ComboFix 10-04-15.02 - User 19/04/2010 22:01:41.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1253.30.1032.18.3070.2473 [GMT 3:00]
Running from: c:\documents and settings\User\Επιφάνεια εργασίας\Combo-Fix.exe
Command switches used :: c:\documents and settings\User\Επιφάνεια εργασίας\CFscript.txt.txt
AV: Panda Global Protection 2010 *On-access scanning disabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2010 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PAVSRK.SYS
-------\Legacy_PAVTPK.SYS
-------\Legacy_PCD65X2
-------\Legacy_PCD65X3
-------\Legacy_PCD65X4
-------\Service_PavSRK.sys
-------\Service_PavTPK.sys
-------\Service_PCD65X2
-------\Service_PCD65X3
-------\Service_PCD65X4
((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
.
2010-04-19 18:35 . 2010-04-19 18:48 -------- d-----w- C:\Combo-Fix17504C
2010-04-18 11:13 . 2010-04-18 11:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
2010-04-18 08:49 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-17 12:11 . 2010-04-17 12:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-04-17 12:10 . 2010-04-19 15:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache
2010-04-15 13:10 . 2010-03-29 21:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-15 13:10 . 2010-04-15 13:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 13:10 . 2010-03-29 21:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 12:12 . 2010-04-15 12:12 -------- d-----w- c:\program files\Advanced Attitude Software
2010-04-14 13:42 . 2010-04-14 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Deskshare
2010-04-14 13:38 . 2010-04-14 13:39 -------- d-----w- c:\windows\XSxS
2010-04-14 13:38 . 2010-04-14 13:38 -------- d-----w- c:\program files\Xenocode
2010-04-14 13:38 . 2010-04-14 13:38 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Xenocode
2010-04-14 13:31 . 2010-04-14 13:31 -------- d-----w- c:\program files\Common Files\Deskshare Shared
2010-04-14 13:31 . 2010-04-14 13:31 -------- d-----w- c:\program files\Deskshare
2010-04-14 11:43 . 2010-04-14 11:43 -------- d-----w- C:\_OTL
2010-04-10 21:20 . 2010-04-11 13:30 -------- d-----w- c:\program files\TombRaiderAOD
2010-04-09 20:48 . 2010-04-09 20:48 -------- d-----w- c:\program files\Common Files\Java
2010-04-07 11:14 . 2010-01-30 07:48 266552 ----a-w- c:\windows\system32\HMIPCore.dll
2010-04-07 11:10 . 2010-04-07 11:13 -------- d-----w- c:\documents and settings\User\Application Data\Hide IP NG
2010-03-30 15:01 . 2010-03-30 15:01 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-03-29 15:44 . 2010-02-03 12:56 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-03-25 14:30 . 2010-03-25 14:30 -------- d-----w- c:\program files\Rockstar Games
2010-03-25 13:18 . 2010-03-25 13:18 -------- d-----w- c:\documents and settings\User\Application Data\SmartFTP
2010-03-25 13:18 . 2010-03-25 13:18 -------- d-----w- c:\program files\SmartFTP Client
2010-03-25 13:18 . 2010-03-25 13:18 -------- d-----w- c:\program files\SmartFTP Client 4.0 Setup Files
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 19:10 . 2009-10-28 13:54 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-04-19 19:10 . 2009-10-28 13:54 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-04-19 19:08 . 2009-10-15 20:19 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2010-04-19 19:07 . 2009-10-28 13:54 334432 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-04-19 19:07 . 2009-10-28 13:54 334432 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-04-19 18:59 . 2008-01-10 13:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-13 13:55 . 2008-01-14 15:58 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2010-04-11 19:37 . 2008-01-10 21:17 -------- d-----w- c:\program files\LimeWire
2010-04-09 20:50 . 2010-04-09 20:49 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-748fd146-n\msvcp71.dll
2010-04-09 20:49 . 2010-04-09 20:49 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-748fd146-n\jmc.dll
2010-04-09 20:49 . 2010-04-09 20:49 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-748fd146-n\msvcr71.dll
2010-04-09 20:49 . 2010-04-09 20:49 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28638271-n\decora-sse.dll
2010-04-09 20:49 . 2010-04-09 20:49 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28638271-n\decora-d3d.dll
2010-04-09 20:47 . 2008-01-10 10:51 -------- d-----w- c:\program files\Java
2010-04-06 11:11 . 2006-05-15 16:27 96688 ----a-w- c:\windows\system32\perfc008.dat
2010-04-06 11:11 . 2006-05-15 16:27 554772 ----a-w- c:\windows\system32\perfh008.dat
2010-03-12 14:08 . 2009-02-06 13:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-11 16:50 . 2009-02-09 12:01 -------- d-----w- c:\documents and settings\User\Application Data\Recruitment Viewer
2010-03-11 12:33 . 2004-09-04 13:45 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:33 . 2004-09-04 13:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:33 . 2004-09-04 13:45 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:10 . 2004-09-04 13:45 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 01:28 . 2009-02-09 18:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-02 12:17 . 2008-01-10 10:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-01 11:47 . 2010-02-27 10:42 -------- d-----w- c:\program files\Capcom
2010-02-27 10:39 . 2010-02-27 10:38 -------- d-----w- c:\program files\MagicDisc
2010-02-24 13:11 . 2004-08-04 06:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 15:03 . 2008-01-14 20:26 66512 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-18 15:15 . 2010-02-18 15:15 65536 ----a-w- c:\windows\system32\GDPersns.dat
2010-02-18 15:14 . 2010-02-18 15:14 90112 ----a-w- c:\windows\system32\Dversion.dll
2010-02-18 15:14 . 2010-02-18 15:14 126976 ----a-w- c:\windows\system32\DVC.dll
2010-02-18 14:07 . 2010-02-18 14:07 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-18 14:07 . 2009-11-08 20:35 79488 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-17 11:06 . 2004-09-04 13:41 2196992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:06 . 2006-03-02 09:00 2073856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 12:53 . 2010-02-12 12:51 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-02-12 04:34 . 2004-09-04 13:44 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 06:07 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-27 14:10 . 2009-09-25 16:12 611640 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-03-20 10:24 . 2008-03-20 10:22 24 --sha-w- c:\windows\S3201ED5C.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 397312]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-04 267048]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-27 593920]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" [2009-06-05 574720]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2010\Inicio.exe" [2009-04-21 56064]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"GameDrive"="c:\program files\FarStone\GameDrive\GDP\GDTask.exe" [2006-07-21 167936]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\User\Start Menu\¨¦¨α££«\„΅΅ε¤
\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-2-27 576000]
c:\documents and settings\All Users\Start Menu\¨¦¨α££«\„΅΅ε¤
\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-3-7 131072]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-5-23 122880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 13:58 58672 ----a-w- c:\windows\system32\avldr.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\User\\Επιφάνεια εργασίας\\Guns 'N' Roses\\uTorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R0 FGXSCSI;FGXSCSI;c:\windows\system32\drivers\fgxscsi.sys [18/2/2010 6:15 μμ 71680]
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [5/4/2009 4:23 μμ 28544]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/5/2008 5:03 μμ 691696]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [15/10/2009 11:13 μμ 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [15/10/2009 11:14 μμ 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [15/10/2009 11:13 μμ 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [15/10/2009 11:14 μμ 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [15/10/2009 11:13 μμ 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [15/10/2009 11:02 μμ 41144]
R1 SSHDRV79;SSHDRV79;c:\windows\system32\drivers\SSHDRV79.sys [28/10/2009 4:54 μμ 75264]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [1/12/2009 3:30 μμ 78848]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [15/10/2009 11:14 μμ 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30/3/2010 11:16 πμ 1107336]
R2 INFOlearn_admin_srv;INFOlearn Admin Service;c:\windows\system32\infolearnasrv.exe [6/10/2006 8:35 μμ 49152]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [15/10/2009 11:02 μμ 177416]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [10/1/2008 1:54 μμ 540184]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2010\psksvc.exe [15/10/2009 11:13 μμ 28928]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [15/10/2009 11:19 μμ 13880]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [15/10/2009 11:13 μμ 197888]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S1 SSHDRV65;SSHDRV65;\??\c:\windows\system32\drivers\SSHDRV65.sys --> c:\windows\system32\drivers\SSHDRV65.sys [?]
S3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\drivers\P1130Vid.sys [4/2/2008 5:25 μμ 90357]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [30/6/2009 9:32 μμ 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [30/6/2009 9:32 μμ 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [30/6/2009 9:32 μμ 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [30/6/2009 9:32 μμ 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [30/6/2009 9:32 μμ 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [30/6/2009 9:32 μμ 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [30/6/2009 9:32 μμ 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [30/6/2009 9:32 μμ 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [30/6/2009 9:32 μμ 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [30/6/2009 9:32 μμ 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [30/6/2009 9:32 μμ 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [30/6/2009 9:32 μμ 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [30/6/2009 9:32 μμ 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [30/6/2009 9:32 μμ 117672]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PAVTPK.SYS
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
Contents of the 'Scheduled Tasks' folder
2010-04-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 12:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toggle.com/en/index.php?rvs=hompag&d=79919281
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
IE: Download the ¤t page with Offline Explorer - file://c:\program files\Offline Explorer\Add_AllO.htm
IE: Download using Offline &Explorer - file://c:\program files\Offline Explorer\Add_UrlO.htm
IE: Ε&ξαγωγή στο Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\cu6zhwsp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.gr
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 22:06
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys spjk.sys >>UNKNOWN [0x8ADEC938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7e73cb8
\Driver\atapi -> sfsync02.sys @ 0xb8340d60
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Broadcom NetLink (TM) Gigabit Ethernet -> SendCompleteHandler -> NDIS.sys @ 0xb7cecbb0
PacketIndicateHandler -> NDIS.sys @ 0xb7cf9a21
SendHandler -> NDIS.sys @ 0xb7cd787b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-4160596134-3961019470-752118726-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-4160596134-3961019470-752118726-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:16,10,41,ed,64,3d,77,f2,44,9e,32,86,e1,f1,8f,c6,19,aa,b3,67,76,a2,d2,
73,61,f4,91,60,e8,8e,09,5d,f5,db,35,bd,f1,b2,26,dc,8a,86,20,0e,c9,1e,4f,98,\
"??"=hex:c2,59,d1,1c,d4,d2,90,9f,4a,b4,64,fe,e2,10,24,81
[HKEY_USERS\S-1-5-21-4160596134-3961019470-752118726-1005\Software\SecuROM\License information*]
"datasecu"=hex:4e,10,57,e3,ee,b9,10,cd,ed,b0,f4,0a,39,5b,5d,c4,f4,5c,f9,8d,eb,
25,1d,10,c6,8f,ff,9b,72,ca,0a,32,3c,29,20,a5,3a,7e,00,95,4e,90,cb,5d,c2,27,\
"rkeysecu"=hex:8b,a4,d9,a9,1b,8f,88,92,bf,ca,aa,f3,89,e8,18,92
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1340)
c:\windows\system32\avldr.dll
- - - - - - - > 'explorer.exe'(4992)
c:\program files\Panda Security\Panda Global Protection 2010\pavoepl.dll
c:\program files\TortoiseSVN\bin\tortoisesvn.dll
c:\program files\TortoiseSVN\bin\intl3_svn.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Panda Security\Panda Global Protection 2010\TPSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Panda Security\Panda Global Protection 2010\PsCtrls.exe
c:\program files\Panda Security\Panda Global Protection 2010\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files\panda security\panda global protection 2010\firewall\PSHOST.EXE
c:\program files\Panda Security\Panda Global Protection 2010\PsImSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Panda Security\Panda Global Protection 2010\pavsrv51.exe
c:\program files\Panda Security\Panda Global Protection 2010\AVENGINE.EXE
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\PANDA SECURITY\PANDA GLOBAL PROTECTION 2010\WebProxy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Panda Security\Panda Global Protection 2010\SRVLOAD.EXE
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\program files\Panda Security\Panda Global Protection 2010\PavBckPT.exe
.
**************************************************************************
.
Completion time: 2010-04-19 22:12:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-19 19:12
ComboFix2.txt 2010-04-19 18:48
ComboFix3.txt 2010-04-16 10:10
Pre-Run: 28 Κατάλογοι 60.089.749.504 διαθέσιμα byte
Post-Run: 29 Κατάλογοι 60.038.750.208 διαθέσιμα byte
- - End Of File - - CF41ACA0B36125F51F5F9B96CA21C94C