Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Log Combofix


  • This topic is locked This topic is locked
1 reply to this topic

#1 raphaelfargeon

raphaelfargeon

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 28 May 2008 - 01:47 PM

Hello ! :thumbsup:

I notice that my text typing is slow and playing music is also slow with Windows Media Player.

I have been infected by Vitumond a month ago, but after having followed the removal instructions, I feel there is still a Malware in my computer.

This is the Combofix log :

ComboFix 08-05-27.4 - Raphael 2008-05-28 14:31:04.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1912 [GMT -4:00]
Running from: C:\Users\Raphael\Desktop\Virus\Programmes antivirus\site officiel\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\system32\MSINET.oca

----- BITS: Possible infected sites -----

hxxp://sl.tf1.fr
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-28 )))))))))))))))))))))))))))))))
.

2008-05-27 23:30 . 2008-05-27 23:30 <DIR> d-------- C:\Windows\McAfee.com
2008-05-27 22:47 . 2008-05-27 23:00 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-27 22:47 . 2008-05-27 23:00 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-27 13:56 . 2008-03-07 22:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-27 13:56 . 2008-03-08 00:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-23 17:46 . 2008-05-23 17:46 <DIR> d-------- C:\Users\All Users\Roaming
2008-05-23 17:46 . 2008-05-23 17:46 <DIR> d-------- C:\ProgramData\Roaming
2008-05-23 17:45 . 2008-05-23 17:45 <DIR> d-------- C:\Program Files\Cisco
2008-05-23 17:45 . 2008-05-23 17:45 <DIR> d-------- C:\Module Retargetable Folder
2008-05-23 17:44 . 2008-05-23 17:44 <DIR> d-------- C:\Users\All Users\Intel
2008-05-23 17:44 . 2008-05-23 17:44 <DIR> d-------- C:\ProgramData\Intel
2008-05-20 23:49 . 2008-05-20 23:49 <DIR> d-------- C:\Program Files\Microsoft Sites publics français
2008-05-19 22:29 . 2008-05-19 22:44 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-05-19 14:42 . 2008-05-19 14:42 0 --a------ C:\Windows\nsreg.dat
2008-05-16 17:00 . 2008-05-16 17:00 <DIR> d-------- C:\Users\All Users\Stardock
2008-05-16 17:00 . 2008-05-16 17:00 <DIR> d-------- C:\ProgramData\Stardock
2008-05-16 16:54 . 2008-05-16 16:54 <DIR> d-------- C:\Users\Raphael\AppData\Roaming\MessengerGadget
2008-05-13 23:09 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-13 23:09 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-08 13:41 . 2008-05-28 01:08 <DIR> d-------- C:\Users\All Users\Google Updater
2008-05-08 13:41 . 2008-05-28 01:08 <DIR> d-------- C:\ProgramData\Google Updater
2008-05-08 11:12 . 2008-05-08 11:12 <DIR> d-------- C:\Users\Raphael\AppData\Roaming\Template
2008-05-08 08:51 . 2008-05-08 08:51 48 --ah----- C:\Users\All Users\ezsidmv.dat
2008-05-08 08:51 . 2008-05-08 08:51 48 --ah----- C:\ProgramData\ezsidmv.dat
2008-05-08 08:50 . 2008-05-08 13:29 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-02 02:17 . 2008-05-02 02:17 <DIR> d-------- C:\Program Files\Microsoft SharedView
2008-05-02 01:26 . 2008-05-02 01:26 <DIR> d-------- C:\Users\Raphael\AppData\Roaming\Publish Providers
2008-04-29 16:45 . 2008-04-29 17:38 <DIR> d-------- C:\vcs5BGEffects
2008-04-29 13:56 . 2008-04-29 13:56 245,664 --a------ C:\Windows\System32\ZuneWlanCfgSvc.exe
2008-04-29 06:10 . 2008-02-21 22:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-29 06:10 . 2008-02-22 01:01 826,880 --a------ C:\Windows\System32\wininet.dll
2008-04-28 21:10 . 2008-04-28 21:10 <DIR> d-------- C:\Program Files\FLV Player
2008-04-28 19:15 . 2008-04-28 19:15 <DIR> d-------- C:\Users\Raphael\AppData\Roaming\CoSoSys
2008-04-28 15:11 . 2008-04-28 15:11 <DIR> d-------- C:\Program Files\GameSpy
2008-04-28 15:10 . 2008-04-28 15:10 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-04-28 15:08 . 2008-04-28 15:08 669,184 --a------ C:\Windows\System32\pbsvc.exe
2008-04-28 15:08 . 2008-05-22 19:51 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2008-04-28 15:08 . 2008-04-28 15:08 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-04-28 15:08 . 2008-05-22 19:52 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-04-28 15:08 . 2008-04-28 15:08 22,328 --a------ C:\Users\Raphael\AppData\Roaming\PnkBstrK.sys
2008-04-28 15:07 . 2008-04-28 15:07 <DIR> d-------- C:\Users\All Users\Media Center Programs
2008-04-28 15:07 . 2008-04-28 15:07 <DIR> d-------- C:\ProgramData\Media Center Programs
2008-04-28 14:47 . 2008-04-28 14:47 <DIR> d-------- C:\Program Files\Electronic Arts
2008-04-28 10:04 . 2008-04-28 10:05 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-04-28 10:04 . 2008-04-28 10:05 <DIR> d-------- C:\ProgramData\Lavasoft
2008-04-28 03:48 . 2008-04-28 03:48 <DIR> d-------- C:\Program Files\Photo Story 3 for Windows

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 18:28 --------- d-----w C:\Users\Raphael\AppData\Roaming\Skype
2008-05-28 18:21 --------- d-----w C:\Users\Raphael\AppData\Roaming\skypePM
2008-05-28 18:17 28,029 ----a-w C:\Users\All Users\nvModes.dat
2008-05-28 18:17 28,029 ----a-w C:\ProgramData\nvModes.dat
2008-05-28 03:00 262,144 ----a-w C:\ntuser.dat
2008-05-28 02:28 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-05-27 17:01 --------- d-----w C:\Users\Raphael\AppData\Roaming\uTorrent
2008-05-27 02:00 --------- d-----w C:\Users\Raphael\AppData\Roaming\DataSafeOnline
2008-05-23 20:44 --------- d-----w C:\Users\Raphael\AppData\Roaming\PeerNetworking
2008-05-21 03:49 --------- d-----w C:\Program Files\Microsoft Sites publics français
2008-05-20 02:53 --------- d-----w C:\Program Files\Windows Live
2008-05-20 02:26 --------- d-----w C:\ProgramData\WLInstaller
2008-05-16 20:45 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-14 22:56 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-14 03:21 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 03:09 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-13 14:56 --------- d-----w C:\Users\Raphael\AppData\Roaming\Browzar
2008-05-13 14:56 --------- d-----w C:\Program Files\Radio Fr Solo
2008-05-08 17:49 --------- d-----w C:\Program Files\Google
2008-05-07 12:06 --------- d-----w C:\Program Files\Zune
2008-04-29 19:00 --------- d-----w C:\ProgramData\Roxio
2008-04-28 11:23 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-22 15:46 --------- d-----w C:\ProgramData\Viewpoint
2008-04-22 14:50 --------- d-----w C:\Program Files\Defcon
2008-04-22 13:09 --------- d-----w C:\Users\Raphael\AppData\Roaming\App Launcher Gadget
2008-04-22 01:40 --------- d-----w C:\Program Files\Trend Micro
2008-04-22 01:29 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-22 01:29 --------- d-----w C:\Program Files\Common Files\Real
2008-04-22 01:20 --------- d-----w C:\Users\Raphael\AppData\Roaming\DassaultSystemes
2008-04-22 01:20 --------- d-----w C:\ProgramData\DassaultSystemes
2008-04-22 01:20 --------- d-----w C:\Program Files\Dassault Systemes
2008-04-22 01:14 --------- d-----w C:\Program Files\Virtual Earth 3D
2008-04-21 23:34 --------- d-----w C:\Users\Raphael\AppData\Roaming\Apple Computer
2008-04-21 23:34 --------- d-----w C:\Program Files\Safari
2008-04-21 23:32 --------- d-----w C:\Program Files\Apple Software Update
2008-04-21 21:21 --------- d-----w C:\Users\Raphael\AppData\Roaming\Malwarebytes
2008-04-21 21:21 --------- d-----w C:\ProgramData\Malwarebytes
2008-04-21 21:11 --------- d-----w C:\ProgramData\Grisoft
2008-04-21 21:11 --------- d-----w C:\Program Files\Zattoo
2008-04-21 21:11 --------- d-----w C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-04-21 21:11 --------- d-----w C:\Program Files\ESET
2008-04-21 21:11 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-04-18 08:16 512,096 ----a-w C:\Windows\system32\drivers\amon.sys
2008-04-18 08:13 15,424 ----a-w C:\Windows\system32\drivers\nod32drv.sys
2008-04-18 01:44 86,016 ----a-w C:\Windows\System32\OpenAL32.dll
2008-04-18 01:44 262,144 ----a-w C:\Windows\System32\wrap_oal.dll
2008-04-18 01:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-18 01:41 --------- d-----w C:\Program Files\Futuremark
2008-04-17 13:38 --------- d-----w C:\ProgramData\Microsoft Corporation
2008-04-16 09:55 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-04-16 08:28 --------- d-----w C:\ProgramData\POP3Profiles
2008-04-16 08:24 --------- d-----w C:\Program Files\Ubisoft
2008-04-16 08:13 --------- d-----w C:\ProgramData\POPWWPROFILES
2008-04-15 05:05 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2008-04-15 05:04 --------- d-----w C:\Program Files\Microsoft Xbox 360 Accessories
2008-04-15 04:24 98,304 ----a-w C:\Windows\system32CmdLineExt.dll
2008-04-15 04:21 --------- d-----w C:\Program Files\RADVideo
2008-04-15 03:15 --------- d-----w C:\Program Files\Eidos
2008-04-15 02:43 --------- d-----w C:\Users\Raphael\AppData\Roaming\CyberLink
2008-04-15 02:43 --------- d-----w C:\ProgramData\CyberLink
2008-04-15 02:42 --------- d-----w C:\Program Files\Common Files\CyberLink
2008-04-15 02:41 --------- d-----w C:\Program Files\CyberLink
2008-04-15 00:29 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-04-15 00:24 532,480 ----a-w C:\Windows\System32\Age of Empires III - War Chiefs.scr
2008-04-11 22:50 --------- d-----w C:\Program Files\Common Files\AOL
2008-04-11 04:11 --------- d-----w C:\ProgramData\AOL OCP
2008-04-11 04:10 --------- d-----w C:\Users\Raphael\AppData\Roaming\acccore
2008-04-11 04:09 --------- d-----w C:\ProgramData\AOL
2008-04-09 19:51 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-04-09 19:50 --------- d-----w C:\Users\Raphael\AppData\Roaming\tmp
2008-04-09 19:50 --------- d-----w C:\Users\Raphael\AppData\Roaming\Reallusion
2008-04-09 19:50 --------- d-----w C:\Users\Raphael\AppData\Roaming\AVSMedia
2008-04-09 19:40 --------- d-----w C:\ProgramData\AVS4YOU
2008-04-08 18:11 0 ----a-w C:\Users\Raphael\AppData\Roaming\wklnhst.dat
2008-04-08 04:21 --------- d-----w C:\Program Files\Dell
2008-04-08 00:45 --------- d--h--r C:\Users\Raphael\AppData\Roaming\SecuROM
2008-04-08 00:41 --------- d-----w C:\Program Files\Microsoft Games
2008-04-07 19:15 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-04-07 05:07 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-06 19:51 --------- d-----w C:\Program Files\MSECache
2008-04-04 22:07 --------- d-----w C:\ProgramData\NVIDIA
2008-04-04 21:01 27,525 ----a-w C:\Users\Raphael\AppData\Roaming\nvModes.dat
2008-04-04 02:54 --------- d-----w C:\Program Files\Picasa2
2008-04-04 02:44 --------- d-----w C:\ProgramData\Dell
2008-04-04 02:17 --------- d-----w C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-04-03 18:38 --------- d-----w C:\Program Files\Skype Recorder
2008-04-03 04:52 --------- d-----w C:\ProgramData\Apple Computer
2008-04-03 04:52 --------- d-----w C:\Program Files\iTunes
2008-04-03 04:52 --------- d-----w C:\Program Files\iPod
2008-04-03 04:51 --------- d-----w C:\Program Files\QuickTime
2008-04-02 23:25 203,776 ----a-w C:\Windows\System32\clrviddc.dll
2008-04-02 23:10 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-02 23:06 --------- d-----w C:\Users\Raphael\AppData\Roaming\InstallShield
2008-04-02 23:04 --------- d-----w C:\ProgramData\MediaDirect
2008-04-01 23:50 --------- d-----w C:\Program Files\Java
2008-04-01 19:22 --------- d-----w C:\Program Files\LCI
2008-04-01 04:45 174 --sha-w C:\Program Files\desktop.ini
2008-04-01 04:36 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-01 04:36 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-01 04:36 --------- d-----w C:\Program Files\Windows Journal
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\SideBar.exe" [2008-01-19 03:33 1233920]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 21:23 443968]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 20:21 202544]
"Dell DataSafe Scheduler"="C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe" [2007-12-02 17:30 308464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 19:05 734264]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 00:37 405504]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 14:23 83240]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-29 00:37 413696]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 05:36 50472]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 11:58 184320]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 01:58 36864]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-02-22 06:46 166432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-02-22 06:46 92704]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2008-02-22 06:46 92704]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-02-22 06:46 13515296]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 11:36 267048]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-01-18 07:40 17920]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 20:21 16384]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 17:43 118784]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2008-03-21 04:21 91432]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-24 05:27 159744]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-21 21:28 185896]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-04-29 13:56 158624]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 20:21 202544]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 18:55:50 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-03-25 00:55:31 50688]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-08 13:41:11 124400]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 19:13:26 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{76DA977C-861D-43E5-8882-EB454F7E21AB}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{59C2E67E-F723-4135-BD49-EFB612485ABE}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{C66515D9-C831-4696-BAD2-F280652CB65F}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{AC41AEAB-EF94-4F1C-B038-393C4E55C6F9}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{984E39B4-DA6B-4F95-A84B-6979AE644E58}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{1843B27A-0166-48B5-9AF9-5E65FCF6A3CE}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{25535982-CD5F-413D-93B7-58B4D05169E2}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{2FB1E516-3CB8-4AA5-B15F-B2F660DE9E61}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{14382281-59B9-4D0B-89DA-B1FF59FF594F}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9853543C-F7F6-4E50-97B0-D413FB8A1351}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{475B4256-5712-43BF-9BE3-4A8375B1E0E9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3CF5077C-56C5-475A-A52D-A294FC650401}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{75F26E18-094A-42A8-AB3A-2A74D81B6064}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{F59DC85A-0DEB-4EA3-9F74-FD29C9BB0CE9}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{91EC0818-A85E-4A33-BBBC-D93DB0E83619}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{6387A782-7C42-4727-8EC9-89E9C82B6B8D}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{CF1649D9-A3F2-4A1F-ACFE-56A70CE39DF2}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{F20A2D2A-8B28-45AE-ADD7-94C814828BAA}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A3A01CBB-60C2-4E1A-B566-9D471E350BED}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CC36F84A-341E-4369-910E-07A9A7537F7C}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{8192F573-055C-46AF-AE44-EFAA3AB6B7E6}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"TCP Query User{82286092-0AAC-4DD5-B1FB-870B6775CA00}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{C1B1BBD7-D761-4D65-8307-74305A08D368}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{9ECB292A-DB07-4E0C-8A8A-5F039770B3BA}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0A2C65B4-B6FC-484F-88EC-7F13FF8C48D8}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{D222B459-F307-4F78-8464-09A0CC2ACF03}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{440C4195-BD98-4BD5-B8EC-0C06F2805697}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{4700E488-2976-406B-84D7-6FEE376F2030}C:\\program files\\radio fr solo\\radio_fr_solo.exe"= UDP:C:\program files\radio fr solo\radio_fr_solo.exe:Radio Fr Solo
"UDP Query User{6E403CD7-2AB5-4ED6-BE9B-D14CE1606A24}C:\\program files\\radio fr solo\\radio_fr_solo.exe"= TCP:C:\program files\radio fr solo\radio_fr_solo.exe:Radio Fr Solo
"TCP Query User{0189394F-236E-4A8C-BC73-C1B4E613A5B8}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{38B4FDC4-F0CB-4A92-871B-DD563B436135}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{AAD2CB15-97B6-4891-8F24-57478A53D420}C:\\program files\\eidos\\hitman blood money\\hitmanbloodmoney.exe"= UDP:C:\program files\eidos\hitman blood money\hitmanbloodmoney.exe:HitmanBloodMoney
"UDP Query User{773EB266-0084-4B11-B899-8E23218F4A52}C:\\program files\\eidos\\hitman blood money\\hitmanbloodmoney.exe"= TCP:C:\program files\eidos\hitman blood money\hitmanbloodmoney.exe:HitmanBloodMoney
"TCP Query User{7B1A3F53-17E8-4AE6-8B3B-A9F217D15783}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{8AB26922-0E81-4966-9616-BB8007E1C1F7}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{B941B8D4-9E90-44D9-B58E-CCAFD1C5E87D}"= C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"TCP Query User{8FB15B9D-7B7B-4F7D-83EC-14D0D627A996}C:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= UDP:C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"UDP Query User{1B89515B-C90C-4D6D-9D68-0C1AEC7F8C66}C:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= TCP:C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry
"TCP Query User{775B7129-F9CC-4315-9F13-28EF3F4D74D5}C:\\program files\\microsoft games\\age of empires iii\\age3y.exe"= UDP:C:\program files\microsoft games\age of empires iii\age3y.exe:Age of Empires III Expansion 2
"UDP Query User{552F566D-4018-4808-BBAE-E60BBF918DD6}C:\\program files\\microsoft games\\age of empires iii\\age3y.exe"= TCP:C:\program files\microsoft games\age of empires iii\age3y.exe:Age of Empires III Expansion 2
"{58EE0E58-A85E-4F2F-8D4C-69A9103E930A}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{F85F709F-60B5-4453-844E-B3AD6B046F87}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{A9A7C5AF-2A6C-435C-BA71-68DD1E56D74F}C:\\program files\\lucasarts\\swkotor2\\swupdate.exe"= UDP:C:\program files\lucasarts\swkotor2\swupdate.exe:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program
"UDP Query User{DD4D54A6-C346-46F6-9514-C9C8759714EB}C:\\program files\\lucasarts\\swkotor2\\swupdate.exe"= TCP:C:\program files\lucasarts\swkotor2\swupdate.exe:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program
"TCP Query User{E0AAE5CA-DB92-40D7-85BE-C8C6387659AC}C:\\program files\\zattoo\\zattood.exe"= UDP:C:\program files\zattoo\zattood.exe:zattood
"UDP Query User{841419BD-C227-4457-AF3B-AEC70DD3C702}C:\\program files\\zattoo\\zattood.exe"= TCP:C:\program files\zattoo\zattood.exe:zattood
"TCP Query User{01E7C78E-9C8A-4807-9A1C-DC9C368FC790}C:\\program files\\zattoo\\zattoo.exe"= UDP:C:\program files\zattoo\zattoo.exe:
"UDP Query User{DB88E94B-E8D5-40F5-B657-1B47D5259DE2}C:\\program files\\zattoo\\zattoo.exe"= TCP:C:\program files\zattoo\zattoo.exe:
"TCP Query User{FAB9510A-8B42-46F4-9973-30C5BD711CB6}C:\\kav\\kis7.0\\english\\setup.exe"= UDP:C:\kav\kis7.0\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{DFE850CF-2627-4D8E-9F9A-821E7887109E}C:\\kav\\kis7.0\\english\\setup.exe"= TCP:C:\kav\kis7.0\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"TCP Query User{E212E7BD-8887-4277-8153-5CE904BDAA58}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{2F20E469-1501-4CA8-BEB6-AFF72B2AB9F7}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{56490616-2AB1-4DB3-AFF9-6451DD88069B}C:\\program files\\defcon\\defcon.exe"= UDP:C:\program files\defcon\defcon.exe:Defcon
"UDP Query User{DBB4B7FE-3E49-41ED-B37D-FD5AD61A0E94}C:\\program files\\defcon\\defcon.exe"= TCP:C:\program files\defcon\defcon.exe:Defcon
"{AFCAD63D-B3DC-4F7F-81ED-C383D93E26AE}"= UDP:C:\Users\Raphael\AppData\Local\FolderShare\FolderShare.exe:Windows Live FolderShare Beta
"{26D23DE6-B5C1-4741-AB8A-DD5F766A4A74}"= TCP:C:\Users\Raphael\AppData\Local\FolderShare\FolderShare.exe:Windows Live FolderShare Beta
"{8B96F5EE-88BD-4A43-867D-0B1A537EC4F6}"= UDP:C:\Users\Raphael\AppData\Local\FolderShare\FolderShare.exe:Windows Live FolderShare Beta
"{350A684A-5997-488A-A36F-A056935C3068}"= TCP:C:\Users\Raphael\AppData\Local\FolderShare\FolderShare.exe:Windows Live FolderShare Beta
"TCP Query User{D786094C-ABE6-42E8-B159-5696DCEB35C5}C:\\users\\raphael\\appdata\\local\\foldershare\\foldershare.exe"= UDP:C:\users\raphael\appdata\local\foldershare\foldershare.exe:foldershare.exe
"UDP Query User{F2ACE31C-97CB-426C-9744-148D6E3F7AFC}C:\\users\\raphael\\appdata\\local\\foldershare\\foldershare.exe"= TCP:C:\users\raphael\appdata\local\foldershare\foldershare.exe:foldershare.exe
"{15CD853E-C6F9-4FD3-AE1F-728864AEBB7E}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{EF390F0D-6451-4041-BDB5-A908D6A033C3}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{B25FF897-E22F-47C6-A2F6-B4D2AA1C7D12}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{0E40EA92-EB42-47FD-80CB-3693B9741A43}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{44435105-0834-47B8-8B8C-757FCCAB29B2}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{ABD5C5D3-84E3-4C98-B357-AEB8492FF18E}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{168F2F39-005F-45C7-9D52-D5C9780667D9}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{B9BE3041-CFA9-4717-BC99-323024D09077}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{4C5B7FB7-31C8-4F84-9872-A03721D2DB33}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{1C810B01-08CC-46D7-A6AD-947B0D1C0D0C}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"TCP Query User{95949E7C-963E-4C0C-8CEC-1C35ECC9791F}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{719D17F1-7F9D-4267-A490-CA6199A4E1D3}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{0CFCD8E6-74FA-434F-A6C3-384C0BBE5CBA}C:\\program files\\electronic arts\\crytek\\crysis\\bin32\\crysis.exe"= UDP:C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe:Crysis
"UDP Query User{3FC7C524-6532-4D05-97AE-35F4EE12D8F5}C:\\program files\\electronic arts\\crytek\\crysis\\bin32\\crysis.exe"= TCP:C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe:Crysis
"TCP Query User{0363B6A2-CF64-4958-B94A-0C0E58DA777A}C:\\program files\\defcon\\defcon.exe"= UDP:C:\program files\defcon\defcon.exe:Defcon
"UDP Query User{08168A1F-73DB-493B-A7FC-FE3A6EE6F130}C:\\program files\\defcon\\defcon.exe"= TCP:C:\program files\defcon\defcon.exe:Defcon
"TCP Query User{7335A229-804C-4BF1-9796-8611A5054C93}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7B04FAEF-7511-44AD-A5DF-0B2FD41308C8}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{6F469DE7-93EE-4BE2-B872-200A62152BF3}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{9D72335A-F830-43A9-981A-DFA63B3C4594}C:\\program files\\radio fr solo\\radio_fr_solo.exe"= UDP:C:\program files\radio fr solo\radio_fr_solo.exe:Radio Fr Solo
"UDP Query User{B6D6D57C-8C56-4DA4-A6EE-A2479BA0DC69}C:\\program files\\radio fr solo\\radio_fr_solo.exe"= TCP:C:\program files\radio fr solo\radio_fr_solo.exe:Radio Fr Solo
"TCP Query User{32E24263-3F3B-4A30-AD50-2D28503CDB3F}C:\\program files\\zattoo\\zattood.exe"= UDP:C:\program files\zattoo\zattood.exe:zattood
"UDP Query User{CE7F8D64-5963-4A9D-ADB0-4814B29B388C}C:\\program files\\zattoo\\zattood.exe"= TCP:C:\program files\zattoo\zattood.exe:zattood
"{58FD2D81-A3A1-4E2C-BD4C-DC8AE1D4FC62}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{74C607D8-4F22-4EFA-B80E-C28222A61470}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{9A24F593-5CF3-4105-A3C5-697D892912B0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

R2 {2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7};{2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7};C:\Program Files\Dell\MediaDirect\000.fcl [2007-09-07 01:29]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-02-01 11:24]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2008-01-02 00:37]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-02-13 20:21]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 20:39]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 21:37]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 19:13]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 19:13]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 01:58]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 01:59]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 03:36]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\Windows\system32\ZuneWlanCfgSvc.exe [2008-04-29 13:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23965938-26b3-11dd-b214-001f3adfd0a2}]
\shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-04-01 03:28:36 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-28 18:19:29 C:\Windows\Tasks\User_Feed_Synchronization-{6CCFE6C3-7092-487F-B340-98ED72BCB6F8}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 14:33:40
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-28 14:35:21
ComboFix-quarantined-files.txt 2008-05-28 18:34:32

Pre-Run: 237,050,028,032 bytes free
Post-Run: 237,021,822,976 bytes free

347 --- E O F --- 2008-05-27 17:57:15




Am I infected ? Thank you for your answers !

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:16 AM

Posted 28 May 2008 - 01:48 PM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users