View difference between Paste ID: epW0C2Kh and
SHOW:
|
|
- or go back to the newest paste.
1 | - | |
1 | + | ComboFix 10-03-14.01 - goran07 15.03.2010 11:14:20.4.2 - x86 |
2 | Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.3070.2599 [GMT 1:00] | |
3 | Running from: c:\documents and settings\goran07\Desktop\ComboFix.exe | |
4 | Command switches used :: c:\documents and settings\goran07\Desktop\CFScript.txt | |
5 | AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} | |
6 | * Resident AV is active | |
7 | ||
8 | . | |
9 | The following files were disabled during the run: | |
10 | c:\windows\TEMP\logishrd\LVPrcInj01.dll | |
11 | ||
12 | ||
13 | ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) | |
14 | . | |
15 | ||
16 | c:\windows\TEMP\logishrd\LVPrcInj01.dll | |
17 | c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . failed to delete | |
18 | ||
19 | . | |
20 | --------------- FCopy --------------- | |
21 | ||
22 | c:\windows\ERDNT\cache\atapi.sys --> c:\windows\system32\drivers\atapi.sys | |
23 | . | |
24 | ((((((((((((((((((((((((( Files Created from 2010-02-15 to 2010-03-15 ))))))))))))))))))))))))))))))) | |
25 | . | |
26 | ||
27 | 2010-03-14 14:50 . 2010-03-14 14:50 -------- d-----w- C:\_OTL | |
28 | 2010-03-13 07:22 . 2010-03-14 15:53 517840 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat | |
29 | 2010-03-12 12:59 . 2010-03-12 12:59 36864 ----a-w- c:\documents and settings\goran07\Application Data\Autodesk\AutoCAD 2010\R18.0\enu\ContextualTabSelectorRules.dll | |
30 | 2010-03-12 12:58 . 2010-03-12 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet | |
31 | 2010-03-12 12:49 . 2010-03-12 12:49 -------- d-----w- c:\program files\Common Files\Macrovision Shared | |
32 | 2010-03-12 12:47 . 2010-03-12 12:59 -------- d-----w- c:\documents and settings\goran07\Application Data\Autodesk | |
33 | 2010-03-12 12:47 . 2010-03-12 12:50 -------- d-----w- c:\program files\Common Files\Autodesk Shared | |
34 | 2010-03-12 12:47 . 2010-03-12 12:50 -------- d-----w- c:\program files\AutoCAD 2010 | |
35 | 2010-03-12 12:47 . 2010-03-12 12:47 -------- d-----w- c:\documents and settings\goran07\Local Settings\Application Data\Autodesk | |
36 | 2010-03-12 12:47 . 2010-03-12 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk | |
37 | 2010-03-09 08:19 . 2010-03-09 08:40 -------- d-----w- c:\program files\PhotoScape | |
38 | 2010-03-08 18:16 . 2010-03-08 18:16 -------- d-----w- c:\program files\FastStone Image Viewer | |
39 | 2010-02-23 09:37 . 2010-02-23 09:37 -------- d-----w- c:\program files\Lavalys | |
40 | 2010-02-22 18:28 . 2010-02-22 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation | |
41 | 2010-02-22 18:28 . 2010-02-22 18:28 -------- d-----w- c:\program files\NVIDIA Corporation | |
42 | 2010-02-22 18:27 . 2010-01-12 04:03 61440 ----a-w- c:\windows\system32\OpenCL.dll | |
43 | 2010-02-22 18:27 . 2010-01-12 04:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll | |
44 | 2010-02-22 18:27 . 2010-01-12 04:03 2259560 ----a-w- c:\windows\system32\nvcuvid.dll | |
45 | 2010-02-22 18:27 . 2010-01-12 04:03 2283526 ----a-w- c:\windows\system32\nvdata.bin | |
46 | 2010-02-22 18:27 . 2010-01-12 04:03 11632640 ----a-w- c:\windows\system32\nvcompiler.dll | |
47 | 2010-02-22 18:27 . 2010-02-22 18:27 -------- d-----w- C:\NVIDIA | |
48 | 2010-02-22 16:51 . 2010-02-22 18:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard | |
49 | 2010-02-22 16:36 . 2010-02-23 07:37 -------- d-----w- c:\program files\Common Files\BioWare | |
50 | 2010-02-22 16:30 . 2010-02-22 17:39 -------- d-----w- c:\program files\DAEMON Tools Lite | |
51 | 2010-02-14 13:02 . 2010-02-17 10:13 -------- d-----w- c:\program files\Call of Duty | |
52 | 2010-02-14 12:23 . 2010-02-22 16:31 -------- d-----w- c:\program files\DAEMON Tools Toolbar | |
53 | 2010-02-14 12:23 . 2010-02-14 12:23 691696 ----a-w- c:\windows\system32\drivers\sptd.sys | |
54 | 2010-02-14 12:22 . 2010-02-14 12:36 -------- d-----w- c:\documents and settings\goran07\Application Data\DAEMON Tools Lite | |
55 | 2010-02-14 12:20 . 2010-02-14 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite | |
56 | 2010-02-14 11:45 . 2010-02-14 11:45 -------- d-----w- c:\documents and settings\goran07\Application Data\DAEMON Tools Pro | |
57 | ||
58 | . | |
59 | (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) | |
60 | . | |
61 | 2010-03-12 12:57 . 2009-04-09 20:18 116904 ----a-w- c:\documents and settings\goran07\Local Settings\Application Data\GDIPFONTCACHEV1.DAT | |
62 | 2010-03-08 18:59 . 2009-11-29 16:28 -------- d-----w- c:\program files\Windows Live Safety Center | |
63 | 2010-03-08 18:11 . 2009-04-15 17:46 -------- d-----w- c:\program files\Google | |
64 | 2010-03-08 18:02 . 2009-05-09 17:38 -------- d-----w- c:\documents and settings\goran07\Application Data\FastStone | |
65 | 2010-02-24 15:36 . 2009-04-10 18:09 -------- d--h--w- c:\program files\InstallShield Installation Information | |
66 | 2010-02-22 18:28 . 2009-10-25 14:22 -------- d-----w- c:\program files\AGEIA Technologies | |
67 | 2010-02-12 08:56 . 2010-02-12 08:54 -------- d-----w- c:\program files\3D Driving-School | |
68 | 2010-02-10 19:26 . 2010-02-10 19:26 -------- d-----w- c:\program files\Room Arranger | |
69 | 2010-02-10 16:54 . 2010-02-10 16:54 -------- d-----w- c:\program files\Mobi3D DEMO | |
70 | 2010-02-10 16:54 . 2009-04-22 19:30 737280 ----a-w- c:\windows\iun6002.exe | |
71 | 2010-02-10 11:17 . 2009-04-15 18:20 -------- d-----w- c:\program files\Common Files\Adobe | |
72 | 2010-02-09 18:41 . 2010-02-09 18:41 -------- d-----w- c:\documents and settings\goran07\Application Data\Apple Computer | |
73 | 2010-02-09 17:31 . 2010-02-09 17:30 -------- d-----w- c:\program files\QuickTime | |
74 | 2010-02-09 17:30 . 2010-02-09 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer | |
75 | 2010-02-09 17:30 . 2010-02-09 17:30 -------- d-----w- c:\program files\Common Files\Apple | |
76 | 2010-02-09 17:30 . 2010-02-09 17:30 -------- d-----w- c:\program files\Apple Software Update | |
77 | 2010-02-09 17:30 . 2010-02-09 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple | |
78 | 2010-02-07 20:44 . 2010-02-07 20:33 -------- d-----w- c:\documents and settings\goran07\Application Data\foobar2000 | |
79 | 2010-02-07 20:38 . 2010-02-07 20:38 -------- d-----w- c:\program files\MP4 Player | |
80 | 2010-02-07 20:33 . 2010-02-07 20:33 -------- d-----w- c:\program files\foobar2000 | |
81 | 2010-02-02 19:41 . 2009-05-04 19:50 -------- d-----w- c:\program files\K-Lite Codec Pack | |
82 | 2010-02-02 18:13 . 2010-02-02 18:13 -------- d-----w- c:\program files\ESET | |
83 | 2010-02-01 20:03 . 2010-02-01 20:03 -------- d-----w- c:\program files\SPCA1528 | |
84 | 2010-01-30 12:05 . 2009-08-20 13:45 -------- d-----w- c:\program files\AIMP2 | |
85 | 2010-01-29 20:27 . 2010-01-29 20:27 71168 ----a-w- c:\windows\WinLibrary.EXE | |
86 | 2010-01-29 20:27 . 2010-01-29 20:27 560030 ----a-w- c:\windows\Winfuntion.exe | |
87 | 2010-01-29 08:31 . 2009-08-20 13:46 -------- d-----w- c:\documents and settings\goran07\Application Data\AIMP | |
88 | 2010-01-15 18:19 . 2009-07-02 18:53 -------- d-----w- c:\program files\Opera | |
89 | 2010-01-12 04:03 . 2009-04-10 18:39 592488 ----a-w- c:\windows\system32\nvudisp.exe | |
90 | 2010-01-12 04:03 . 2009-04-10 18:38 14458880 ----a-w- c:\windows\system32\nvoglnt.dll | |
91 | 2010-01-12 04:03 . 2009-04-10 18:38 4104192 ----a-w- c:\windows\system32\nvcuda.dll | |
92 | 2010-01-12 04:03 . 2009-04-10 18:38 182888 ----a-w- c:\windows\system32\nvcodins.dll | |
93 | 2010-01-12 04:03 . 2009-04-10 18:38 182888 ----a-w- c:\windows\system32\nvcod.dll | |
94 | 2010-01-12 04:03 . 2009-04-10 18:38 1081344 ----a-w- c:\windows\system32\nvapi.dll | |
95 | 2010-01-12 04:03 . 2009-04-09 20:15 6359168 ----a-w- c:\windows\system32\nv4_disp.dll | |
96 | 2010-01-12 04:03 . 2009-04-09 20:14 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys | |
97 | 2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll | |
98 | 2010-01-11 21:17 . 2010-01-11 21:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe | |
99 | 2010-01-11 21:17 . 2010-01-11 21:17 145000 ----a-w- c:\windows\system32\nvcolor.exe | |
100 | 2010-01-11 21:17 . 2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll | |
101 | 2010-01-11 21:17 . 2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll | |
102 | 2010-01-11 21:17 . 2010-01-11 21:17 81920 ----a-w- c:\windows\system32\nvwddi.dll | |
103 | 2010-01-01 20:27 . 2010-01-01 20:27 40 ---ha-w- c:\windows\system32\ezsidmv.dat | |
104 | 2009-12-22 18:39 . 2009-12-22 18:39 922112 ------w- c:\windows\system32\imapi2fs.dll | |
105 | 2009-12-22 18:39 . 2009-12-22 18:39 426496 ------w- c:\windows\system32\imapi2.dll | |
106 | . | |
107 | ||
108 | ((((((((((((((((((((((((((((( SnapShot@2010-03-14_19.07.11 ))))))))))))))))))))))))))))))))))))))))) | |
109 | . | |
110 | + 2010-03-15 10:18 . 2010-03-15 10:18 16384 c:\windows\temp\Perflib_Perfdata_1d0.dat | |
111 | . | |
112 | ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) | |
113 | . | |
114 | . | |
115 | *Note* empty entries & legit default entries are not shown | |
116 | REGEDIT4 | |
117 | ||
118 | [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] | |
119 | "TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2008-12-11 155904] | |
120 | "MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2007-09-19 639488] | |
121 | ||
122 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] | |
123 | "RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600] | |
124 | "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-16 198160] | |
125 | "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] | |
126 | "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] | |
127 | "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] | |
128 | "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408] | |
129 | "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696] | |
130 | "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080] | |
131 | ||
132 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] | |
133 | @="Driver" | |
134 | ||
135 | [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] | |
136 | "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background | |
137 | "ctfmon.exe"=c:\windows\system32\ctfmon.exe | |
138 | "RGSC"=e:\g t a instalacija\Rockstar Games Social Club\RGSCLauncher.exe /silent | |
139 | "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray | |
140 | "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background | |
141 | ||
142 | [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] | |
143 | "H2O"=c:\program files\SyncroSoft\Pos\H2O\cledx.exe | |
144 | "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot | |
145 | ||
146 | [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] | |
147 | "%windir%\\Network Diagnostic\\xpnetdiag.exe"= | |
148 | "%windir%\\system32\\sessmgr.exe"= | |
149 | "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= | |
150 | "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= | |
151 | "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= | |
152 | "c:\\WINDOWS\\system32\\PnkBstrA.exe"= | |
153 | "c:\\WINDOWS\\system32\\PnkBstrB.exe"= | |
154 | "e:\\G T A INSTALACIJA\\Grand Theft Auto IV\\LaunchGTAIV.exe"= | |
155 | "e:\\G T A INSTALACIJA\\Grand Theft Auto IV\\GTAIV.exe"= | |
156 | "e:\\G T A INSTALACIJA\\Rockstar Games Social Club\\RGSCLauncher.exe"= | |
157 | "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= | |
158 | "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= | |
159 | "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= | |
160 | "e:\\programi\\NOVOMATIC Multi-Gaminator 22in1\\game.exe"= | |
161 | "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= | |
162 | "c:\\Program Files\\Skype\\Phone\\Skype.exe"= | |
163 | "c:\\Program Files\\Opera\\opera.exe"= | |
164 | "e:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"= | |
165 | "e:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"= | |
166 | "e:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"= | |
167 | ||
168 | R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [7/5/2006 1:46 PM 63352] | |
169 | R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 4:11 PM 35328] | |
170 | R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 35168] | |
171 | R1 f4cd7848-3e92-4732-80a1-63c7ed58f8ac;f4cd7848-3e92-4732-80a1-63c7ed58f8ac;c:\windows\iprot\f4cd7848-3e92-4732-80a1-63c7ed58f8ac\PhysMem.sys [12/8/2009 1:39 PM 3584] | |
172 | R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 472280] | |
173 | R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [11/25/2009 7:06 PM 33792] | |
174 | S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\drivers\Ca1528av.sys [2/1/2010 9:03 PM 516480] | |
175 | S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/8/2010 5:30 PM 135664] | |
176 | S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\drivers\Bulk1528.sys [2/1/2010 9:03 PM 11648] | |
177 | S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/14/2010 1:23 PM 691696] | |
178 | ||
179 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs | |
180 | UxTuneUp | |
181 | . | |
182 | Contents of the 'Scheduled Tasks' folder | |
183 | ||
184 | 2010-03-15 c:\windows\Tasks\1-Click Maintenance.job | |
185 | - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36] | |
186 | ||
187 | 2010-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job | |
188 | - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] | |
189 | ||
190 | 2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job | |
191 | - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 16:30] | |
192 | ||
193 | 2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job | |
194 | - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 16:30] | |
195 | . | |
196 | . | |
197 | ------- Supplementary Scan ------- | |
198 | . | |
199 | uStart Page = hxxp://search.babylon.com/home | |
200 | mLocal Page = | |
201 | IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 | |
202 | IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html | |
203 | IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html | |
204 | IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html | |
205 | IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html | |
206 | IE: {{4C826F10-D34B-4ba8-B609-1FB8C6482A05} - c:\casino\Europa Casino\casino.exe | |
207 | DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab | |
208 | DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab | |
209 | FF - ProfilePath - c:\documents and settings\goran07\Application Data\Mozilla\Firefox\Profiles\6a0uklg8.default\ | |
210 | FF - prefs.js: browser.search.defaulturl - | |
211 | FF - prefs.js: browser.startup.homepage - hxxp://192.168.1.1/index.cgi?active_page=page_home&prev_page=page_login&has_param=1&req_mode=0&mimic_button_field=submit_button_login_submit%3a+..&strip_page_top=0&button_value= | |
212 | FF - component: c:\documents and settings\goran07\Application Data\Mozilla\Firefox\Profiles\6a0uklg8.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll | |
213 | FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll | |
214 | FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll | |
215 | ||
216 | ---- FIREFOX POLICIES ---- | |
217 | FF - user.js: network.http.max-connections-per-server - 6 | |
218 | FF - user.js: network.http.max-persistent-connections-per-server - 3 | |
219 | FF - user.js: nglayout.initialpaint.delay - 750 | |
220 | c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); | |
221 | c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); | |
222 | c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); | |
223 | c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); | |
224 | c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); | |
225 | c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); | |
226 | c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); | |
227 | c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); | |
228 | c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); | |
229 | c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); | |
230 | c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); | |
231 | c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); | |
232 | c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); | |
233 | c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); | |
234 | c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); | |
235 | c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); | |
236 | c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); | |
237 | c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); | |
238 | c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); | |
239 | c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); | |
240 | c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); | |
241 | c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); | |
242 | c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); | |
243 | c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); | |
244 | c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); | |
245 | c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); | |
246 | c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); | |
247 | c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); | |
248 | c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); | |
249 | c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); | |
250 | c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); | |
251 | c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); | |
252 | . | |
253 | ||
254 | ************************************************************************** | |
255 | ||
256 | catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net | |
257 | Rootkit scan 2010-03-15 11:21 | |
258 | Windows 5.1.2600 Service Pack 3 NTFS | |
259 | ||
260 | scanning hidden processes ... | |
261 | ||
262 | scanning hidden autostart entries ... | |
263 | ||
264 | scanning hidden files ... | |
265 | ||
266 | scan completed successfully | |
267 | hidden files: 0 | |
268 | ||
269 | ************************************************************************** | |
270 | ||
271 | Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net | |
272 | ||
273 | device: opened successfully | |
274 | user: MBR read successfully | |
275 | called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync03.sys >>UNKNOWN [0x8AAD28E0]<< | |
276 | kernel: MBR read successfully | |
277 | detected MBR rootkit hooks: | |
278 | \Driver\Disk -> CLASSPNP.SYS @ 0xf764bf28 | |
279 | \Driver\ACPI -> ACPI.sys @ 0xf75aecb8 | |
280 | \Driver\atapi -> sfsync03.sys @ 0xf761895c | |
281 | IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e6686 | |
282 | ParseProcedure -> TUKERNEL.EXE @ 0x8057b6b9 | |
283 | \Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e6686 | |
284 | ParseProcedure -> TUKERNEL.EXE @ 0x8057b6b9 | |
285 | NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf787fbb0 | |
286 | PacketIndicateHandler -> NDIS.sys @ 0xf788ca21 | |
287 | SendHandler -> NDIS.sys @ 0xf786a87b | |
288 | user & kernel MBR OK | |
289 | ||
290 | ************************************************************************** | |
291 | . | |
292 | --------------------- LOCKED REGISTRY KEYS --------------------- | |
293 | ||
294 | [HKEY_USERS\S-1-5-21-515967899-1979792683-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] | |
295 | @Allowed: (Read) (RestrictedCode) | |
296 | @Allowed: (Read) (RestrictedCode) | |
297 | ||
298 | [HKEY_USERS\S-1-5-21-515967899-1979792683-839522115-1003\Software\SecuROM\License information*] | |
299 | "datasecu"=hex:d7,c0,b4,20,9d,b8,ac,ba,fd,9e,9b,1e,fb,99,00,32,7b,09,af,78,2b, | |
300 | c0,8c,e2,c0,c5,35,7a,36,60,bc,a7,3f,a5,9c,63,f6,d1,f0,40,62,29,8d,f4,18,03,\ | |
301 | "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb | |
302 | . | |
303 | --------------------- DLLs Loaded Under Running Processes --------------------- | |
304 | ||
305 | - - - - - - - > 'explorer.exe'(7416) | |
306 | c:\windows\TEMP\logishrd\LVPrcInj01.dll | |
307 | c:\windows\system32\msi.dll | |
308 | c:\windows\system32\WPDShServiceObj.dll | |
309 | c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll | |
310 | c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL | |
311 | c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr | |
312 | c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr | |
313 | c:\windows\system32\PortableDeviceTypes.dll | |
314 | c:\windows\system32\PortableDeviceApi.dll | |
315 | . | |
316 | ------------------------ Other Running Processes ------------------------ | |
317 | . | |
318 | c:\windows\system32\nvsvc32.exe | |
319 | c:\program files\Java\jre6\bin\jqs.exe | |
320 | c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe | |
321 | c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe | |
322 | c:\windows\system32\PnkBstrA.exe | |
323 | c:\windows\System32\TUProgSt.exe | |
324 | c:\windows\system32\wscntfy.exe | |
325 | c:\windows\RTHDCPL.EXE | |
326 | c:\windows\system32\RUNDLL32.EXE | |
327 | . | |
328 | ************************************************************************** | |
329 | . | |
330 | Completion time: 2010-03-15 11:22:57 - machine was rebooted | |
331 | ComboFix-quarantined-files.txt 2010-03-15 10:22 | |
332 | ComboFix2.txt 2010-03-14 19:09 | |
333 | ||
334 | Pre-Run: 17.346.813.952 bytes free | |
335 | Post-Run: 17.301.098.496 bytes free | |
336 | ||
337 | - - End Of File - - FE471959DD4154567E34B30A6A614770 |