I often get this warning on ESET Nod32 EAV:
Startup scanner operating memory Operating memory Win32/Rootkit.Agent.ODG trojan unable to clean BETA\root
Sometimes, when I click on a google search, the opened page is not the one opinted by google.
I suppose this is caused by this trojan.
whatever, I'ld like to get rid of it.
when i ran combofix, before the reboot, it told me to write down on a paper the name of following drivers/rootkits:
C:/WINDOWS/system32/sdra64.exe
C:/WINDOWS/system32/drivers/vsfocevaplwrxw.sys
C:/WINDOWS/system32/vsfocemdlhcctv.dll
C:/WINDOWS/system32/vsfocelxjnawwi.dat
C:/WINDOWS/system32/vsfocegpseuaha.dll
C:/WINDOWS/system32/vsfocengoiroyh.dat
here is my combofix log:
ComboFix 09-08-29.01 - root 30/08/2009 17:53.1.2 - NTFSx86Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2046.1586 [GMT 2:00]Running from: e:\mes documents\Downloads\Programs\ComboFix.exeAV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Created a new restore point * Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.datc:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.datc:\windows\OPTIONS\CABS\_desktop.inic:\windows\system32\drivers\vsfocevaplwrxw.sysc:\windows\system32\lowsecc:\windows\system32\lowsec\local.dsc:\windows\system32\lowsec\user.dsc:\windows\system32\msconfig.exec:\windows\system32\msxm192z.dllc:\windows\system32\sdra64.exec:\windows\system32\vsfocegpseuaha.dllc:\windows\system32\vsfocelxjnawwi.datc:\windows\system32\vsfocemdlhcctv.dllc:\windows\system32\vsfocengoiroyh.dat----- BITS: Possible infected sites -----hxxp://binuser.fileave.com.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Service_vsfoceesaqoobh-------\Legacy_vsfoceesaqoobh((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-30 ))))))))))))))))))))))))))))))).2009-08-13 19:53 . 2009-08-13 19:53 41872 ----a-w- c:\windows\system32\xfcodec.dll2009-08-08 09:43 . 2009-08-08 09:43 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software2009-08-06 18:48 . 2009-08-06 18:48 -------- d-----w- c:\program files\Fichiers communs\WinAgents2009-08-06 18:48 . 2009-08-06 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\WinAgents2009-08-06 18:48 . 2009-08-06 18:48 -------- d-----w- c:\program files\WinAgents2009-08-05 21:55 . 2009-08-05 21:55 625728 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-08-30 15:41 . 2008-12-23 21:25 -------- d-----w- c:\documents and settings\root\Application Data\DMCache2009-08-30 15:06 . 2009-04-11 14:19 355392 ----a-w- c:\documents and settings\root\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll2009-08-30 15:06 . 2009-04-11 14:19 179264 ----a-w- c:\documents and settings\root\Application Data\id Software\quakelive\home\baseq3\uix86.dll2009-08-30 14:50 . 2008-10-08 15:47 138944 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys2009-08-30 14:50 . 2008-10-08 15:46 189784 ----a-w- c:\windows\system32\PnkBstrB.exe2009-08-30 14:50 . 2009-04-11 14:18 874660 ----a-w- c:\documents and settings\root\Application Data\id Software\quakelive\home\pb\pbcl.dll2009-08-30 14:50 . 2009-04-11 14:18 57344 ----a-w- c:\documents and settings\root\Application Data\id Software\quakelive\home\pb\pbag.dll2009-08-30 14:50 . 2009-04-11 14:18 2661440 ----a-w- c:\documents and settings\root\Application Data\id Software\quakelive\home\baseq3\quakelive.dll2009-08-25 06:10 . 2009-07-15 05:27 -------- d-----w- c:\documents and settings\root\Application Data\vlc2009-08-24 18:25 . 2009-04-11 14:19 457792 ----a-w- c:\documents and settings\root\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll2009-08-17 22:08 . 2008-09-06 20:55 -------- d-----w- c:\documents and settings\root\Application Data\Xfire2009-08-15 08:17 . 2009-01-20 16:57 8 ----a-w- c:\windows\system32\nvModes.dat2009-08-08 09:43 . 2008-10-08 15:46 2373712 ----a-w- c:\windows\system32\pbsvc.exe2009-08-06 18:48 . 2008-11-12 23:39 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard2009-07-28 08:58 . 2008-08-17 14:09 1324 ----a-w- c:\windows\system32\d3d9caps.dat2009-07-28 08:58 . 2008-08-17 14:09 768 ----a-w- c:\windows\system32\d3d8caps.dat2009-07-27 22:55 . 2009-07-25 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\154828142009-07-23 19:44 . 2009-02-02 23:37 -------- d-----w- c:\documents and settings\root\Application Data\IDM2009-07-18 01:40 . 2009-02-11 01:08 -------- d-----w- c:\program files\Google2009-07-16 20:06 . 2008-12-14 10:19 1 ----a-w- c:\documents and settings\root\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys2009-07-14 13:22 . 2009-04-11 14:18 479232 ----a-w- c:\documents and settings\root\Application Data\id Software\quakelive\home\pb\pbsv.dll2009-07-12 23:13 . 2009-07-12 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd2009-07-12 23:12 . 2009-07-12 23:12 -------- d-----w- c:\documents and settings\root\Application Data\Logitech2009-07-12 23:12 . 2009-07-12 23:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf2009-07-12 23:12 . 2009-07-12 23:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf2009-07-12 23:12 . 2009-07-12 23:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf2009-07-12 23:11 . 2009-07-12 23:11 -------- d-----w- c:\program files\Fichiers communs\Logishrd2009-07-12 23:11 . 2009-01-22 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech2009-07-12 23:11 . 2009-01-18 20:31 -------- d--h--w- c:\program files\InstallShield Installation Information2009-07-11 18:31 . 2009-05-26 20:30 -------- d-----w- c:\documents and settings\root\Application Data\cspa2009-07-11 12:04 . 2009-07-11 12:04 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}2009-07-11 12:04 . 2009-07-11 12:04 -------- d-----w- c:\program files\Lavasoft2009-07-11 11:54 . 2009-07-11 11:54 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe2009-07-08 17:28 . 2009-07-11 12:04 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe2009-07-06 12:01 . 2009-07-06 12:01 2373712 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe2009-07-03 14:49 . 2009-07-11 12:05 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys2009-07-03 14:49 . 2009-07-25 11:15 15688 ----a-w- c:\windows\system32\lsdelete.exe2009-07-03 10:09 . 2009-07-03 10:08 -------- d-----w- c:\program files\Common Files2009-06-24 23:53 . 2009-06-24 23:53 48640 ----a-w- C:\dse.exe2009-06-22 13:23 . 2009-06-22 13:23 239088 ----a-w- c:\documents and settings\root\Application Data\Mozilla\plugins\npgoogletalk.dll2009-06-17 09:27 . 2008-12-09 23:22 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-06-17 09:27 . 2008-12-09 23:22 19096 ----a-w- c:\windows\system32\drivers\mbam.sys2009-06-10 18:27 . 2009-06-10 18:18 113673 ----a-w- c:\windows\hpoins07.dat2009-06-10 18:01 . 2009-06-10 17:56 71857 ----a-w- c:\windows\hpqins01.dat2009-06-03 16:27 . 2009-06-03 16:27 10684866 ----a-w- c:\documents and settings\root\Application Data\Azureus\plugins\azump\mplayer.exe2009-06-02 12:21 . 2008-10-08 09:03 25248 ----a-w- c:\documents and settings\root\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-05-30 10:30 . 2009-05-30 10:30 265000 ----a-w- c:\program files\iTunesPhotoProcessor.exe2009-05-30 10:30 . 2009-05-30 10:30 384808 ----a-w- c:\program files\iTunesAdmin.dll2009-05-30 10:30 . 2009-05-30 10:30 292136 ----a-w- c:\program files\iTunesHelper.exe2009-05-30 10:30 . 2009-05-30 10:30 285184 ----a-w- c:\program files\iTunesOutlookAddIn.dll2009-05-30 10:30 . 2009-05-30 10:30 124200 ----a-w- c:\program files\iTunesMiniPlayer.dll2009-05-30 10:30 . 2009-05-30 10:30 14073640 ----a-w- c:\program files\iTunes.exe2009-05-30 10:30 . 2009-05-30 10:30 722160 ----a-w- c:\program files\CDDBControlApple.dll2009-05-30 10:30 . 2009-05-30 10:30 643072 ----a-w- c:\program files\iPodUpdaterExt.dll2009-05-30 10:30 . 2009-05-30 10:30 111912 ----a-w- c:\program files\ITDetector.ocx2009-05-30 10:30 . 2009-05-30 10:30 8356 ----a-w- c:\program files\Acknowledgements.rtf2009-05-25 22:10 . 2009-05-25 22:10 415 ----a-w- c:\program files\HP.lnk2006-05-03 10:06 . 2009-06-27 20:44 163328 --sh--r- c:\windows\system32\flvDX.dll2007-02-21 11:47 . 2009-06-27 20:44 31232 --sh--r- c:\windows\system32\msfDX.dll2008-03-16 13:30 . 2009-06-27 20:44 216064 --sh--r- c:\windows\system32\nbDX.dll.------- Sigcheck -------[-] 2005-06-28 16:56 359808 77C0C5E7D6CFE2052B8CF28B8722F528 c:\windows\system32\drivers\tcpip.sys[7] 2005-03-02 18:13 2181632 3E2A0A4A0C0B19FC113618A9562A3B2A c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe[7] 2005-03-02 18:08 2181376 63729DD0F2AAE36CC52B89C05505146C c:\windows\Driver Cache\i386\ntoskrnl.exe[-] 2005-06-15 21:00 2321152 BEBB29FBD9C14448A7BC12204A362D9E c:\windows\system32\ntoskrnl.exe[-] 2005-06-15 21:01 1036288 CC5B99AF6247175A151B0CC4E71C7F58 c:\windows\explorer.exe[-] 2004-11-28 16:36 8704 AB3D62010AF342203FFA60C2D94DBC68 c:\windows\system32\sfcfiles.dllc:\windows\system32\mspmsnsv.dll ... is missing !!.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IDMan"="e:\program files\Internet Download Manager\IDMan.exe" [2009-02-02 2745776]"LClock"="lclock.exe" - c:\windows\LClock.exe [2004-12-08 65536][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608]"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-09-21 55824][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"LSD_III"="c:\windows\LSD\end.cmd" [2005-07-14 2310]"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]c:\documents and settings\root\Menu D‚marrer\Programmes\D‚marrage\iTunes.lnk - c:\program files\iTunes.exe [2009-5-30 14073640]Xfire.lnk - g:\program files\Xfire\xfire.exe [2009-8-13 3109264]c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\Logitech SetPoint.lnk - e:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-13 784912]VirtuaWin.lnk - c:\program files\VirtuaWin\VirtuaWin.exe [2008-10-15 116224][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"ForceClassicControlPanel"= 1 (0x1)"NoSMBalloonTip"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]2007-11-15 08:10 72208 ----a-w- c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]@=""[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Launchy.lnk]path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Launchy.lnkbackup=c:\windows\pss\Launchy.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^root^Menu Démarrer^Programmes^Démarrage^Update Notifier.lnk]path=c:\documents and settings\root\Menu Démarrer\Programmes\Démarrage\Update Notifier.lnkbackup=c:\windows\pss\Update Notifier.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="c:\\Documents and Settings\\root\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"="c:\\Documents and Settings\\root\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"="c:\\Program Files\\Google\\Google Talk\\googletalk.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\iTunes.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/07/2009 14:05 64160]R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19/03/2009 11:44 107256]R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [19/03/2009 11:45 94360]R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14/05/2009 15:47 731840]R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 16:49 1029456]R2 scrcp8t;Bull SmarTLP;c:\windows\system32\drivers\scrcp8t.sys [22/01/2009 18:33 11728]R2 Synergy Server;Synergy Server;c:\program files\Synergy\synergys.exe [02/04/2006 22:20 733184]R2 WinAgentsTftpService4;WinAgents TFTP Service 4;c:\program files\Fichiers communs\WinAgents\TftpService.exe [15/06/2009 19:06 94208]R3 CTBus;ContactLess Bus Enumerator;c:\windows\system32\drivers\CTbus.sys [18/02/2005 11:15 15232]S2 AlerterALG;Avertissement AlerterALG;c:\windows\TEMP\tmlommavaj.exe service --> c:\windows\TEMP\tmlommavaj.exe service [?]S2 gupdate1c9ba6dbc88f0a4;Google Update Service (gupdate1c9ba6dbc88f0a4);c:\program files\Google\Update\GoogleUpdate.exe [11/04/2009 08:21 133104]S3 BULLTLP3;Lecteur de cartes ŕ puce série BULL SmarTLP3;c:\windows\system32\drivers\bulltlp3.sys [22/01/2009 18:58 14080]S3 GPU-Z;GPU-Z;\??\c:\docume~1\root\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\root\LOCALS~1\Temp\GPU-Z.sys [?]S3 P1001VID;Creative WebCam (WDM);c:\windows\system32\drivers\P1001Vid.sys [16/11/2008 04:48 395224]S3 PnpGemProx;Gemplus PnpGemprox Device Driver;c:\windows\system32\drivers\PnpGemprox.sys [07/11/2005 16:59 34304]S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25/01/2008 11:12 25088]S3 USRSp50;USRSp50 NDIS Protocol Driver;c:\windows\system32\drivers\USRSp50.sys [30/05/2009 14:35 17664].Contents of the 'Scheduled Tasks' folder2009-07-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]2009-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]2009-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-11 06:21]2009-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-162531612-725345543-1003Core.job- c:\documents and settings\root\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 10:57].- - - - ORPHANS REMOVED - - - -HKLM-Run-MSxmlHpr - c:\windows\system32\msxm192z.dll.------- Supplementary Scan -------.uStart Page = hxxp://www.winlsd.orguInternet Connection Wizard,ShellNext = hxxp://www.winlsd.org/uInternet Settings,ProxyOverride = *.localuSearchURL,(Default) = hxxp://www.google.fr/keyword/%sIE: Download all links with IDM - e:\program files\Internet Download Manager\IEGetAll.htmIE: Download FLV video content with IDM - e:\program files\Internet Download Manager\IEGetVL.htmIE: Download with IDM - e:\program files\Internet Download Manager\IEExt.htmIE: E&xporter vers Microsoft Excel - g:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\root\Application Data\Mozilla\Firefox\Profiles\w4v5o7na.default\FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?hl=en&shva=1#inboxFF - component: c:\documents and settings\root\Application Data\IDM\idmmzcc2\components\idmmzcc.dllFF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dllFF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dllFF - plugin: c:\documents and settings\root\Application Data\Mozilla\plugins\npgoogletalk.dllFF - plugin: c:\documents and settings\root\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dllFF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dllFF - plugin: c:\program files\Mozilla Plugins\npitunes.dllFF - plugin: e:\program files\Adobe\Acrobat Reader 9\Reader\browser\nppdf32.dllFF - plugin: e:\program files\VLC\npvlc.dll---- FIREFOX POLICIES ----g:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);g:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);g:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);g:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);g:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);g:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);g:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");g:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);g:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);g:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);g:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);g:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);g:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);g:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);g:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);g:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");g:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2009-08-30 18:02Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... **************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\S-1-5-21-1229272821-162531612-725345543-1003\SOFTWARE\SecuROM\License information*]"datasecu"=hex:2a,82,05,ef,ff,40,61,ca,d8,21,2f,2b,fa,13,3d,81,66,a5,6e,2c,b0, 93,1b,83,3d,09,1b,c4,f6,3b,68,a9,47,a0,ee,0a,67,59,97,be,57,58,42,cd,b1,8b,\"rkeysecu"=hex:ec,bb,fb,e0,30,72,88,63,6d,ac,45,29,61,41,7a,ed[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]@Denied: (Full) (Everyone)"scansk"=hex(0):67,7e,4a,11,e3,bc,98,41,28,56,f1,71,98,6e,20,e6,36,59,6c,a3,73, b4,c4,6d,5e,54,a0,07,a7,06,6e,37,fc,91,46,ef,e9,6b,e1,fe,00,00,00,00,00,00,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61d0cbeb-db5d-4d19-850c-237b9cccf59c}]@Denied: (Full) (Everyone)"Model"=dword:0000001f"Therad"=dword:00000020"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7723423c-f581-4b0d-9f3d-7b1411190547}]@Denied: (Full) (Everyone)"Model"=dword:0000008b"Therad"=dword:00000015"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d, df,1c,2f,3b,8a,0a,32,11,89,01,b5,3e,ad,02,43,50,83,8e,bd,c1,ec,db,44,2b,fb,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]@Denied: (Full) (Everyone)"scansk"=hex(0):ac,5c,96,fe,1e,d7,e9,eb,c6,a0,cf,b5,2d,5e,0d,53,55,9c,a9,6e,45, 5b,79,41,88,3a,cc,cc,65,ca,d3,5d,1f,3f,7f,c8,84,20,76,33,00,00,00,00,00,00,\.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(852)c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dllc:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dllc:\program files\Synergy\synrgyhk.dll.Completion time: 2009-08-30 18:06ComboFix-quarantined-files.txt 2009-08-30 16:04Pre-Run: 959 471 616 octets libresPost-Run: 1 023 090 688 octets libres330can I have your help?
Thanks!
Sign In
Create Account
