My Pastes
Public Pastes
Layout Width
Share Pastebin
Guest
Public paste!

ComboFix log

By: a guest | Mar 15th, 2010 | Syntax: None | Size: 22.85 KB | Hits: 97 | Expires: Never
Download | Raw | Embed | Report abuse
Copy text to clipboard
  1. ComboFix 10-03-10.04 - Aks-admin 03/15/2010  14:50:21.1.2 - x86
  2. Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.478.267 [GMT 6:00]
  3. Running from: c:\documents and settings\Aks-admin\Desktop\ComboFix.exe
  4. AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
  5. FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
  6.  
  7. WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
  8. .
  9.  
  10. (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
  11. .
  12.  
  13. c:\documents and settings\Aks-admin\Application Data\logs.dat
  14. c:\documents and settings\Aks-admin\Application Data\SQLite3.dll
  15. c:\documents and settings\Aks-admin\Local Settings\Application Data\Bron.tok-16-14
  16. c:\documents and settings\Aks-admin\Local Settings\Application Data\Bron.tok-16-15
  17. c:\documents and settings\Aks-admin\Local Settings\Application Data\csrss.exe
  18. c:\documents and settings\Aks-admin\Local Settings\Application Data\inetinfo.exe
  19. c:\documents and settings\Aks-admin\Local Settings\Application Data\Kosong.Bron.Tok.txt
  20. c:\documents and settings\Aks-admin\Local Settings\Application Data\ListHost16.txt
  21. c:\documents and settings\Aks-admin\Local Settings\Application Data\smss.exe
  22. c:\documents and settings\common\Application Data\logs.dat
  23. c:\documents and settings\common\Application Data\Server.exe
  24. c:\documents and settings\common\Application Data\SQLite3.dll
  25. c:\documents and settings\common\Local Settings\Application Data\br5007on.exe
  26. c:\documents and settings\common\Local Settings\Application Data\Bron.tok-16-14
  27. c:\documents and settings\common\Local Settings\Application Data\Bron.tok-16-15
  28. c:\documents and settings\common\Local Settings\Application Data\csrss.exe
  29. c:\documents and settings\common\Local Settings\Application Data\inetinfo.exe
  30. c:\documents and settings\common\Local Settings\Application Data\Kosong.Bron.Tok.txt
  31. c:\documents and settings\common\Local Settings\Application Data\ListHost16.txt
  32. c:\documents and settings\common\Local Settings\Application Data\lsass.exe
  33. c:\documents and settings\common\Local Settings\Application Data\services.exe
  34. c:\documents and settings\common\Local Settings\Application Data\smss.exe
  35. c:\documents and settings\common\Local Settings\Application Data\winlogon.exe
  36. c:\documents and settings\common\Start Menu\Programs\Startup\systemID.pif
  37. c:\documents and settings\common\Templates\8196-NendangBro.com
  38. c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok-16-15
  39. c:\documents and settings\NetworkService\Local Settings\Application Data\BronFoldNetDomList.txt
  40. c:\documents and settings\NetworkService\Local Settings\Application Data\csrss.exe
  41. c:\documents and settings\NetworkService\Local Settings\Application Data\inetinfo.exe
  42. c:\documents and settings\NetworkService\Local Settings\Application Data\Kosong.Bron.Tok.txt
  43. c:\documents and settings\NetworkService\Local Settings\Application Data\ListHost16.txt
  44. c:\documents and settings\NetworkService\Local Settings\Application Data\lsass.exe
  45. c:\documents and settings\NetworkService\Local Settings\Application Data\services.exe
  46. c:\documents and settings\NetworkService\Local Settings\Application Data\smss.exe
  47. c:\documents and settings\NetworkService\Local Settings\Application Data\winlogon.exe
  48. C:\explorer.exe
  49. c:\program files\{17350501621331}.exe
  50. c:\program files\explorer.exe
  51. c:\windows\apocalyps32.exe
  52. c:\windows\BackUp
  53. c:\windows\BackUp\autorun.inf
  54. c:\windows\system32\Explorer
  55. c:\windows\system32\i1Iefmfi8l.txt
  56. c:\windows\system32\lowsec
  57. c:\windows\system32\lowsec\local.ds
  58. c:\windows\system32\lowsec\user.ds
  59. c:\windows\system32\lowsec\user.ds.lll
  60. c:\windows\system32\system32
  61. c:\windows\system32\system32\iexplorerupdate.exe
  62. c:\windows\system32\uZQEtNDuIS.dll
  63. c:\windows\WINDOWS
  64.  
  65. .
  66. (((((((((((((((((((((((((   Files Created from 2010-02-15 to 2010-03-15  )))))))))))))))))))))))))))))))
  67. .
  68.  
  69. 2010-03-15 05:10 . 2010-03-15 05:10     --------        d-----w-        c:\documents and settings\NetworkService\Local Settings\Application Data\Ok-SendMail-Bron-tok
  70. 2010-03-15 05:09 . 2010-03-15 05:19     --------        d-----w-        c:\documents and settings\NetworkService\Local Settings\Application Data\Loc.Mail.Bron.Tok
  71. 2010-03-15 02:00 . 2010-03-15 02:00     --------        d-----w-        c:\documents and settings\Aks-admin\Local Settings\Application Data\Loc.Mail.Bron.Tok
  72. 2010-03-15 01:54 . 2010-03-11 05:48     3885832 ----a-r-        C:\ComboFix.exe
  73. 2010-03-14 05:56 . 2010-03-14 05:56     --------        d-----w-        c:\documents and settings\common\Local Settings\Application Data\Ok-SendMail-Bron-tok
  74. 2010-03-14 05:33 . 2010-03-14 07:58     --------        d-----w-        c:\documents and settings\common\Local Settings\Application Data\Loc.Mail.Bron.Tok
  75. 2010-03-14 00:43 . 2010-02-05 07:51     44401   ----a-w-        C:\7668-NendangBro.com
  76. 2010-03-10 09:57 . 2010-03-10 09:57     --------        d-----w-        c:\documents and settings\common\Application Data\CyberLink
  77. 2010-03-10 03:31 . 2010-03-10 03:31     57456   ----a-w-        c:\documents and settings\common\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
  78. 2010-03-09 02:23 . 2010-03-09 02:23     --------        d-----w-        c:\documents and settings\Aks-admin\Application Data\CyberLink
  79. 2010-03-09 02:23 . 2010-03-09 02:23     --------        d-----w-        c:\documents and settings\All Users\Application Data\CyberLink
  80. 2010-03-09 02:23 . 2010-03-09 02:23     --------        d-----w-        c:\program files\CyberLink
  81. 2010-03-09 01:56 . 2010-03-09 01:56     --------        d-----w-        c:\program files\Trend Micro
  82. 2010-03-08 05:29 . 2010-03-08 05:29     0       ----a-w-        c:\windows\nsreg.dat
  83. 2010-03-08 05:29 . 2010-03-08 05:29     --------        d-----w-        c:\documents and settings\common\Local Settings\Application Data\Mozilla
  84. 2010-03-07 01:56 . 2010-03-07 01:56     67372   ----a-w-        c:\documents and settings\common\Application Data\IDM\DwnlData\common\mybot_18\mybot.exe
  85. 2010-03-07 01:52 . 2010-03-15 08:49     2959376 ----a-w-        C:\dotnetfx35setup.exe
  86. 2010-03-04 08:25 . 2010-03-04 08:40     --------        d--h--w-        c:\windows\system32\498A46
  87. 2010-03-04 08:25 . 2010-03-04 08:40     --------        d--h--w-        c:\windows\system32\F7D46D
  88. 2010-03-04 08:25 . 2010-03-04 08:40     --------        d--h--w-        c:\windows\system32\9D3562
  89. 2010-03-04 08:25 . 2010-03-04 08:40     --------        d--h--w-        c:\windows\system32\0C3017
  90. 2010-03-01 01:47 . 2010-03-01 01:50     --------        d-sh--r-        c:\windows\rootserveyn
  91. 2010-02-28 01:55 . 2010-03-03 07:31     1878888 ----a-w-        c:\windows\install_flash_player.exe
  92. 2010-02-28 01:54 . 2010-03-15 05:03     --------        d---a-w-        c:\documents and settings\All Users\Application Data\TEMP
  93. 2010-02-28 01:53 . 2010-03-03 07:33     --------        d-sh--r-        c:\windows\system32\WindowsUpdate
  94. 2010-02-28 01:53 . 2010-02-28 01:53     --------        d-----w-        c:\windows\admin_F4C1976F
  95. 2010-02-25 06:36 . 2010-02-25 06:36     198064  ----a-w-        c:\documents and settings\common\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
  96. 2010-02-25 06:35 . 2010-03-04 01:44     --------        d-----w-        c:\documents and settings\common\Application Data\IDM
  97. 2010-02-25 06:35 . 2010-03-15 04:06     --------        d-----w-        c:\documents and settings\common\Application Data\DMCache
  98. 2010-02-25 06:35 . 2010-03-04 05:26     --------        d-----w-        c:\program files\Internet Download Manager
  99. 2010-02-25 03:26 . 2010-02-25 03:26     1108    ----a-w-        c:\windows\system32\ealregsnapshot1.reg
  100. 2010-02-25 03:26 . 2010-02-25 03:26     --------        d-----w-        c:\documents and settings\common\Local Settings\Application Data\Downloaded Installations
  101. 2010-02-25 03:26 . 2010-02-25 03:26     --------        d-----w-        c:\documents and settings\common\Application Data\Leadertech
  102. 2010-02-25 01:56 . 2010-02-25 01:56     --------        d-----w-        C:\fontsss
  103. 2010-02-24 02:40 . 2010-02-24 02:40     --------        d-s---w-        c:\documents and settings\common\UserData
  104. 2010-02-24 02:39 . 2010-02-24 02:39     --------        d-----w-        c:\documents and settings\common\Application Data\IObit
  105. 2010-02-24 01:52 . 2010-02-24 01:52     --------        d-----w-        c:\documents and settings\Aks-admin\Application Data\IObit
  106. 2010-02-24 01:52 . 2010-02-24 01:58     --------        d-----w-        c:\program files\IObit
  107. 2010-02-23 06:17 . 2010-02-23 06:17     --------        d-s---w-        c:\documents and settings\Aks-admin\UserData
  108. 2010-02-23 05:28 . 2010-02-23 05:28     --------        d-----w-        c:\program files\EA Sports
  109. 2010-02-23 05:26 . 2005-02-25 03:35     22752   ----a-w-        c:\windows\system32\spupdsvc.exe
  110. 2010-02-23 05:26 . 2010-02-23 06:57     --------        d--h--w-        c:\windows\$hf_mig$
  111. 2010-02-23 03:31 . 2010-02-23 03:31     107888  ----a-w-        c:\windows\system32\CmdLineExt.dll
  112. 2010-02-23 01:51 . 2010-02-23 01:51     68456   ----a-w-        c:\documents and settings\Aks-admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
  113. 2010-02-18 08:24 . 2010-03-04 05:26     --------        d-----w-        c:\program files\Counter-Strike
  114. 2010-02-18 06:42 . 2010-02-18 06:42     --------        d-----w-        c:\documents and settings\common\Local Settings\Application Data\Microsoft Help
  115. 2010-02-18 06:34 . 2010-02-28 07:44     --------        d-----w-        c:\documents and settings\common\Local Settings\Application Data\Temp
  116. 2010-02-18 06:34 . 2010-02-18 06:47     --------        d-----w-        c:\documents and settings\common\Local Settings\Application Data\Google
  117. 2010-02-16 10:02 . 2001-08-17 13:59     3072    ----a-w-        c:\windows\system32\drivers\audstub.sys
  118. 2010-02-16 10:01 . 2004-08-03 22:59     57472   ----a-w-        c:\windows\system32\drivers\redbook.sys
  119. 2010-02-16 10:00 . 2004-08-04 00:56     74240   ----a-w-        c:\windows\system32\usbui.dll
  120.  
  121. .
  122. ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
  123. .
  124. 2010-03-15 08:55 . 2010-02-16 04:43     2464032 --sha-w-        c:\windows\system32\drivers\fidbox.dat
  125. 2010-03-15 08:54 . 2010-02-16 04:43     237344  --sha-w-        c:\windows\system32\drivers\fidbox2.dat
  126. 2010-03-15 08:54 . 2010-02-16 04:43     23312   --sha-w-        c:\windows\system32\drivers\fidbox2.idx
  127. 2010-03-15 08:54 . 2010-02-16 04:43     37064   --sha-w-        c:\windows\system32\drivers\fidbox.idx
  128. 2010-03-15 08:37 . 2010-02-16 04:43     --------        d-----w-        c:\documents and settings\All Users\Application Data\Kaspersky Lab
  129. 2010-03-15 05:41 . 2006-06-28 20:39     124803  ---ha-w-        c:\documents and settings\common\Application Data\cglogs.dat
  130. 2010-03-11 08:12 . 2010-02-16 04:55     --------        d-----w-        c:\documents and settings\All Users\Application Data\Microsoft Help
  131. 2010-03-09 02:23 . 2010-02-16 04:28     --------        d--h--w-        c:\program files\InstallShield Installation Information
  132. 2010-02-25 03:26 . 2010-02-16 04:27     --------        d-----w-        c:\program files\Common Files\InstallShield
  133. 2010-02-18 02:16 . 2010-02-16 04:07     86327   ----a-w-        c:\windows\pchealth\helpctr\OfflineCache\index.dat
  134. 2010-02-16 05:05 . 2010-02-16 05:05     --------        d-----w-        c:\program files\Microsoft Works
  135. 2010-02-16 05:04 . 2010-02-16 05:04     --------        d-----w-        c:\program files\MSBuild
  136. 2010-02-16 05:03 . 2010-02-16 04:44     95259   ----a-w-        c:\windows\system32\drivers\klick.dat
  137. 2010-02-16 05:03 . 2010-02-16 04:44     108059  ----a-w-        c:\windows\system32\drivers\klin.dat
  138. 2010-02-16 05:03 . 2007-07-18 08:39     112144  ----a-w-        c:\windows\system32\drivers\kl1.sys
  139. 2010-02-16 05:02 . 2010-02-16 05:02     715280  ----a-w-        c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.3.830\updater.dll
  140. 2010-02-16 05:02 . 2010-02-16 05:02     112144  ----a-w-        c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.3.830\X86\kl1.sys
  141. 2010-02-16 05:02 . 2010-02-16 05:02     158224  ----a-w-        c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.3.830\scrchpg.dll
  142. 2010-02-16 05:02 . 2010-02-16 05:02     201504  ----a-w-        c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.3.830\klif.sys
  143. 2010-02-16 05:02 . 2010-02-16 05:02     41488   ----a-w-        c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.3.830\fssync.dll
  144. 2010-02-16 05:02 . 2010-02-16 05:02     342544  ----a-w-        c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.3.830\ckahum.dll
  145. 2010-02-16 05:02 . 2010-02-16 05:02     231952  ----a-w-        c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.3.830\avp.exe
  146. 2010-02-16 04:43 . 2010-02-16 04:43     --------        d-----w-        c:\program files\Kaspersky Lab
  147. 2010-02-16 04:30 . 2010-02-16 04:30     --------        d-----w-        c:\program files\ATI Technologies
  148. 2010-02-16 04:28 . 2010-02-16 04:28     --------        d-----w-        c:\program files\Analog Devices
  149. 2010-02-16 04:26 . 2010-02-16 04:26     --------        d-----w-        c:\program files\Broadcom
  150. 2010-02-16 04:24 . 2010-02-16 04:24     45056   ----a-r-        c:\documents and settings\Aks-admin\Application Data\Microsoft\Installer\{2764CA82-DFB9-4498-AF85-719340BF5305}\NewShortcut1_2764CA82DFB94498AF85719340BF5305.exe
  151. 2010-02-16 04:24 . 2010-02-16 04:24     10134   ----a-r-        c:\documents and settings\Aks-admin\Application Data\Microsoft\Installer\{2764CA82-DFB9-4498-AF85-719340BF5305}\ARPPRODUCTICON.exe
  152. 2010-02-16 04:24 . 2010-02-16 04:24     --------        d-----w-        c:\program files\Dell
  153. 2010-02-16 04:08 . 2010-02-16 04:08     --------        d-----w-        c:\program files\microsoft frontpage
  154. 2010-02-16 04:05 . 2010-02-16 04:05     21640   ----a-w-        c:\windows\system32\emptyregdb.dat
  155. 2005-08-31 10:44 . 2005-08-31 10:44     581632  --sha-r-        c:\windows\system32\WindowsUpdate\plugin.dat
  156. .
  157.  
  158. (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
  159. .
  160. .
  161. *Note* empty entries & legit default entries are not shown
  162. REGEDIT4
  163.  
  164. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  165. "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-01-06 2335952]
  166.  
  167. c:\documents and settings\common\Start Menu\Programs\Startup\
  168. Empty.pif [2010-2-5 44401]
  169.  
  170. [HKLM\~\startupfolder\C:^Documents and Settings^common^Start Menu^Programs^Startup^32B35E.lnk]
  171. path=c:\documents and settings\common\Start Menu\Programs\Startup\32B35E.lnk
  172. backup=c:\windows\pss\32B35E.lnkStartup
  173.  
  174. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\32B35E]
  175. 2010-03-04 08:25        1477911 --sh--r-        c:\windows\system32\498A46\32B35E.EXE
  176.  
  177. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
  178. 2004-08-04 04:56        15360   ------w-        c:\windows\system32\ctfmon.exe
  179.  
  180. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
  181. 2010-02-18 06:34        135664  ----atw-        c:\documents and settings\common\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
  182.  
  183. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
  184. 2010-01-25 15:29        3179952 ----a-w-        c:\program files\Internet Download Manager\IDMan.exe
  185.  
  186. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
  187. "ATI Smart"=2 (0x2)
  188.  
  189. [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  190. "AntiVirusOverride"=dword:00000001
  191. "FirewallOverride"=dword:00000001
  192.  
  193. [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
  194. "DisableMonitoring"=dword:00000001
  195.  
  196. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  197. "EnableFirewall"= 0 (0x0)
  198.  
  199. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  200. "%windir%\\system32\\sessmgr.exe"=
  201. "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
  202.  
  203. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  204. "4680:TCP"= 4680:TCP:ozavsps
  205.  
  206. R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/30/2007 5:49 PM 24344]
  207. S2 fnkhqq;iuhle;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 10:56 AM 14336]
  208. S2 ppyxsjbx;Monitor Time;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 10:56 AM 14336]
  209. S2 xopaeh;Time Security;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 10:56 AM 14336]
  210. S3 kaklaq;kaklaq;\??\c:\windows\system32\06.tmp --> c:\windows\system32\06.tmp [?]
  211. S3 rmvikqac;rmvikqac;\??\c:\windows\system32\07D.tmp --> c:\windows\system32\07D.tmp [?]
  212.  
  213. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
  214. ppyxsjbx
  215.  
  216. [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4V85Q4NL-BOR5-282R-TT87-X5T45334W85I}]
  217. 2010-02-28 16:15        1241088 --sha-r-        c:\windows\rootserveyn\svhost.exe
  218. .
  219. Contents of the 'Scheduled Tasks' folder
  220.  
  221. 2010-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1123561945-839522115-1004UA.job
  222. - c:\documents and settings\common\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-18 06:34]
  223. .
  224. .
  225. ------- Supplementary Scan -------
  226. .
  227. uStart Page = hxxp://www.google.com/
  228. IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
  229. LSP: c:\windows\system32\idmmbc.dll
  230. Trusted Zone: microsoft.com\windowsupdate
  231. TCP: {0EB31EFF-1810-407A-A490-266899FE6433} = 202.53.160.6,202.53.160.7
  232. FF - ProfilePath -
  233.  
  234. ---- FIREFOX POLICIES ----
  235. c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
  236. c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
  237. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
  238. c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
  239. c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
  240. c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
  241. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
  242. c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
  243. c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
  244. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
  245. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
  246. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
  247. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
  248. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
  249. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
  250. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
  251. c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
  252. c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
  253. c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
  254. c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
  255. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
  256. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
  257. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
  258. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
  259. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
  260. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
  261. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
  262. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
  263. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
  264. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
  265. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
  266. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
  267. .
  268. - - - - ORPHANS REMOVED - - - -
  269.  
  270. MSConfigStartUp-HKCU - c:\windows\system32\System32\iexplorerupdate.exe
  271. MSConfigStartUp-HKLM - c:\windows\system32\System32\iexplorerupdate.exe
  272. MSConfigStartUp-Server - c:\documents and settings\common\Application Data\Server.exe
  273. ActiveSetup-{825HQVO7-IJKC-FW3S-5V8L-JA8037Q8CV4O} - c:\windows\system32\System32\iexplorerupdate.exe
  274. ActiveSetup-{J11478O3-P45Q-18Q1-0YF8-554L3FH3EO6V} - c:\windows\system32\explorer\explorer.exe
  275.  
  276.  
  277.  
  278. **************************************************************************
  279.  
  280. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  281. Rootkit scan 2010-03-15 14:55
  282. Windows 5.1.2600 Service Pack 2 NTFS
  283.  
  284. scanning hidden processes ...  
  285.  
  286. scanning hidden autostart entries ...
  287.  
  288. scanning hidden files ...  
  289.  
  290. scan completed successfully
  291. hidden files: 0
  292.  
  293. **************************************************************************
  294.  
  295. [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kaklaq]
  296. "ImagePath"="\??\c:\windows\system32\06.tmp"
  297.  
  298. [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rmvikqac]
  299. "ImagePath"="\??\c:\windows\system32\07D.tmp"
  300.  
  301. [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fnkhqq]
  302. "ServiceDll"="c:\windows\system32\uudxfvab.dll"
  303. --
  304.  
  305. [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ppyxsjbx]
  306. "ServiceDll"="c:\windows\system32\uudxfvab.dll"
  307. --
  308.  
  309. [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xopaeh]
  310. "ServiceDll"="c:\windows\system32\uudxfvab.dll"
  311. .
  312. --------------------- LOCKED REGISTRY KEYS ---------------------
  313.  
  314. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
  315. @Denied: (Full) (Everyone)
  316. "scansk"=hex(0):8d,fe,d9,93,25,f8,17,83,1f,f9,4b,2f,e1,10,30,00,e0,60,4c,6c,e5,
  317.    51,a0,49,df,f4,2b,5a,e7,05,f4,43,58,35,29,e5,d4,2e,c9,12,00,00,00,00,00,00,\
  318.  
  319. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d40da671-cd42-4b04-a650-6771070317ac}]
  320. @Denied: (Full) (Everyone)
  321. "Model"=dword:00000049
  322. "Therad"=dword:00000013
  323. .
  324. --------------------- DLLs Loaded Under Running Processes ---------------------
  325.  
  326. - - - - - - - > 'winlogon.exe'(1044)
  327. c:\windows\system32\Ati2evxx.dll
  328. c:\windows\system32\klogon.dll
  329.  
  330. - - - - - - - > 'lsass.exe'(1100)
  331. c:\windows\system32\idmmbc.dll
  332.  
  333. - - - - - - - > 'explorer.exe'(1908)
  334. c:\windows\system32\idmmbc.dll
  335. .
  336. ------------------------ Other Running Processes ------------------------
  337. .
  338. c:\windows\system32\Ati2evxx.exe
  339. c:\windows\system32\Ati2evxx.exe
  340. c:\windows\system32\wscntfy.exe
  341. .
  342. **************************************************************************
  343. .
  344. Completion time: 2010-03-15  14:57:05 - machine was rebooted
  345. ComboFix-quarantined-files.txt  2010-03-15 08:57
  346.  
  347. Pre-Run: 21,002,465,280 bytes free
  348. Post-Run: 20,924,719,104 bytes free
  349.  
  350. - - End Of File - - 0134CA7825632A10A23DAB1010C8A314
create new paste | create new version of this paste RAW Paste Data