Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help me plzzzzz


  • This topic is locked This topic is locked
2 replies to this topic

#1 san111

san111

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 09 January 2011 - 08:07 AM

help me plzzzzz
this is the report of combofix what i should do .???
ComboFix 11-01-08.04 - Administrateur 08/01/2011 12:11:01.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1256.216.1036.18.3039.2301 [GMT 1:00]
Running from: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\Bureau\bureau\QURAn_~1.exe
c:\program files\FindXplorer
c:\windows\system\VB40032.DLL
c:\windows\system32\sshnas21.dll
c:\windows\system32\UNWISE.EXE
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

c:\windows\regedit.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FINDXPLORER_SERVICE
-------\Legacy_SSHNAS
-------\Service_FindXplorer Service
-------\Service_SSHNAS


((((((((((((((((((((((((( Files Created from 2010-12-08 to 2011-01-08 )))))))))))))))))))))))))))))))
.

2011-01-09 10:47 . 2011-01-09 10:47 -------- d-----w- c:\program files\Cracklock
2011-01-08 23:53 . 2011-01-08 10:54 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2011-01-08 23:32 . 2011-01-08 23:32 230912 ----a-w- c:\windows\Bpijya.exe
2011-01-08 23:14 . 2011-01-08 23:55 -------- d-----w- c:\documents and settings\Administrateur\Application Data\DriverCure
2011-01-08 23:14 . 2011-01-08 23:14 -------- d-----w- c:\documents and settings\Administrateur\Application Data\ParetoLogic
2011-01-08 23:13 . 2011-01-08 23:53 -------- d-----w- c:\program files\Fichiers communs\ParetoLogic
2011-01-08 23:13 . 2011-01-08 23:53 -------- d-----w- c:\program files\ParetoLogic
2011-01-08 23:13 . 2011-01-08 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-01-06 20:51 . 2011-01-06 20:51 109056 ----a-w- c:\windows\system32\winmty32.dll
2011-01-06 20:51 . 2011-01-06 20:51 109056 ----a-w- c:\windows\system32\winnsy32.dll
2011-01-06 20:51 . 2011-01-06 20:51 109056 ----a-w- c:\windows\system32\winyyq32.dll
2011-01-06 20:49 . 2011-01-06 20:49 109056 ----a-w- c:\windows\system32\winzci32.dll
2011-01-06 20:49 . 2011-01-06 20:49 109056 ----a-w- c:\windows\system32\wincfg32.dll
2011-01-05 16:43 . 2011-01-05 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2011-01-05 16:43 . 2011-01-05 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\EA Core
2011-01-05 10:55 . 2006-11-22 09:01 693760 ----a-w- c:\windows\system32\drivers\hardlock.sys
2011-01-05 10:55 . 2011-01-05 10:55 6656 ----a-w- c:\windows\system32\haspvdd.dll
2011-01-05 10:55 . 2011-01-05 10:55 383 ----a-w- c:\windows\system32\haspdos.sys
2011-01-05 10:55 . 2011-01-05 10:55 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2011-01-05 10:55 . 2006-12-20 10:55 3066968 ----a-w- c:\windows\system32\hinstd.dll
2011-01-05 10:55 . 2006-12-20 09:00 671112 ----a-w- c:\windows\system32\hdinst_windows.dll
2011-01-05 10:55 . 2006-12-20 09:00 2511360 ----a-w- c:\windows\system32\haspds_windows.dll
2011-01-05 10:55 . 2006-11-30 10:06 69632 ----a-w- c:\windows\system32\hasp_inst_help1.dll
2011-01-05 10:55 . 2005-09-06 16:07 24576 ----a-w- c:\windows\system32\hdduinst.exe
2011-01-04 15:34 . 2011-01-04 15:34 -------- d-----w- c:\program files\Fichiers communs\Skype
2011-01-01 16:34 . 2011-01-01 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\hssff
2011-01-01 11:01 . 2010-11-04 18:43 506880 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
2010-12-31 17:02 . 2010-12-31 17:02 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Unity
2010-12-31 16:56 . 2010-12-31 16:56 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Unity
2010-12-26 16:28 . 2010-12-26 16:31 -------- d-----w- C:\Hotspot Shield
2010-12-26 16:28 . 2011-01-01 11:01 -------- d-----w- c:\program files\Hotspot Shield
2010-12-24 18:02 . 2010-12-24 18:02 -------- d-----w- c:\program files\EA Sports
2010-12-22 22:07 . 2010-12-22 22:08 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GameRanger
2010-12-19 21:59 . 2010-12-19 21:59 -------- d-----w- c:\program files\Jufsoft
2010-12-17 14:27 . 2010-12-17 14:27 -------- d-----w- c:\program files\TeraCopy
2010-12-17 11:56 . 2011-01-05 16:28 -------- d-----w- c:\program files\Electronic Arts
2010-12-17 11:55 . 2010-12-17 11:55 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Leadertech
2010-12-16 10:14 . 2010-12-16 10:14 -------- d-----w- c:\documents and settings\Administrateur\Application Data\CoSoSys
2010-12-14 18:23 . 2010-12-14 18:23 -------- d-----w- c:\program files\NVIDIA Corporation
2010-12-14 18:23 . 2010-12-14 18:23 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2010-12-12 18:29 . 2010-12-26 16:07 -------- d-----w- C:\tmp
2010-12-12 18:27 . 2010-12-21 09:40 -------- d-----w- c:\program files\smscut
2010-12-12 18:27 . 2010-12-21 09:40 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\smscut
2010-12-12 18:27 . 2010-12-26 16:07 -------- d-----w- c:\documents and settings\Administrateur\Application Data\SonicProxy601
2010-12-12 14:04 . 2010-12-22 05:47 -------- d-----w- c:\documents and settings\NetworkService\Application Data\GameTracker
2010-12-10 23:15 . 2010-12-10 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-12-10 23:15 . 2010-12-10 23:15 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Canneverbe Limited
2010-12-10 23:14 . 2009-11-12 12:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-12-10 23:14 . 2010-12-10 23:14 -------- d-----w- c:\program files\CDBurnerXP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-06 12:36 . 2011-01-06 12:36 6305714 ----a-w- C:\UsbFix_Upload_Me_SWEET-D8B2DDCF4.zip
2010-10-25 18:22 . 2010-10-25 18:22 0 ----a-w- c:\windows\system32\RENA8.tmp
2010-10-10 17:20 . 2010-02-01 21:27 4 ----a-w- C:\timeStmp.tmp
.

------- Sigcheck -------

[-] 2008-09-27 . 4BB6301D634C857A5089E8B24C5555E4 . 593408 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe

[-] 2008-09-27 . AAC42FD16A1976DE9A0773E740597644 . 693248 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2010-05-06 . 803F9373996A2A8311DACA0E9AA6CA4C . 6224896 . . [8.00.6001.18928] . . c:\windows\system32\mshtml.dll
[7] 2010-05-06 . 58AF16DE738F10213E86FEF10836D0E5 . 5950976 . . [8.00.6001.18928] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2010-05-06 . 705DA0AFB48A9333747475AD5600A902 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[7] 2010-03-11 . 1E81869FCA9787B42DC45A434BF14F2A . 3602944 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mshtml.dll
[7] 2010-02-25 . 61216C223AF660E87DF5482C861A9DE2 . 5944832 . . [8.00.6001.18904] . . c:\windows\SoftwareDistribution\Download\1dd30e150658b5a62a0be2504ffe30fa\SP3GDR\mshtml.dll
[7] 2010-02-25 . B8B420A6EB2BB50AA014CD99C96CF983 . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[7] 2010-02-25 . B8B420A6EB2BB50AA014CD99C96CF983 . 5946880 . . [8.00.6001.22995] . . c:\windows\SoftwareDistribution\Download\1dd30e150658b5a62a0be2504ffe30fa\SP3QFE\mshtml.dll
[-] 2008-09-27 . B6BC3773B01BF85B880F56C198EEA90B . 3774464 . . [7.00.6000.20861] . . c:\windows\ie7updates\KB980182-IE7\mshtml.dll

[-] 2008-09-27 . EF31A8266AF7996746392E4F45502536 . 517632 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2010-05-06 . 58498A88EB90226435788F6BECA3F53C . 907264 . . [8.00.6001.18923] . . c:\windows\system32\wininet.dll
[7] 2010-05-06 . B98E84E2CD3EE25D6D41936352E93112 . 916480 . . [8.00.6001.18923] . . c:\windows\system32\dllcache\wininet.dll
[7] 2010-05-06 . C906F4EA76E7BEC9255776E626086B95 . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[7] 2010-03-11 . 5CC1B037988E966725FF544C564A22F3 . 841216 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\wininet.dll
[7] 2010-02-25 . 3897DB69B7ABF09C00406A249F8088D8 . 916480 . . [8.00.6001.18904] . . c:\windows\SoftwareDistribution\Download\1dd30e150658b5a62a0be2504ffe30fa\SP3GDR\wininet.dll
[7] 2010-02-25 . B667625B38B5EA389044F90BDE80C4FD . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[7] 2010-02-25 . B667625B38B5EA389044F90BDE80C4FD . 919040 . . [8.00.6001.22995] . . c:\windows\SoftwareDistribution\Download\1dd30e150658b5a62a0be2504ffe30fa\SP3QFE\wininet.dll
[-] 2008-09-27 . 90B16FF3ACEC94B95BA95AA686442A47 . 879616 . . [7.00.6000.20861] . . c:\windows\ie7updates\KB980182-IE7\wininet.dll

[-] 2008-09-27 . A170795117CE147B296931C8D7AD72D7 . 979968 . . [6.00.2900.5634] . . c:\windows\explorer.exe

[-] 2008-09-27 . B3D95BCB6D0B033BEBFB81FADDA8B8AC . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88f8c352-20c7-4051-aaa1-5466cd5e5f63}"= "c:\program files\smscut\tbsmsc.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}]
2010-04-15 11:33 2515552 ----a-w- c:\program files\smscut\tbsmsc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88f8c352-20c7-4051-aaa1-5466cd5e5f63}"= "c:\program files\smscut\tbsmsc.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88F8C352-20C7-4051-AAA1-5466CD5E5F63}"= "c:\program files\smscut\tbsmsc.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{88f8c352-20c7-4051-aaa1-5466cd5e5f63}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinMover"="c:\program files\WinMover\WinMover.exe" [2005-12-02 10240]
"UberIcon"="c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 180224]
"DriverCure"="c:\program files\ParetoLogic\DriverCure\DriverCure.exe" [2009-08-07 3993368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2009-02-10 1657376]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-06-21 188416]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-06 17881088]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"JkDefrag"="advpack.dll" [2009-03-08 128512]
"SweetRegistry"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Enregistrement de .lnk - c:\program files\EA Sports\FIFA 11\Support\EAregister.exe [2010-9-10 4407808]
GameRanger.lnk - c:\documents and settings\Administrateur\Application Data\GameRanger\GameRanger\GameRanger.exe [2010-12-10 1248992]
Notification de cadeaux MSN.lnk - c:\documents and settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2010-7-19 135680]
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [N/A]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-20 576104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
"HideRunAsVerb"= 1 (0x1)
"NoNetConnectDisconnect"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmty32]
2011-01-06 20:51 109056 ----a-w- c:\windows\system32\winmty32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\CLKERN.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=
"c:\\Program Files\\Weezo\\Apache\\bin\\weezoHttpd.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Documents and Settings\\Administrateur\\Application Data\\SonicProxy601\\sonic.exe"=
"c:\\Program Files\\EA Sports\\FIFA 11\\Game\\fifa.exe"=
"c:\\Documents and Settings\\Administrateur\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"443:TCP"= 443:TCP:*:Disabled:TCP port 443 ooVoo
"443:UDP"= 443:UDP:*:Disabled:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:*:Disabled:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:*:Disabled:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:*:Disabled:UDP port 37675 ooVoo
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [22/09/2010 21:27 183240]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14/04/2008 13:00 14336]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [13/07/2010 07:04 108289]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25/03/2010 14:39 490280]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [04/09/2009 21:37 625024]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/02/2010 23:08 135664]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [22/09/2010 12:00 330784]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [04/09/2009 20:18 1684736]
S3 dump_wmimmc;dump_wmimmc;\??\c:\gpotato.eu\Street Gears2\GameGuard\dump_wmimmc.sys --> c:\gpotato.eu\Street Gears2\GameGuard\dump_wmimmc.sys [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/12/2009 19:00 243056]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [21/01/2010 13:39 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [01/07/2010 14:21 34896]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HELPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2011-01-08 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2010-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb708348da11ce.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 22:08]

2011-01-08 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Fichiers communs\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2011-01-08 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Fichiers communs\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]

2011-01-08 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Fichiers communs\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2011-01-08 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Fichiers communs\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]

2011-01-08 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]

2011-01-08 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]

2010-07-19 c:\windows\Tasks\User_Feed_Synchronization-{D528C687-139C-4974-9A60-500A1D1D9F42}.job
- c:\windows\system32\msfeedssync.exe [2008-04-14 02:31]

2010-05-21 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-05-09 20:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
ucustomizesearch = hxxp://www.google.com/ie
usearchassistant = hxxp://www.google.com/ie
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1940427&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1940427
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1940427&q=
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: FindXplorer: {CA60F577-1B28-41D6-8C78-C49E63304FCF} - c:\program files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: afurladvisor: afurladvisor@anchorfree.com - c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - Ext: Snap Links (EladKarako Mod): snaplinks@snaplinks.net - %profile%\extensions\snaplinks@snaplinks.net
FF - Ext: Gmail Notifier: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e} - %profile%\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: XHTML Mobile Profile: {8ea9957e-2953-402f-80e0-bceb5f169d6f} - %profile%\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: wmlbrowser: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} - %profile%\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - %profile%\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - user.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1940427
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: network.proxy.backup.ftp -
FF - user.js: network.proxy.backup.ftp_port - 0
FF - user.js: network.proxy.backup.gopher -
FF - user.js: network.proxy.backup.gopher_port - 0
FF - user.js: network.proxy.backup.socks -
FF - user.js: network.proxy.backup.socks_port - 0
FF - user.js: network.proxy.backup.ssl -
FF - user.js: network.proxy.backup.ssl_port - 0
FF - user.js: network.proxy.ftp - 127.0.0.1
FF - user.js: network.proxy.ftp_port - 8080
FF - user.js: network.proxy.gopher - 127.0.0.1
FF - user.js: network.proxy.gopher_port - 8080
FF - user.js: network.proxy.http - 127.0.0.1
FF - user.js: network.proxy.http_port - 8080
FF - user.js: network.proxy.share_proxy_settings - true
FF - user.js: network.proxy.socks - 127.0.0.1
FF - user.js: network.proxy.socks_port - 8080
FF - user.js: network.proxy.ssl - 127.0.0.1
FF - user.js: network.proxy.ssl_port - 8080
FF - user.js: network.proxy.type - 2
user_pref(network.proxy.autoconfig_url,file:///c:\windows\proxy.pac);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-wefi - c:\program files\WeFi\\WeFi.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-HASP Device Drivers - c:\windows\system32\UNWISE.EXE
AddRemove-RAR Password Cracker - c:\program files\RAR Password Cracker\uninstall.exe
AddRemove-Weezo_is1 - c:\program files\Weezo\bin\unins000.exe
AddRemove-WinHTTrack Website Copier_is1 - c:\program files\WinHTTrack\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-08 12:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-515967899-220523388-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3e,20,c3,53,5e,0c,8d,4a,a7,fa,57,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,65,14,a0,e6,71,d4,42,b3,3a,57,\

[HKEY_USERS\S-1-5-21-515967899-220523388-1801674531-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:65,ae,54,26,95,22,b0,92,9c,b0,f4,30,a0,92,47,a5,c8,11,59,7c,09,08,64,
6a,96,26,dc,99,63,62,88,65,1e,35,07,4f,22,42,fd,b0,43,6b,01,3d,22,0e,f5,28,\
"??"=hex:75,cb,2a,19,9b,d4,da,e4,e4,3c,20,dc,e0,dc,bf,c6

[HKEY_USERS\S-1-5-21-515967899-220523388-1801674531-500\Software\SecuROM\License information*]
"datasecu"=hex:96,e3,72,e1,fc,c7,9b,b6,ed,3a,45,c8,4c,de,cd,88,72,62,56,17,b7,
06,d2,e0,9f,48,23,50,d9,a6,11,06,ee,9c,8e,20,53,7f,cc,fc,f0,a6,6d,2f,31,d2,\
"rkeysecu"=hex:88,57,59,b0,82,bb,77,bf,62,3b,d6,3d,53,63,aa,22
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(380)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\winmty32.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll

- - - - - - - > 'explorer.exe'(7264)
c:\windows\system32\SHDOCVW.dll
c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll
c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\WinMover\WinMover.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\PCHealth\HelpCtr\Binaries\HelpSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Hotspot Shield\bin\openvpntray.exe
.
**************************************************************************
.
Completion time: 2011-01-08 12:24:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-08 11:24

Pre-Run: 69 474 869 248 octets libres
Post-Run: 73 726 820 352 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Professional Setup"

- - End Of File - - 70BE2CAB33FA0529085298223C3F2BE5

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:30 AM

Posted 14 January 2011 - 09:55 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:30 AM

Posted 19 January 2011 - 07:34 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users