hi
here is the combofix log that rum in safe mode
ComboFix 10-06-23.01 - Administrator 23/06/2010 22:55:15.8.4 - x86 MINIMAL
Running from: g:\documents and settings\Administrator\Επιφάνεια εργασίας\ComboFix.exe
Command switches used :: g:\documents and settings\Administrator\Επιφάνεια εργασίας\Cfscript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Created a new restore point
FILE ::
"d:\downloads\Pack Indigorose 10in1 (AIO)\Pack Indigorose.exe"
.
((((((((((((((((((((((((( Files Created from 2010-05-23 to 2010-06-23 )))))))))))))))))))))))))))))))
.
2010-06-23 19:33 . 2010-06-23 19:33 -------- d-----w- g:\documents and settings\Administrator\Application Data\Notepad++
2010-06-23 18:33 . 2010-05-24 17:13 51232 ----a-w- g:\windows\system32\RHCoInstXP.dll
2010-06-23 18:33 . 2010-05-24 17:13 1489440 ----a-w- g:\windows\RtaUpd.exe
2010-06-23 18:33 . 2010-05-24 17:09 4003008 ----a-w- g:\windows\system32\drivers\RtKHDMI.sys
2010-06-23 08:36 . 2010-06-23 08:36 -------- d-----w- g:\documents and settings\astra\????????? ????????
2010-06-21 09:56 . 2010-06-21 09:56 132096 ----atw- g:\windows\system32\DarkSpyKernel.sys
2010-06-20 18:42 . 2010-04-29 12:39 38224 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys
2010-06-20 18:42 . 2010-06-20 18:42 -------- d-----w- g:\program files\Malwarebytes' Anti-Malware
2010-06-20 18:42 . 2010-04-29 12:39 20952 ----a-w- g:\windows\system32\drivers\mbam.sys
2010-06-17 07:36 . 2010-06-19 06:28 -------- d-----w- g:\program files\Safer Networking
2010-06-17 05:29 . 2010-06-17 05:29 -------- d-----w- g:\documents and settings\Administrator\Application Data\Mp3tag
2010-06-16 19:33 . 2010-06-16 19:36 52736 ----a-w- g:\windows\system32\drivers\rk_remover.sys
2010-06-14 20:12 . 2010-06-14 20:12 -------- d-----r- g:\documents and settings\LocalService\Τα έγγραφά μου
2010-06-13 21:05 . 2010-06-13 21:05 12872 ----a-w- g:\windows\system32\bootdelete.exe
2010-06-13 20:27 . 2010-06-13 21:10 15944 ----a-w- g:\windows\system32\drivers\hitmanpro35.sys
2010-06-13 20:27 . 2010-06-13 21:05 -------- d-----w- g:\documents and settings\All Users\Application Data\Hitman Pro
2010-06-13 18:32 . 2010-06-13 18:32 -------- d-----w- g:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-13 18:08 . 2010-06-13 18:08 -------- d-----w- g:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-13 17:25 . 2010-06-13 17:31 -------- d-----w- g:\program files\Windows Live Safety Center
2010-06-12 17:04 . 2010-06-12 17:04 -------- d-----w- g:\program files\JRE
2010-06-12 14:45 . 2010-06-12 14:45 -------- d-----w- g:\program files\iPod
2010-06-12 14:44 . 2010-06-12 14:45 -------- d-----w- g:\program files\iTunes
2010-06-12 14:44 . 2010-06-12 14:45 -------- d-----w- g:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-12 14:05 . 2010-06-12 14:05 -------- d-----w- g:\program files\Phyxion.net
2010-06-12 07:34 . 2010-06-13 13:18 -------- d-----w- g:\program files\PeerBlock
2010-06-12 07:23 . 2010-06-12 07:24 -------- d-----w- g:\documents and settings\All Users\Application Data\COMODO
2010-06-12 06:39 . 2010-06-12 07:20 -------- d-----w- g:\documents and settings\All Users\Application Data\Comodo Downloader
2010-06-12 06:14 . 2010-06-12 06:14 -------- d-----w- g:\documents and settings\astra\Application DataComodoGroup
2010-06-11 11:33 . 2010-06-11 11:33 -------- d-----w- g:\program files\zabkat
2010-06-11 08:28 . 2010-06-11 09:08 -------- d-----w- g:\documents and settings\astra\.freeplane
2010-06-10 22:11 . 2010-06-10 22:11 -------- d-----w- g:\windows\SHELLNEW
2010-06-08 20:48 . 2010-06-02 01:55 74072 ----a-w- g:\windows\system32\XAPOFX1_5.dll
2010-06-08 20:48 . 2010-06-02 01:55 527192 ----a-w- g:\windows\system32\XAudio2_7.dll
2010-06-08 20:48 . 2010-06-02 01:55 239960 ----a-w- g:\windows\system32\xactengine3_7.dll
2010-06-08 20:48 . 2010-05-26 08:41 2106216 ----a-w- g:\windows\system32\D3DCompiler_43.dll
2010-06-08 20:48 . 2010-05-26 08:41 1868128 ----a-w- g:\windows\system32\d3dcsx_43.dll
2010-06-08 20:48 . 2010-05-26 08:41 470880 ----a-w- g:\windows\system32\d3dx10_43.dll
2010-06-08 20:48 . 2010-05-26 08:41 248672 ----a-w- g:\windows\system32\d3dx11_43.dll
2010-06-08 20:48 . 2010-05-26 08:41 1998168 ----a-w- g:\windows\system32\D3DX9_43.dll
2010-06-08 20:48 . 2010-02-04 07:01 74072 ----a-w- g:\windows\system32\XAPOFX1_4.dll
2010-06-08 20:48 . 2010-02-04 07:01 528216 ----a-w- g:\windows\system32\XAudio2_6.dll
2010-06-08 20:48 . 2010-02-04 07:01 238936 ----a-w- g:\windows\system32\xactengine3_6.dll
2010-06-08 20:48 . 2010-02-04 07:01 22360 ----a-w- g:\windows\system32\X3DAudio1_7.dll
2010-06-08 18:47 . 2010-05-06 10:33 743424 -c----w- g:\windows\system32\dllcache\iedvtool.dll
2010-06-06 15:26 . 2010-06-06 15:27 -------- d-----w- g:\documents and settings\All Users\Application Data\Nuance
2010-06-06 15:26 . 2010-06-06 15:26 -------- d-----w- g:\documents and settings\All Users\Application Data\Downloaded Installations
2010-06-04 08:55 . 2010-06-04 08:55 229312 ----a-w- g:\windows\system32\drivers\cmdGuard.sys
2010-06-04 07:42 . 2010-06-04 07:42 -------- d-----w- g:\program files\Common Files\ABBYY
2010-06-04 07:40 . 2010-06-04 07:45 -------- d-----w- g:\program files\ABBYY FineReader 9.0
2010-06-01 16:00 . 2010-06-01 16:00 278288 ----a-w- g:\windows\system32\guard32.dll
2010-06-01 16:00 . 2010-06-01 16:00 87824 ----a-w- g:\windows\system32\drivers\inspect.sys
2010-06-01 16:00 . 2010-06-01 16:00 25240 ----a-w- g:\windows\system32\drivers\cmdhlp.sys
2010-06-01 16:00 . 2010-06-01 16:00 15464 ----a-w- g:\windows\system32\drivers\cmderd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 19:27 . 2004-09-07 12:00 690068 ----a-w- g:\windows\system32\perfh008.dat
2010-06-23 19:27 . 2004-09-07 12:00 147354 ----a-w- g:\windows\system32\perfc008.dat
2010-06-23 19:19 . 2008-11-02 18:40 -------- d-----w- g:\documents and settings\All Users\Application Data\VMware
2010-06-23 19:19 . 2008-11-02 18:41 -------- d-----w- g:\documents and settings\LocalService\Application Data\VMware
2010-06-06 15:32 . 2008-10-28 21:08 -------- d-----w- g:\program files\Common Files\Adobe
2010-06-05 12:56 . 2010-01-02 22:16 -------- d-----w- g:\program files\Notepad++
2010-06-04 11:16 . 2010-02-02 12:29 -------- d-----w- g:\program files\Microsoft Silverlight
2010-06-04 07:48 . 2010-04-10 16:28 -------- d-----w- g:\documents and settings\All Users\Application Data\ABBYY
2010-06-04 06:13 . 2010-05-14 05:41 -------- d-----w- g:\program files\adma
2010-06-01 22:04 . 2008-10-28 07:55 -------- d-----w- g:\program files\CCleaner
2010-05-22 20:01 . 2009-12-06 22:05 256 ----a-w- g:\windows\system32\pool.bin
2010-05-22 19:09 . 2009-07-27 04:41 -------- d-----w- g:\program files\Emerge Desktop
2010-05-21 11:14 . 2009-10-02 06:41 221568 ------w- g:\windows\system32\MpSigStub.exe
2010-05-17 08:31 . 2009-02-15 16:18 -------- d-----w- g:\program files\FMY
2010-05-16 07:18 . 2010-05-16 07:19 411368 ----a-w- g:\windows\system32\deployJava1.dll
2010-05-14 05:03 . 2009-01-09 17:51 25992 ----a-w- g:\windows\system32\pgdfgsvc.exe
2010-05-13 17:48 . 2010-04-25 20:31 -------- d-----w- g:\program files\TP-LINK
2010-05-06 10:33 . 2004-09-07 12:00 916480 ----a-w- g:\windows\system32\wininet.dll
2010-05-02 08:07 . 2004-09-07 12:00 1851520 ----a-w- g:\windows\system32\win32k.sys
2010-04-28 15:45 . 2010-06-23 18:34 1251872 ----a-w- g:\windows\RtlExUpd.dll
2010-04-25 21:00 . 2010-04-25 20:27 -------- d-----w- g:\documents and settings\All Users\Application Data\TP-LINK
2010-04-25 20:31 . 2010-04-25 20:31 -------- d-----w- g:\documents and settings\All Users\Application Data\Atheros
2010-04-20 05:30 . 2004-09-07 12:00 285696 ----a-w- g:\windows\system32\atmfd.dll
2010-04-07 04:55 . 2010-04-10 22:19 545 ----a-w- g:\windows\UC.PIF
2010-04-07 04:55 . 2010-04-10 22:19 545 ----a-w- g:\windows\RAR.PIF
2010-04-07 04:55 . 2010-04-10 22:19 545 ----a-w- g:\windows\PKZIP.PIF
2010-04-07 04:55 . 2010-04-10 22:19 545 ----a-w- g:\windows\PKUNZIP.PIF
2010-04-07 04:55 . 2010-04-10 22:19 545 ----a-w- g:\windows\NOCLOSE.PIF
2010-04-07 04:55 . 2010-04-10 22:19 545 ----a-w- g:\windows\LHA.PIF
2010-04-07 04:55 . 2010-04-10 22:19 545 ----a-w- g:\windows\ARJ.PIF
2008-10-28 20:30 . 2008-10-28 20:30 23 --sha-w- g:\windows\system32\bdcca4_d.dll
.
------- Sigcheck -------
[-] 2009-08-11 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . g:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . g:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . g:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . g:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . g:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . g:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vmware-tray"="g:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-01-22 129584]
"TWCU"="g:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" [2010-02-04 561263]
"MSSE"="g:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"COMODO Internet Security"="g:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" [2010-06-08 19552872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="g:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
g:\documents and settings\All Users\Start Menu\�¨¦š¨α££˜«˜\„΅΅ε¤ž©ž\
Rainmeter.lnk - g:\program files\Rainmeter\Rainmeter.exe [2010-2-28 119296]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "g:\program files\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="G:\Yellow flower.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=g:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pgdfgsvc G 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\G:^Documents and Settings^astra^Start Menu^Προγράμματα^Εκκίνηση^MagicDisc.lnk]
backup=g:\windows\pss\MagicDisc.lnkStartup
path=g:\documents and settings\astra\Start Menu\Προγράμματα\Εκκίνηση\MagicDisc.lnk
[HKLM\~\startupfolder\G:^Documents and Settings^astra^Start Menu^Προγράμματα^Εκκίνηση^OpenOffice.org 3.1.lnk]
backup=g:\windows\pss\OpenOffice.org 3.1.lnkStartup
path=g:\documents and settings\astra\Start Menu\Προγράμματα\Εκκίνηση\OpenOffice.org 3.1.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- g:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- g:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- g:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-12 12:53 133104 ----atw- g:\documents and settings\astra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2007-11-02 12:52 36864 ----a-w- g:\program files\HP\HP UT\bin\hppusg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 16:30 1695232 ------w- g:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-06-08 14:16 19552872 ----a-w- g:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ABBYY.Licensing.FineReader.Professional.10.0"=2 (0x2)
"iPod Service"=3 (0x3)
"ABBYY.Licensing.FineReader.Professional.9.0"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"wfxsvc"=2 (0x2)
"ose"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"d:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"d:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"g:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R0 CFRMD;CFRMD;g:\windows\System32\drivers\CFRMD.sys [x]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;g:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;g:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 25240]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;g:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 vmci;VMware vmci;g:\windows\system32\Drivers\vmci.sys [2010-01-22 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;g:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-01-22 563760]
R3 Ambfilt;Ambfilt;g:\windows\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
R3 aswArKrn;aswArKrn;g:\docume~1\ADMINI~1\LOCALS~1\Temp\aswArKrn.sys [x]
R3 CheckFSD;Antiy Labs FSD Service;g:\documents and settings\astra\Επιφάνεια εργασίας\αντιροοτκιτ\atool\CheckFSD.sys [2008-04-09 8728]
R3 CheckSSDT;Antiy Labs SSDT Service;g:\documents and settings\astra\Επιφάνεια εργασίας\αντιροοτκιτ\atool\SSDT.sys [2008-04-09 8856]
R3 CMC AntiRootkit Service;CMC AntiRootkit Servic;g:\windows\system32\drivers\cmcantirootkit.sys [x]
R3 DarkSpy;DarkSpy;g:\windows\system32\DarkSpyKernel.sys [2010-06-21 132096]
R3 HookMsg;Antiy Labs MsgHook Service;g:\documents and settings\astra\Επιφάνεια εργασίας\αντιροοτκιτ\atool\ABaseDrv.sys [2008-04-09 8472]
R3 IRPFile;Antiy Labs IRP FILE;g:\documents and settings\astra\Επιφάνεια εργασίας\αντιροοτκιτ\atool\IrpFile.sys [2008-07-25 11848]
R3 pbfilter;pbfilter;g:\program files\PeerBlock\pbfilter.sys [2010-06-09 18544]
R3 rk_remover-boot;rk_remover-boot;g:\windows\system32\drivers\rk_remover.sys [2010-06-16 52736]
R3 SunkFilt62;Alcor Micro Corp - 6362;g:\windows\System32\Drivers\sunkfilt62.sys [2004-07-23 46536]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;g:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-11-30 100048]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;g:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;g:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R4 sptd;sptd;g:\windows\system32\Drivers\sptd.sys [2009-11-14 691696]
.
Contents of the 'Scheduled Tasks' folder
2010-06-23 g:\windows\Tasks\COMODO System Cleaner Update.job
- g:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-03-09 12:41]
2010-06-23 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-261903793-839522115-1003Core.job
- g:\documents and settings\astra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 12:53]
2010-06-23 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-261903793-839522115-1003UA.job
- g:\documents and settings\astra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 12:53]
2010-06-23 g:\windows\Tasks\MP Scheduled Scan.job
- g:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 16:02]
.
.
------- Supplementary Scan -------
.
LSP: g:\program files\VMware\VMware Workstation\vsocklib.dll
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - g:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
g:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
g:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
g:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
g:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
g:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 22:57
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@g:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="g:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ΐ•€|ω•9~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Drivers32]
@DACL=(02 0012)
@Denied: (Read) (Administrators)
@Denied: (B E 1 4 5) (Administrators)
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVU9"="tsbyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"wavemapper"="msacm32.drv"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"msacm.msaudio1"="msaud32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.iac2"="g:\\WINDOWS\\system32\\iac25_32.ax"
"vidc.iv50"="ir50_32.dll"
"msacm.l3acm"="g:\\WINDOWS\\system32\\l3codeca.acm"
"VIDC.I420"="i420vfw.dll"
"MSVideo8"="VfWWDM32.dll"
"MSVideo"="vfwwdm32.dll"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"aux"="wdmaud.drv"
"wave3"="wdmaud.drv"
"midi3"="wdmaud.drv"
"mixer3"="wdmaud.drv"
"aux3"="wdmaud.drv"
"vidc.yv12"="yv12vfw.dll"
"wave6"="serwvdrv.dll"
"VIDC.FFDS"="ff_vfw.dll"
"VIDC.VMnc"="vmnc.dll"
"wave4"="wdmaud.drv"
"mixer4"="wdmaud.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(256)
g:\windows\system32\guard32.dll
g:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(312)
g:\windows\system32\guard32.dll
- - - - - - - > 'explorer.exe'(928)
g:\windows\system32\guard32.dll
.
Completion time: 2010-06-23 22:58:47
ComboFix-quarantined-files.txt 2010-06-23 19:58
ComboFix2.txt 2010-06-23 19:47
Pre-Run: 13 Κατάλογοι 434.478.141.440 διαθέσιμα byte
Post-Run: 15 Κατάλογοι 434.464.268.288 διαθέσιμα byte
- - End Of File - - CE30540D4F27328437907D888F7CA71B