API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 15th, 2010
514
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 21.47 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 10-03-14.01 - goran07 15.03.2010 11:14:20.4.2 - x86
  2. Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.3070.2599 [GMT 1:00]
  3. Running from: c:\documents and settings\goran07\Desktop\ComboFix.exe
  4. Command switches used :: c:\documents and settings\goran07\Desktop\CFScript.txt
  5. AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
  6. * Resident AV is active
  7.  
  8. .
  9. The following files were disabled during the run:
  10. c:\windows\TEMP\logishrd\LVPrcInj01.dll
  11.  
  12.  
  13. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  14. .
  15.  
  16. c:\windows\TEMP\logishrd\LVPrcInj01.dll
  17. c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . failed to delete
  18.  
  19. .
  20. --------------- FCopy ---------------
  21.  
  22. c:\windows\ERDNT\cache\atapi.sys --> c:\windows\system32\drivers\atapi.sys
  23. .
  24. ((((((((((((((((((((((((( Files Created from 2010-02-15 to 2010-03-15 )))))))))))))))))))))))))))))))
  25. .
  26.  
  27. 2010-03-14 14:50 . 2010-03-14 14:50 -------- d-----w- C:\_OTL
  28. 2010-03-13 07:22 . 2010-03-14 15:53 517840 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
  29. 2010-03-12 12:59 . 2010-03-12 12:59 36864 ----a-w- c:\documents and settings\goran07\Application Data\Autodesk\AutoCAD 2010\R18.0\enu\ContextualTabSelectorRules.dll
  30. 2010-03-12 12:58 . 2010-03-12 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
  31. 2010-03-12 12:49 . 2010-03-12 12:49 -------- d-----w- c:\program files\Common Files\Macrovision Shared
  32. 2010-03-12 12:47 . 2010-03-12 12:59 -------- d-----w- c:\documents and settings\goran07\Application Data\Autodesk
  33. 2010-03-12 12:47 . 2010-03-12 12:50 -------- d-----w- c:\program files\Common Files\Autodesk Shared
  34. 2010-03-12 12:47 . 2010-03-12 12:50 -------- d-----w- c:\program files\AutoCAD 2010
  35. 2010-03-12 12:47 . 2010-03-12 12:47 -------- d-----w- c:\documents and settings\goran07\Local Settings\Application Data\Autodesk
  36. 2010-03-12 12:47 . 2010-03-12 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
  37. 2010-03-09 08:19 . 2010-03-09 08:40 -------- d-----w- c:\program files\PhotoScape
  38. 2010-03-08 18:16 . 2010-03-08 18:16 -------- d-----w- c:\program files\FastStone Image Viewer
  39. 2010-02-23 09:37 . 2010-02-23 09:37 -------- d-----w- c:\program files\Lavalys
  40. 2010-02-22 18:28 . 2010-02-22 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
  41. 2010-02-22 18:28 . 2010-02-22 18:28 -------- d-----w- c:\program files\NVIDIA Corporation
  42. 2010-02-22 18:27 . 2010-01-12 04:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
  43. 2010-02-22 18:27 . 2010-01-12 04:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
  44. 2010-02-22 18:27 . 2010-01-12 04:03 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
  45. 2010-02-22 18:27 . 2010-01-12 04:03 2283526 ----a-w- c:\windows\system32\nvdata.bin
  46. 2010-02-22 18:27 . 2010-01-12 04:03 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
  47. 2010-02-22 18:27 . 2010-02-22 18:27 -------- d-----w- C:\NVIDIA
  48. 2010-02-22 16:51 . 2010-02-22 18:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
  49. 2010-02-22 16:36 . 2010-02-23 07:37 -------- d-----w- c:\program files\Common Files\BioWare
  50. 2010-02-22 16:30 . 2010-02-22 17:39 -------- d-----w- c:\program files\DAEMON Tools Lite
  51. 2010-02-14 13:02 . 2010-02-17 10:13 -------- d-----w- c:\program files\Call of Duty
  52. 2010-02-14 12:23 . 2010-02-22 16:31 -------- d-----w- c:\program files\DAEMON Tools Toolbar
  53. 2010-02-14 12:23 . 2010-02-14 12:23 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
  54. 2010-02-14 12:22 . 2010-02-14 12:36 -------- d-----w- c:\documents and settings\goran07\Application Data\DAEMON Tools Lite
  55. 2010-02-14 12:20 . 2010-02-14 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
  56. 2010-02-14 11:45 . 2010-02-14 11:45 -------- d-----w- c:\documents and settings\goran07\Application Data\DAEMON Tools Pro
  57.  
  58. .
  59. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  60. .
  61. 2010-03-12 12:57 . 2009-04-09 20:18 116904 ----a-w- c:\documents and settings\goran07\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
  62. 2010-03-08 18:59 . 2009-11-29 16:28 -------- d-----w- c:\program files\Windows Live Safety Center
  63. 2010-03-08 18:11 . 2009-04-15 17:46 -------- d-----w- c:\program files\Google
  64. 2010-03-08 18:02 . 2009-05-09 17:38 -------- d-----w- c:\documents and settings\goran07\Application Data\FastStone
  65. 2010-02-24 15:36 . 2009-04-10 18:09 -------- d--h--w- c:\program files\InstallShield Installation Information
  66. 2010-02-22 18:28 . 2009-10-25 14:22 -------- d-----w- c:\program files\AGEIA Technologies
  67. 2010-02-12 08:56 . 2010-02-12 08:54 -------- d-----w- c:\program files\3D Driving-School
  68. 2010-02-10 19:26 . 2010-02-10 19:26 -------- d-----w- c:\program files\Room Arranger
  69. 2010-02-10 16:54 . 2010-02-10 16:54 -------- d-----w- c:\program files\Mobi3D DEMO
  70. 2010-02-10 16:54 . 2009-04-22 19:30 737280 ----a-w- c:\windows\iun6002.exe
  71. 2010-02-10 11:17 . 2009-04-15 18:20 -------- d-----w- c:\program files\Common Files\Adobe
  72. 2010-02-09 18:41 . 2010-02-09 18:41 -------- d-----w- c:\documents and settings\goran07\Application Data\Apple Computer
  73. 2010-02-09 17:31 . 2010-02-09 17:30 -------- d-----w- c:\program files\QuickTime
  74. 2010-02-09 17:30 . 2010-02-09 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
  75. 2010-02-09 17:30 . 2010-02-09 17:30 -------- d-----w- c:\program files\Common Files\Apple
  76. 2010-02-09 17:30 . 2010-02-09 17:30 -------- d-----w- c:\program files\Apple Software Update
  77. 2010-02-09 17:30 . 2010-02-09 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
  78. 2010-02-07 20:44 . 2010-02-07 20:33 -------- d-----w- c:\documents and settings\goran07\Application Data\foobar2000
  79. 2010-02-07 20:38 . 2010-02-07 20:38 -------- d-----w- c:\program files\MP4 Player
  80. 2010-02-07 20:33 . 2010-02-07 20:33 -------- d-----w- c:\program files\foobar2000
  81. 2010-02-02 19:41 . 2009-05-04 19:50 -------- d-----w- c:\program files\K-Lite Codec Pack
  82. 2010-02-02 18:13 . 2010-02-02 18:13 -------- d-----w- c:\program files\ESET
  83. 2010-02-01 20:03 . 2010-02-01 20:03 -------- d-----w- c:\program files\SPCA1528
  84. 2010-01-30 12:05 . 2009-08-20 13:45 -------- d-----w- c:\program files\AIMP2
  85. 2010-01-29 20:27 . 2010-01-29 20:27 71168 ----a-w- c:\windows\WinLibrary.EXE
  86. 2010-01-29 20:27 . 2010-01-29 20:27 560030 ----a-w- c:\windows\Winfuntion.exe
  87. 2010-01-29 08:31 . 2009-08-20 13:46 -------- d-----w- c:\documents and settings\goran07\Application Data\AIMP
  88. 2010-01-15 18:19 . 2009-07-02 18:53 -------- d-----w- c:\program files\Opera
  89. 2010-01-12 04:03 . 2009-04-10 18:39 592488 ----a-w- c:\windows\system32\nvudisp.exe
  90. 2010-01-12 04:03 . 2009-04-10 18:38 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
  91. 2010-01-12 04:03 . 2009-04-10 18:38 4104192 ----a-w- c:\windows\system32\nvcuda.dll
  92. 2010-01-12 04:03 . 2009-04-10 18:38 182888 ----a-w- c:\windows\system32\nvcodins.dll
  93. 2010-01-12 04:03 . 2009-04-10 18:38 182888 ----a-w- c:\windows\system32\nvcod.dll
  94. 2010-01-12 04:03 . 2009-04-10 18:38 1081344 ----a-w- c:\windows\system32\nvapi.dll
  95. 2010-01-12 04:03 . 2009-04-09 20:15 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
  96. 2010-01-12 04:03 . 2009-04-09 20:14 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
  97. 2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
  98. 2010-01-11 21:17 . 2010-01-11 21:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
  99. 2010-01-11 21:17 . 2010-01-11 21:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
  100. 2010-01-11 21:17 . 2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
  101. 2010-01-11 21:17 . 2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
  102. 2010-01-11 21:17 . 2010-01-11 21:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
  103. 2010-01-01 20:27 . 2010-01-01 20:27 40 ---ha-w- c:\windows\system32\ezsidmv.dat
  104. 2009-12-22 18:39 . 2009-12-22 18:39 922112 ------w- c:\windows\system32\imapi2fs.dll
  105. 2009-12-22 18:39 . 2009-12-22 18:39 426496 ------w- c:\windows\system32\imapi2.dll
  106. .
  107.  
  108. ((((((((((((((((((((((((((((( SnapShot@2010-03-14_19.07.11 )))))))))))))))))))))))))))))))))))))))))
  109. .
  110. + 2010-03-15 10:18 . 2010-03-15 10:18 16384 c:\windows\temp\Perflib_Perfdata_1d0.dat
  111. .
  112. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  113. .
  114. .
  115. *Note* empty entries & legit default entries are not shown
  116. REGEDIT4
  117.  
  118. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  119. "TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2008-12-11 155904]
  120. "MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2007-09-19 639488]
  121.  
  122. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  123. "RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
  124. "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-16 198160]
  125. "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
  126. "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
  127. "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
  128. "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
  129. "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
  130. "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
  131.  
  132. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
  133. @="Driver"
  134.  
  135. [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
  136. "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
  137. "ctfmon.exe"=c:\windows\system32\ctfmon.exe
  138. "RGSC"=e:\g t a instalacija\Rockstar Games Social Club\RGSCLauncher.exe /silent
  139. "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
  140. "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
  141.  
  142. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
  143. "H2O"=c:\program files\SyncroSoft\Pos\H2O\cledx.exe
  144. "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
  145.  
  146. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  147. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  148. "%windir%\\system32\\sessmgr.exe"=
  149. "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
  150. "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
  151. "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  152. "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
  153. "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
  154. "e:\\G T A INSTALACIJA\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
  155. "e:\\G T A INSTALACIJA\\Grand Theft Auto IV\\GTAIV.exe"=
  156. "e:\\G T A INSTALACIJA\\Rockstar Games Social Club\\RGSCLauncher.exe"=
  157. "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
  158. "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
  159. "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
  160. "e:\\programi\\NOVOMATIC Multi-Gaminator 22in1\\game.exe"=
  161. "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
  162. "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
  163. "c:\\Program Files\\Opera\\opera.exe"=
  164. "e:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
  165. "e:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
  166. "e:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
  167.  
  168. R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [7/5/2006 1:46 PM 63352]
  169. R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 4:11 PM 35328]
  170. R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 35168]
  171. R1 f4cd7848-3e92-4732-80a1-63c7ed58f8ac;f4cd7848-3e92-4732-80a1-63c7ed58f8ac;c:\windows\iprot\f4cd7848-3e92-4732-80a1-63c7ed58f8ac\PhysMem.sys [12/8/2009 1:39 PM 3584]
  172. R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 472280]
  173. R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [11/25/2009 7:06 PM 33792]
  174. S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\drivers\Ca1528av.sys [2/1/2010 9:03 PM 516480]
  175. S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/8/2010 5:30 PM 135664]
  176. S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\drivers\Bulk1528.sys [2/1/2010 9:03 PM 11648]
  177. S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/14/2010 1:23 PM 691696]
  178.  
  179. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
  180. UxTuneUp
  181. .
  182. Contents of the 'Scheduled Tasks' folder
  183.  
  184. 2010-03-15 c:\windows\Tasks\1-Click Maintenance.job
  185. - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
  186.  
  187. 2010-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
  188. - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
  189.  
  190. 2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  191. - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 16:30]
  192.  
  193. 2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  194. - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 16:30]
  195. .
  196. .
  197. ------- Supplementary Scan -------
  198. .
  199. uStart Page = hxxp://search.babylon.com/home
  200. mLocal Page =
  201. IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
  202. IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
  203. IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
  204. IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
  205. IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
  206. IE: {{4C826F10-D34B-4ba8-B609-1FB8C6482A05} - c:\casino\Europa Casino\casino.exe
  207. DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
  208. DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
  209. FF - ProfilePath - c:\documents and settings\goran07\Application Data\Mozilla\Firefox\Profiles\6a0uklg8.default\
  210. FF - prefs.js: browser.search.defaulturl -
  211. FF - prefs.js: browser.startup.homepage - hxxp://192.168.1.1/index.cgi?active_page=page_home&prev_page=page_login&has_param=1&req_mode=0&mimic_button_field=submit_button_login_submit%3a+..&strip_page_top=0&button_value=
  212. FF - component: c:\documents and settings\goran07\Application Data\Mozilla\Firefox\Profiles\6a0uklg8.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
  213. FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
  214. FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
  215.  
  216. ---- FIREFOX POLICIES ----
  217. FF - user.js: network.http.max-connections-per-server - 6
  218. FF - user.js: network.http.max-persistent-connections-per-server - 3
  219. FF - user.js: nglayout.initialpaint.delay - 750
  220. c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
  221. c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
  222. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
  223. c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
  224. c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
  225. c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
  226. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
  227. c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
  228. c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
  229. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
  230. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
  231. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
  232. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
  233. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
  234. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
  235. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
  236. c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
  237. c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
  238. c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
  239. c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
  240. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
  241. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
  242. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
  243. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
  244. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
  245. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
  246. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
  247. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
  248. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
  249. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
  250. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
  251. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
  252. .
  253.  
  254. **************************************************************************
  255.  
  256. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  257. Rootkit scan 2010-03-15 11:21
  258. Windows 5.1.2600 Service Pack 3 NTFS
  259.  
  260. scanning hidden processes ...
  261.  
  262. scanning hidden autostart entries ...
  263.  
  264. scanning hidden files ...
  265.  
  266. scan completed successfully
  267. hidden files: 0
  268.  
  269. **************************************************************************
  270.  
  271. Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
  272.  
  273. device: opened successfully
  274. user: MBR read successfully
  275. called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync03.sys >>UNKNOWN [0x8AAD28E0]<<
  276. kernel: MBR read successfully
  277. detected MBR rootkit hooks:
  278. \Driver\Disk -> CLASSPNP.SYS @ 0xf764bf28
  279. \Driver\ACPI -> ACPI.sys @ 0xf75aecb8
  280. \Driver\atapi -> sfsync03.sys @ 0xf761895c
  281. IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e6686
  282. ParseProcedure -> TUKERNEL.EXE @ 0x8057b6b9
  283. \Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e6686
  284. ParseProcedure -> TUKERNEL.EXE @ 0x8057b6b9
  285. NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf787fbb0
  286. PacketIndicateHandler -> NDIS.sys @ 0xf788ca21
  287. SendHandler -> NDIS.sys @ 0xf786a87b
  288. user & kernel MBR OK
  289.  
  290. **************************************************************************
  291. .
  292. --------------------- LOCKED REGISTRY KEYS ---------------------
  293.  
  294. [HKEY_USERS\S-1-5-21-515967899-1979792683-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
  295. @Allowed: (Read) (RestrictedCode)
  296. @Allowed: (Read) (RestrictedCode)
  297.  
  298. [HKEY_USERS\S-1-5-21-515967899-1979792683-839522115-1003\Software\SecuROM\License information*]
  299. "datasecu"=hex:d7,c0,b4,20,9d,b8,ac,ba,fd,9e,9b,1e,fb,99,00,32,7b,09,af,78,2b,
  300. c0,8c,e2,c0,c5,35,7a,36,60,bc,a7,3f,a5,9c,63,f6,d1,f0,40,62,29,8d,f4,18,03,\
  301. "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
  302. .
  303. --------------------- DLLs Loaded Under Running Processes ---------------------
  304.  
  305. - - - - - - - > 'explorer.exe'(7416)
  306. c:\windows\TEMP\logishrd\LVPrcInj01.dll
  307. c:\windows\system32\msi.dll
  308. c:\windows\system32\WPDShServiceObj.dll
  309. c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
  310. c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
  311. c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
  312. c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
  313. c:\windows\system32\PortableDeviceTypes.dll
  314. c:\windows\system32\PortableDeviceApi.dll
  315. .
  316. ------------------------ Other Running Processes ------------------------
  317. .
  318. c:\windows\system32\nvsvc32.exe
  319. c:\program files\Java\jre6\bin\jqs.exe
  320. c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
  321. c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
  322. c:\windows\system32\PnkBstrA.exe
  323. c:\windows\System32\TUProgSt.exe
  324. c:\windows\system32\wscntfy.exe
  325. c:\windows\RTHDCPL.EXE
  326. c:\windows\system32\RUNDLL32.EXE
  327. .
  328. **************************************************************************
  329. .
  330. Completion time: 2010-03-15 11:22:57 - machine was rebooted
  331. ComboFix-quarantined-files.txt 2010-03-15 10:22
  332. ComboFix2.txt 2010-03-14 19:09
  333.  
  334. Pre-Run: 17.346.813.952 bytes free
  335. Post-Run: 17.301.098.496 bytes free
  336.  
  337. - - End Of File - - FE471959DD4154567E34B30A6A614770
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!