 2009, 6:17 pm

Lets try this. Do the run command on this new command below:

"%userprofile%\Desktop\cfscript.txt" "%userprofile%\Desktop\ComboFix.exe"


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by premiums on 10th June 2009, 6:23 pm

Hi again sir

Look here C:\Documents and Settings\Administrateur\Bureau this is my real path this one "%userprofile%\Desktop\cfscript.txt" "%userprofile%\Desktop\ComboFix.exe" is not found too. Any others suggestion?

premiums
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-06-06
OS OS : XP SP2
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by premiums on 10th June 2009, 6:56 pm

Ok I found the good path this is
c:/Documents and Settings/Administrateur/Bureau/cfscript.txt

but if I put c:/Documents and Settings/Administrateur/Bureau/cfscript.txt "c:/Documents and Settings/Administrateur/Bureau/ComboFix.exe"

It dosen't work to put the cfscript into combofix

premiums
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-06-06
OS OS : XP SP2
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by premiums on 10th June 2009, 7:46 pm

Hey I found a way to open the file with combofix I just did open with and choose the program combofix Smile here is my log

ComboFix 09-06-09.06 - Administrateur 2009-06-10 15:23.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.538 [GMT -4:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\Combo-Fix.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\cfscript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\program files\Fichiers communs\acetekoxum.bin"
"c:\program files\Fichiers communs\apoty.exe"
"c:\program files\Fichiers communs\axoz.com"
"c:\program files\Fichiers communs\idax.bin"
"c:\program files\Fichiers communs\ikypetufec.exe"
"c:\program files\Fichiers communs\ynobugagiv.dat"
"c:\windows\~alitb98.bat"
"c:\windows\system32\1552107411.dat"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\ESET
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Charon\FND0.NFI
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\EHttpSrv.xml
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\EpfwUser.dat
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\virlog.dat
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em000_32_l0.nup
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em001_32_l0.nup
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em001_32_l1.nup
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em001_32_l2.nup
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em002_32_l0.nup
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em002_32_l1.nup
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em002_32_l2.nup
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l0.nup
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em003_32_l1.nup
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em004_32_l0.nup
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em004_32_l1.nup
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em004_32_l2.nup
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l0.nup
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l1.nup
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em005_32_l2.nup
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em006_32_l0.nup
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em006_32_l1.nup
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em006_32_l2.nup
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em009_32_l0.nup
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em013_32_l0.nup
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em013_32_l1.nup
c:\documents and settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Updfiles\em013_32_l2.nup
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate
c:\program files\Alwil Software
c:\program files\Alwil Software\Avast4\Setup\setup.ini
c:\program files\AVG
c:\program files\Fichiers communs\acetekoxum.bin
c:\program files\Fichiers communs\apoty.exe
c:\program files\Fichiers communs\axoz.com
c:\program files\Fichiers communs\idax.bin
c:\program files\Fichiers communs\ikypetufec.exe
c:\program files\Fichiers communs\ynobugagiv.dat
c:\program files\LimeWire
c:\program files\LimeWire\log.txt
c:\windows\~alitb98.bat
c:\windows\system32\1552107411.dat

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EKRN
-------\Legacy_YDLKFAIC
-------\Service_dc87347f
-------\Service_ekrn


((((((((((((((((((((((((((((( Fichiers créés du 2009-05-10 au 2009-06-10 ))))))))))))))))))))))))))))))))))))
.

2009-06-10 13:21 . 2009-06-10 13:21 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2009-06-10 13:21 . 2009-06-10 13:21 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-06-10 13:21 . 2009-06-10 13:21 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-06-10 13:21 . 2009-06-10 13:21 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-06-10 13:21 . 2009-06-10 13:21 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-06-10 13:21 . 2009-06-10 13:21 294240 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-06-10 13:21 . 2009-06-10 13:21 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-06-10 13:21 . 2009-06-10 13:21 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-06-10 13:21 . 2009-06-10 13:21 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-06-10 13:21 . 2009-06-10 13:21 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-06-10 13:21 . 2009-06-10 13:21 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-06-10 13:20 . 2009-06-10 13:20 540536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-06-10 13:20 . 2009-06-10 13:20 559464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-06-10 13:20 . 2009-06-10 13:20 2352456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-06-10 13:20 . 2009-06-10 13:20 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-06-10 13:20 . 2009-06-10 13:20 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-06-10 13:20 . 2009-06-10 13:20 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-06-10 03:01 . 2009-06-10 03:01 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 19:35 . 2008-12-29 01:19 -------- d-----w- c:\program files\Swift To-Do List
2009-06-10 19:35 . 2009-04-22 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-10 19:33 . 2009-04-22 20:15 96012 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-10 19:33 . 2009-04-22 20:15 933920 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-10 19:33 . 2009-04-22 20:15 5320 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-10 19:33 . 2009-04-22 20:15 12017184 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-10 16:20 . 2006-01-03 01:28 -------- d-----w- c:\program files\Java
2009-06-10 15:34 . 2005-09-17 04:28 107992 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 15:15 . 2008-10-17 12:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 12:05 . 2005-09-22 17:27 -------- d-----w- c:\program files\PSM
2009-06-09 21:28 . 2009-04-22 20:15 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-09 21:28 . 2009-04-22 20:15 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-09 20:18 . 2002-09-07 00:00 48616 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-09 20:18 . 2002-09-07 00:00 367658 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-26 17:20 . 2008-10-17 12:54 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 17:19 . 2008-10-17 12:54 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-27 14:57 . 2005-12-26 15:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-27 14:57 . 2005-12-26 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-26 22:16 . 2009-04-26 22:16 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-04-22 21:05 . 2009-04-22 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-22 20:15 . 2009-04-22 20:15 -------- d-----w- c:\program files\Kaspersky Lab
2009-04-22 20:08 . 2005-09-17 04:51 -------- d-----w- c:\program files\Symantec AntiVirus
2009-04-21 16:47 . 2005-11-09 17:47 -------- d-----w- c:\documents and settings\Administrateur\Application Data\AdobeUM
2009-04-21 16:27 . 2009-04-21 16:27 451076 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\ThreatWork\Submit\uninstall.exe
2009-04-21 16:27 . 2009-04-21 16:27 129028 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\ThreatWork\Submit\hxdfxg.dll
2009-04-21 16:27 . 2009-04-21 16:27 129028 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\ThreatWork\Submit\bvrxmh.dll
2009-04-21 15:13 . 2007-01-08 16:33 -------- d-----w- c:\program files\TextBridge Classic 2.0
2009-04-21 15:10 . 2007-03-22 22:06 -------- d-----w- c:\program files\HTMLPad 2006
2009-04-21 14:35 . 2009-04-21 14:59 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-04-21 14:35 . 2009-04-21 14:35 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-21 14:35 . 2009-04-21 14:35 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-04-21 14:32 . 2009-04-21 14:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-21 14:31 . 2006-05-31 00:07 -------- d-----w- c:\program files\Lavasoft
2009-04-17 21:47 . 2008-11-14 16:08 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Skype
2009-04-17 20:04 . 2008-11-14 16:11 -------- d-----w- c:\documents and settings\Administrateur\Application Data\skypePM
2009-03-31 16:09 . 2009-03-31 16:09 152576 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2008-01-24 19:30 . 2008-01-24 19:30 36382550 ----a-w- c:\program files\ICQ.zip
2005-09-17 11:45 . 2005-09-17 11:45 1395 --sha-w- c:\windows\rreg32.dll
2005-09-17 11:45 . 2005-09-17 11:45 1414 --sha-w- c:\windows\utapi32.dll
2007-08-19 19:58 . 2007-08-19 19:58 80 --sh--r- c:\windows\system32\C5E7F98446.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.

premiums
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-06-06
OS OS : XP SP2
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by premiums on 10th June 2009, 7:46 pm

.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-11-24 94208]
"SwiftToDoList"="c:\program files\Swift To-Do List\Swift To-Do List.exe" [2008-11-02 1474560]
"ICQ"="c:\progra~1\ICQ6\ICQ.exe" [2008-09-01 173304]
"Google Update"="c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2001-12-06 45056]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-10 518488]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2007-07-05 206088]
"nerofiltercheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ituneshelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lavasoft ad-aware service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"f:\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\1138221311\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\1138221311\\ee\\aim6.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\Administrateur\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-04-21 64160]
R0 lfsfilt;Lean File Sharing;c:\windows\system32\drivers\lfsfilt.sys [2008-01-07 254440]
R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2007-06-29 62056]
R1 ndasfat;NDAS FAT;c:\windows\system32\drivers\ndasfat.sys [2008-01-07 372584]
R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 1005904]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2007-06-29 75880]
.
Contenu du dossier 'Tâches planifiées'

2009-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 13:20]

2009-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1500820517-682003330-500.job
- c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:10]
.
.
------- Examen supplémentaire -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Subscribe this RSS Channel
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
IE: Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Télécharger tout avec FlashGet - c:\program files\FlashGet\jc_all.htm
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {ca11eb7c-1c85-4577-8a49-9e28efb30184} - [You must be registered and logged in to see this link.]
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\sgfbxw02.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-10 15:35
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2948)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\NDAS\System\ndassvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-06-10 15:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-10 19:44
ComboFix2.txt 2009-06-10 16:56

Avant-CF: 1 238 368 256 octets libres
Après-CF: 1 218 809 856 octets libres

270

premiums
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-06-06
OS OS : XP SP2
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by Belahzur on 10th June 2009, 9:45 pm

This looks fine now.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Vondo and win32

Post by premiums on 11th June 2009, 3:03 am

This is awesome every virus and trojan are gone. Damn you guys are really nice to help people like that.

A big thank you Again

premiums
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-06-06
OS OS : XP SP2
Points Points : 27468
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum