Созданные ответы форума
-
Сообщения
-
Спасибо за помощь! Сделал новый лог ComboFix 10-07-01.02 — Администратор 03.07.2010 21:39:29.4.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2047.1623 [GMT 4:00]
Running from: c:documents and settingsAll UsersДокументыинтернетComboFix.exe
Command switches used :: c:documents and settingsАдминистраторРабочий столCFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}FILE ::
«c:windowssystem329oioZ9C.exe»
«c:windowssystem32NgmETKE.exe»
«c:windowssystem32q4xDU9T.exe»
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.Infected copy of c:windowssystem32msgsvc.dll was found and disinfected
Restored copy from — c:windowsERDNTcachemsgsvc.dll.
((((((((((((((((((((((((( Files Created from 2010-06-03 to 2010-07-03 )))))))))))))))))))))))))))))))
.2010-07-02 15:18 . 2010-07-02 15:18
d
w- C:rsit
2010-06-29 17:26 . 2010-06-29 17:26 56 —ha-w- c:windowssystem32ezsidmv.dat
2010-06-29 17:26 . 2010-06-29 17:26
d
w- c:documents and settingsАдминистраторApplication DataskypePM
2010-06-29 17:25 . 2010-06-29 17:25
d
w- c:program filesCommon FilesSkype
2010-06-17 14:18 . 2010-07-02 23:18 217180 —-a-w- c:windowssystem32nvdrsdb0.bin
2010-06-17 14:18 . 2010-07-02 23:18 1 —-a-w- c:windowssystem32nvdrssel.bin
2010-06-17 14:18 . 2010-07-02 22:49 217180 —-a-w- c:windowssystem32nvdrsdb1.bin
2010-06-15 16:17 . 2010-06-17 09:41
d
w- c:program filesCommon FilesOpera.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-03 17:46 . 2008-03-03 14:10
d
w- c:program filesSteam
2010-07-03 17:19 . 2007-04-18 20:55
d
w- c:program filesMozilla Thunderbird
2010-07-03 16:50 . 2008-07-29 16:56
d
w- c:documents and settingsAll UsersApplication DataGoogle Updater
2010-06-29 18:16 . 2007-04-18 23:19
d
w- c:documents and settingsАдминистраторApplication DataSkype
2010-06-29 17:25 . 2007-04-18 23:18
d
r- c:program filesSkype
2010-06-29 17:25 . 2007-04-18 23:18
d
w- c:documents and settingsAll UsersApplication DataSkype
2010-06-17 14:18 . 2009-09-01 15:57
d
w- c:program filesNVIDIA Corporation
2010-06-17 09:54 . 2010-05-19 17:49 11264 —-a-w- c:windowssystem32driversuziyodu4.sys
2010-06-15 18:36 . 2007-04-14 12:44
d—h—w- c:program filesInstallShield Installation Information
2010-06-07 13:35 . 2010-06-07 13:35 81920 —-a-w- c:windowssystem32nvwddi.dll
2010-06-03 10:26 . 2010-06-03 10:26
d
w- c:documents and settingsАдминистраторApplication DataNVIDIA
2010-06-03 09:48 . 2008-11-02 15:30
d
w- c:program filesCommon FilesWise Installation Wizard
2010-06-03 09:47 . 2009-12-04 15:06
d
w- c:program filesCommon FilesBioWare
2010-06-03 09:39 . 2010-06-03 09:27
d
w- c:program filesMass Effect 2
2010-05-28 13:29 . 2010-05-28 13:29 503808 —-a-w- c:documents and settingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-12904183-nmsvcp71.dll
2010-05-28 13:29 . 2010-05-28 13:29 499712 —-a-w- c:documents and settingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-12904183-njmc.dll
2010-05-28 13:29 . 2010-05-28 13:29 348160 —-a-w- c:documents and settingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-12904183-nmsvcr71.dll
2010-05-28 13:29 . 2010-05-28 13:29 61440 —-a-w- c:documents and settingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0505535ab32-733fbfe1-ndecora-sse.dll
2010-05-28 13:29 . 2010-05-28 13:29 12800 —-a-w- c:documents and settingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0505535ab32-733fbfe1-ndecora-d3d.dll
2010-05-28 08:58 . 2009-06-19 20:16 600680 —-a-w- c:windowssystem32NVUNINST.EXE
2010-05-24 11:12 . 2007-04-14 12:35 78328 -c—a-w- c:documents and settingsАдминистраторLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-05-20 12:20 . 2009-07-05 07:17 22 —-a-w- c:windowssystem32nvModes.dat
2010-05-19 17:08 . 2010-05-19 17:08 388096 —-a-r- c:documents and settingsАдминистраторApplication DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe
2010-05-19 17:08 . 2010-05-19 17:08
d
w- c:program filesTrend Micro
2010-05-19 16:48 . 2008-05-05 17:20
d
w- c:documents and settingsАдминистраторApplication DataUniblue
2010-05-19 16:48 . 2008-05-05 17:19
d
w- c:program filesUniblue
2010-05-15 08:34 . 2010-05-15 05:19
d
w- c:program filesEMOTIONSOFT
2010-05-15 05:19 . 2010-05-15 05:19 318 —-a-r- c:documents and settingsАдминистраторApplication DataMicrosoftInstaller{AD427252-C069-49F6-A0DC-C3235CF6576D}_DD036E56C627C6BE73B6BA.exe
2010-05-15 05:19 . 2010-05-15 05:19 318 —-a-r- c:documents and settingsАдминистраторApplication DataMicrosoftInstaller{AD427252-C069-49F6-A0DC-C3235CF6576D}_D63278A7B39D64734EEF6D.exe
2010-05-15 05:19 . 2010-05-15 05:19 318 —-a-r- c:documents and settingsАдминистраторApplication DataMicrosoftInstaller{AD427252-C069-49F6-A0DC-C3235CF6576D}_AF703F2E1E9CFA1FF8420A.exe
2010-05-15 05:19 . 2010-05-15 05:19 318 —-a-r- c:documents and settingsАдминистраторApplication DataMicrosoftInstaller{AD427252-C069-49F6-A0DC-C3235CF6576D}_37069BEA580CBFC01CB811.exe
2010-05-14 18:06 . 2010-01-12 12:10
d
w- c:documents and settingsАдминистраторApplication DatauTorrent
2010-05-14 14:18 . 2008-07-29 16:56
d
w- c:program filesGoogle
2010-05-07 15:22 . 2008-10-06 13:13
d
w- c:documents and settingsAll UsersApplication DataUbisoft
2010-05-07 15:05 . 2010-04-24 07:27
d
w- c:program filesUbisoft
2010-04-29 15:04 . 2010-04-29 15:04 691696 —-a-w- c:windowssystem32driverssptd.sys
2010-04-09 16:24 . 2010-04-09 16:24 503808 —-a-w- c:documents and settingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0541a209876-1a545971-nmsvcp71.dll
2010-04-09 16:24 . 2010-04-09 16:24 499712 —-a-w- c:documents and settingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0541a209876-1a545971-njmc.dll
2010-04-09 16:24 . 2010-04-09 16:24 348160 —-a-w- c:documents and settingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0541a209876-1a545971-nmsvcr71.dll
2010-04-09 16:24 . 2010-04-09 16:24 61440 —-a-w- c:documents and settingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0176d0ad391-3722c5d0-ndecora-sse.dll
2010-04-09 16:24 . 2010-04-09 16:24 12800 —-a-w- c:documents and settingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0176d0ad391-3722c5d0-ndecora-d3d.dll
2010-01-30 11:24 . 2010-01-30 11:24 774144 —-a-w- c:program filesRngInterstitial.dll
2007-05-01 09:38 . 2007-05-01 08:53 21 -c—a-w- c:program filesCommon Filesappop.log
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«SpybotSD TeaTimer»=»c:program filesSpybot — Search & DestroyTeaTimer.exe» [2009-03-05 2260480]
«Steam»=»c:program filesSteamSteam.exe» [2010-05-07 1238352]
«NBJ»=»c:progra~1AheadNEROBA~1NBJ.exe» [2005-05-19 1957888]
«AlcoholAutomount»=»c:program filesAlcohol SoftAlcohol 120AxAutoMntSrv.exe» [2009-11-15 33120][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NokiaMServer»=»c:program filesCommon FilesNokiaMPlatformNokiaMServer» [X]
«MULTIMEDIA KEYBOARD»=»c:program filesNetropaMultimedia KeyboardMMKeybd.exe» [2003-09-30 425984]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«SSBkgdUpdate»=»c:program filesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe» [2006-10-25 210472]
«OpwareSE4″=»c:program filesScanSoftOmniPageSE4OpwareSE4.exe» [2007-02-04 79400]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2007-10-09 1036288]
«SunJavaUpdateSched»=»c:program filesCommon FilesJavaJava Updatejusched.exe» [2010-02-18 248040]
«avgnt»=»c:program filesAviraAntiVir Desktopavgnt.exe» [2009-03-02 209153]
«TkBellExe»=»c:program filesCommon FilesRealUpdate_OBrealsched.exe» [2010-03-15 202256]
«nwiz»=»c:program filesNVIDIA CorporationnViewnwiz.exe» [2010-06-02 1753192]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2010-06-07 13902440]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2010-06-07 110696][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2002-12-31 15360][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«lanmanworkstation»=2 (0x2)
«lanmanserver»=2 (0x2)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe»=
«c:\Program Files\Steam\Steam.exe»=
«c:\Program Files\Pro Evolution Soccer 2009\pes2009.exe»=
«c:\Games\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe»=
«c:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe»=
«c:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Program Files\Dragon Age\bin_ship\daorigins.exe»=
«c:\Program Files\Dragon Age\DAOriginsLauncher.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«c:\Program Files\Gaijin\Крылатые Хищники\launcher.exe»=
«c:\Program Files\Gaijin\Крылатые Хищники\aces.exe»=
«c:\Program Files\Gaijin\Крылатые Хищники\yuPlay\yuPlay.exe»=
«c:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe»=
«c:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe»=
«c:\Program Files\Ubisoft\Tom Clancy’s Splinter Cell Conviction\src\system\conviction_game.exe»=
«c:\Program Files\Ubisoft\Tom Clancy’s Splinter Cell Conviction\src\system\gu.exe»=
«c:\Ubisoft\Silent Hunter 5\sh5.exe»=
«c:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe»=
«c:\Program Files\Mass Effect 2\MassEffect2Launcher.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«6176:TCP»= 6176:TCPR0 pe3amnqb;Anstoss 2007 Environment Driver (pe3amnqb);c:windowssystem32driverspe3amnqb.sys [02.08.2007 18:55 64632]
R0 ps6amnqb;Anstoss 2007 Synchronization Driver (ps6amnqb);c:windowssystem32driversps6amnqb.sys [02.08.2007 18:55 68224]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:windowssystem32driversMsikbd2k.sys [19.04.2007 0:23 6656]
R1 uziyodu4;AVZ-RK Kernel Driver;c:windowssystem32driversuziyodu4.sys [19.05.2010 21:49 11264]
R2 AntiVirSchedulerService;Avira AntiVir Планировщик;c:program filesAviraAntiVir Desktopsched.exe [08.01.2010 13:39 108289]
R2 nhksrv;Netropa NHK Server;c:program filesNetropaMultimedia Keyboardnhksrv.exe [19.04.2007 0:24 28672]
S2 gupdate;Служба Google Update (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [03.07.2009 15:53 133104]
S2 pr2amnqb;Anstoss 2007 Drivers Auto Removal (pr2amnqb);c:windowssystem32pr2amnqb.exe svc —> c:windowssystem32pr2amnqb.exe svc [?]
S3 DAUpdaterSvc;Dragon Age: Начало — Контентное обновление;c:program filesDragon Agebin_shipdaupdatersvc.service.exe [16.12.2009 0:07 25832]
S3 GarenaPEngine;GarenaPEngine;??c:docume~19335~1LOCALS~1TempHPT9CB.tmp —> c:docume~19335~1LOCALS~1TempHPT9CB.tmp [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:windowssystem32driversnmwcdnsu.sys [26.12.2009 17:03 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:windowssystem32driversnmwcdnsuc.sys [26.12.2009 17:03 8320]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:windowssystem32driversRTL8187.sys [14.04.2007 16:46 176128]
S3 SjyPkt;SjyPkt;c:windowssystem32driversSjyPkt.sys [14.04.2007 16:46 13532]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [29.04.2010 19:04 691696]
.
Contents of the ‘Scheduled Tasks’ folder2010-07-03 c:windowsTasksGoogle Software Updater.job
— c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-07-29 13:31]2010-07-03 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-03 11:53]2010-07-03 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2009-07-03 11:53]2010-07-03 c:windowsTasksRealUpgradeLogonTaskS-1-5-21-725345543-515967899-2147187605-500.job
— c:program filesRealRealUpgraderealupgrade.exe [2010-02-24 19:09]2010-07-03 c:windowsTasksRealUpgradeScheduledTaskS-1-5-21-725345543-515967899-2147187605-500.job
— c:program filesRealRealUpgraderealupgrade.exe [2010-02-24 19:09]2010-05-25 c:windowsTasksUniblue SpeedUpMyPC Nag.job
— c:program filesUniblueSpeedUpMyPC 3SpeedUpMyPC.exe [2008-05-05 05:50]2008-05-05 c:windowsTasksUniblue SpeedUpMyPC.job
— c:program filesUniblueSpeedUpMyPC 3SpeedUpMyPC.exe [2008-05-05 05:50]
.
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: {{DAC5944B-F843-4b90-B605-09DE3360CDE6} — {61772ADE-7CC1-410B-A449-8EEED0930EDE} —
TCP: {048935CF-F262-4B0D-A172-B99BC4215F06} = 94.158.112.5
FF — ProfilePath — c:documents and settingsАдминистраторApplication DataMozillaFirefoxProfilesj7ppin35.default
FF — prefs.js: browser.search.selectedEngine — Google
FF — prefs.js: browser.startup.homepage — hxxp://ru.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:ru:official
FF — component: c:documents and settingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginFirefoxExtcomponentsnprpffbrowserrecordext.dll
FF — component: c:program filesMozilla Firefoxextensions{AB2CE124-6272-4b12-94A9-7303C7397BD1}componentsSkypeFfComponent.dll
FF — plugin: c:program filesGoogleGoogle Earthpluginnpgeplugin.dll
FF — plugin: c:program filesGoogleGoogle Updater2.4.1536.6592npCIDetect13.dll
FF — plugin: c:program filesGoogleUpdate1.2.183.23npGoogleOneClick8.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnp-mswmp.dll
FF — plugin: c:program filesRealRealArcadePluginsMozillanpracplug.dll—- FIREFOX POLICIES —-
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.lu», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nu», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nz», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgberp4a5d4ar», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--p1ai», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgbayh7gpa», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.tel», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.proxy.type», 5);
c:program filesMozilla Firefoxgreprefsall.js — pref(«dom.ipc.plugins.timeoutSecs», 45);
c:program filesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«accelerometer.enabled», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.nptest.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npswf32.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npctrl.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npqtplugin.dll», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled», false);
.
— — — — ORPHANS REMOVED — — — —BHO-{422D016D-ACC7-4B28-A90F-437396175B82} — (no file)
BHO-{86AA1341-3F97-42EF-BDF9-F3686C65F729} — (no file)
BHO-{A1F254C7-DD01-4ABC-85CB-E6DFC64A4A74} — (no file)
HKCU-Run-Start WingMan Profiler — (no file)
AddRemove-NVIDIA Display Control Panel — c:program filesNVIDIA CorporationUninstallnvuninst.exe**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-03 21:46
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(2852)
c:program filesScanSoftOmniPageSE4OpHookSE4.dll
c:program filesNetropaMultimedia Keyboardnhkdll.dll
c:windowssystem32WPDShServiceObj.dll
c:program filesNokiaNokia PC Suite 7PhoneBrowser.dll
c:program filesNokiaNokia PC Suite 7NGSCM.DLL
c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989MSVCP80.dll
c:program filesNokiaNokia PC Suite 7LangPhoneBrowser_rus.nlr
c:program filesNokiaNokia PC Suite 7ResourcePhoneBrowser_Nokia.ngr
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
c:windowssystem32browselc.dll
c:program filesMicrosoft OfficeOFFICE11msohev.dll
.
Other Running Processes
.
c:windowssystem32nvsvc32.exe
c:program filesAviraAntiVir Desktopavguard.exe
c:windowssystem32driversCDAC11BA.EXE
c:program filesCanonIJPLMIJPLMSVC.EXE
c:program filesJavajre6binjqs.exe
c:program filesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
c:windowssystem32wscntfy.exe
c:program filesNetropaMultimedia KeyboardTrayMon.exe
c:program filesNetropaOnscreen DisplayOSD.exe
c:program filesCommon FilesNokiaMPlatformNokiaMServer.exe
c:windowssystem32RUNDLL32.EXE
c:program filesAdobeAcrobat 7.0Readerreader_sl.exe
.
**************************************************************************
.
Completion time: 2010-07-03 21:51:23 — machine was rebooted
ComboFix-quarantined-files.txt 2010-07-03 17:51Pre-Run: 52 870 541 312 байт свободно
Post-Run: 52 864 536 576 байт свободноCurrent=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
— — End Of File — — 1C8B3C1819EA154BC2CE2D7F4A497F09Все сделал ComboFix 10-07-01.02 — Администратор 02.07.2010 23:52:15.3.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2047.1603 [GMT 4:00]
Running from: C:Documents and SettingsАдминистраторРабочий столComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:Program FilesCommon Fileskeylog.txt
C:WINDOWSsystem32AAaA40E.exe
C:WINDOWSsystem32EU6989e.exe
C:WINDOWSsystem32kupTIug.exe
C:WINDOWSsystem32LrKtvmp.exe
C:WINDOWSsystem32mEAR8QH.exe
C:WINDOWSsystem32RABPZ8r.exe
C:WINDOWSsystem32UB1HEgi.exe
C:WINDOWSsystem32wfrRMFR.exeInfected copy of C:WINDOWSsystem32msgsvc.dll was found and disinfected
Restored copy from — C:WINDOWSERDNTcachemsgsvc.dll.
((((((((((((((((((((((((( Files Created from 2010-06-02 to 2010-07-02 )))))))))))))))))))))))))))))))
.2010-07-02 15:18:23 . 2010-07-02 15:18:48
d
w- C:rsit
2010-06-29 18:56:31 . 2010-06-29 18:56:31 122368 —-a-w- C:WINDOWSsystem329oioZ9C.exe
2010-06-29 18:36:24 . 2010-06-29 18:36:24 122368 —-a-w- C:WINDOWSsystem32q4xDU9T.exe
2010-06-29 17:26:09 . 2010-06-29 17:26:09 56 —ha-w- C:WINDOWSsystem32ezsidmv.dat
2010-06-29 17:26:00 . 2010-06-29 17:26:00
d
w- C:Documents and SettingsАдминистраторApplication DataskypePM
2010-06-29 17:25:39 . 2010-06-29 17:25:39
d
w- C:Program FilesCommon FilesSkype
2010-06-29 17:23:13 . 2010-06-29 17:23:13 122368 —-a-w- C:WINDOWSsystem32NgmETKE.exe
2010-06-17 14:18:21 . 2010-06-17 14:18:21 217180 —-a-w- C:WINDOWSsystem32nvdrsdb0.bin
2010-06-17 14:18:18 . 2010-06-17 14:18:21 1 —-a-w- C:WINDOWSsystem32nvdrssel.bin
2010-06-17 14:18:18 . 2010-06-17 14:18:18 217180 —-a-w- C:WINDOWSsystem32nvdrsdb1.bin
2010-06-15 16:17:38 . 2010-06-17 09:41:56
d
w- C:Program FilesCommon FilesOpera
2010-06-03 10:26:32 . 2010-06-03 10:26:32
d
w- C:Documents and SettingsАдминистраторApplication DataNVIDIA
2010-06-03 09:48:30 . 2010-06-03 09:48:30
d
w- C:WINDOWSC5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2010-06-03 09:27:14 . 2010-06-03 09:39:17
d
w- C:Program FilesMass Effect 2.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-02 19:58:33 . 2008-03-03 14:10:13
d
w- C:Program FilesSteam
2010-07-02 19:36:02 . 2007-04-18 20:55:20
d
w- C:Program FilesMozilla Thunderbird
2010-07-02 15:06:56 . 2008-07-29 16:56:08
d
w- C:Documents and SettingsAll UsersApplication DataGoogle Updater
2010-06-29 18:16:23 . 2007-04-18 23:19:00
d
w- C:Documents and SettingsАдминистраторApplication DataSkype
2010-06-29 17:25:39 . 2007-04-18 23:18:46
d
r- C:Program FilesSkype
2010-06-29 17:25:36 . 2007-04-18 23:18:59
d
w- C:Documents and SettingsAll UsersApplication DataSkype
2010-06-17 14:18:52 . 2009-09-01 15:57:13
d
w- C:Program FilesNVIDIA Corporation
2010-06-17 09:54:12 . 2010-05-19 17:49:19 11264 —-a-w- C:WINDOWSsystem32driversuziyodu4.sys
2010-06-15 18:36:21 . 2007-04-14 12:44:47
d—h—w- C:Program FilesInstallShield Installation Information
2010-06-07 13:35:38 . 2010-06-07 13:35:38 81920 —-a-w- C:WINDOWSsystem32nvwddi.dll
2010-06-03 09:48:26 . 2008-11-02 15:30:18
d
w- C:Program FilesCommon FilesWise Installation Wizard
2010-06-03 09:47:57 . 2009-12-04 15:06:12
d
w- C:Program FilesCommon FilesBioWare
2010-05-28 13:29:27 . 2010-05-28 13:29:27 503808 —-a-w- C:Documents and SettingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-12904183-nmsvcp71.dll
2010-05-28 13:29:27 . 2010-05-28 13:29:27 499712 —-a-w- C:Documents and SettingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-12904183-njmc.dll
2010-05-28 13:29:27 . 2010-05-28 13:29:27 348160 —-a-w- C:Documents and SettingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-12904183-nmsvcr71.dll
2010-05-28 13:29:22 . 2010-05-28 13:29:22 61440 —-a-w- C:Documents and SettingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0505535ab32-733fbfe1-ndecora-sse.dll
2010-05-28 13:29:22 . 2010-05-28 13:29:22 12800 —-a-w- C:Documents and SettingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0505535ab32-733fbfe1-ndecora-d3d.dll
2010-05-28 08:58:26 . 2009-06-19 20:16:30 600680 —-a-w- C:WINDOWSsystem32NVUNINST.EXE
2010-05-24 11:12:11 . 2007-04-14 12:35:47 78328 -c—a-w- C:Documents and SettingsАдминистраторLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-05-20 12:20:18 . 2009-07-05 07:17:16 22 —-a-w- C:WINDOWSsystem32nvModes.dat
2010-05-19 17:08:26 . 2010-05-19 17:08:25 388096 —-a-r- C:Documents and SettingsАдминистраторApplication DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe
2010-05-19 17:08:25 . 2010-05-19 17:08:25
d
w- C:Program FilesTrend Micro
2010-05-19 16:48:06 . 2008-05-05 17:20:05
d
w- C:Documents and SettingsАдминистраторApplication DataUniblue
2010-05-19 16:48:01 . 2008-05-05 17:19:49
d
w- C:Program FilesUniblue
2010-05-15 08:34:46 . 2010-05-15 05:19:24
d
w- C:Program FilesEMOTIONSOFT
2010-05-15 05:19:26 . 2010-05-15 05:19:26 318 —-a-r- C:Documents and SettingsАдминистраторApplication DataMicrosoftInstaller{AD427252-C069-49F6-A0DC-C3235CF6576D}_DD036E56C627C6BE73B6BA.exe
2010-05-15 05:19:26 . 2010-05-15 05:19:26 318 —-a-r- C:Documents and SettingsАдминистраторApplication DataMicrosoftInstaller{AD427252-C069-49F6-A0DC-C3235CF6576D}_D63278A7B39D64734EEF6D.exe
2010-05-15 05:19:26 . 2010-05-15 05:19:26 318 —-a-r- C:Documents and SettingsАдминистраторApplication DataMicrosoftInstaller{AD427252-C069-49F6-A0DC-C3235CF6576D}_AF703F2E1E9CFA1FF8420A.exe
2010-05-15 05:19:26 . 2010-05-15 05:19:26 318 —-a-r- C:Documents and SettingsАдминистраторApplication DataMicrosoftInstaller{AD427252-C069-49F6-A0DC-C3235CF6576D}_37069BEA580CBFC01CB811.exe
2010-05-14 18:06:24 . 2010-01-12 12:10:21
d
w- C:Documents and SettingsАдминистраторApplication DatauTorrent
2010-05-14 14:18:18 . 2008-07-29 16:56:07
d
w- C:Program FilesGoogle
2010-05-07 15:22:27 . 2008-10-06 13:13:42
d
w- C:Documents and SettingsAll UsersApplication DataUbisoft
2010-05-07 15:05:13 . 2010-04-24 07:27:28
d
w- C:Program FilesUbisoft
2010-04-29 15:04:14 . 2010-04-29 15:04:13 691696 —-a-w- C:WINDOWSsystem32driverssptd.sys
2010-04-09 16:24:22 . 2010-04-09 16:24:22 503808 —-a-w- C:Documents and SettingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0541a209876-1a545971-nmsvcp71.dll
2010-04-09 16:24:22 . 2010-04-09 16:24:22 499712 —-a-w- C:Documents and SettingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0541a209876-1a545971-njmc.dll
2010-04-09 16:24:22 . 2010-04-09 16:24:22 348160 —-a-w- C:Documents and SettingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0541a209876-1a545971-nmsvcr71.dll
2010-04-09 16:24:20 . 2010-04-09 16:24:20 61440 —-a-w- C:Documents and SettingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0176d0ad391-3722c5d0-ndecora-sse.dll
2010-04-09 16:24:20 . 2010-04-09 16:24:20 12800 —-a-w- C:Documents and SettingsАдминистраторApplication DataSunJavaDeploymentSystemCache6.0176d0ad391-3722c5d0-ndecora-d3d.dll
2010-04-04 14:16:26 . 2008-12-14 10:42:38 752224 —-a-w- C:Documents and SettingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2010-01-30 11:24:34 . 2010-01-30 11:24:42 774144 —-a-w- C:Program FilesRngInterstitial.dll
2007-05-01 09:38:09 . 2007-05-01 08:53:21 21 -c—a-w- C:Program FilesCommon Filesappop.log
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«SpybotSD TeaTimer»=»C:Program FilesSpybot — Search & DestroyTeaTimer.exe» [2009-03-05 12:07:20 2260480]
«Steam»=»C:Program FilesSteamSteam.exe» [2010-05-07 14:51:28 1238352]
«NBJ»=»C:PROGRA~1AheadNEROBA~1NBJ.exe» [2005-05-19 16:38:08 1957888]
«AlcoholAutomount»=»C:Program FilesAlcohol SoftAlcohol 120AxAutoMntSrv.exe» [2009-11-15 09:42:00 33120][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NokiaMServer»=»C:Program FilesCommon FilesNokiaMPlatformNokiaMServer» [X]
«MULTIMEDIA KEYBOARD»=»C:Program FilesNetropaMultimedia KeyboardMMKeybd.exe» [2003-09-30 03:09:30 425984]
«NeroFilterCheck»=»C:WINDOWSsystem32NeroCheck.exe» [2001-07-09 08:50:42 155648]
«SSBkgdUpdate»=»C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe» [2006-10-25 06:03:38 210472]
«OpwareSE4″=»C:Program FilesScanSoftOmniPageSE4OpwareSE4.exe» [2007-02-04 09:02:14 79400]
«SoundMAXPnP»=»C:Program FilesAnalog DevicesCoresmax4pnp.exe» [2007-10-09 00:02:32 1036288]
«SunJavaUpdateSched»=»C:Program FilesCommon FilesJavaJava Updatejusched.exe» [2010-02-18 07:43:18 248040]
«avgnt»=»C:Program FilesAviraAntiVir Desktopavgnt.exe» [2009-03-02 09:08:58 209153]
«TkBellExe»=»C:Program FilesCommon FilesRealUpdate_OBrealsched.exe» [2010-03-15 16:39:49 202256]
«nwiz»=»C:Program FilesNVIDIA CorporationnViewnwiz.exe» [2010-06-02 20:48:04 1753192]
«NvCplDaemon»=»C:WINDOWSsystem32NvCpl.dll» [2010-06-07 13:35:22 13902440]
«NvMediaCenter»=»C:WINDOWSsystem32NvMcTray.dll» [2010-06-07 13:35:24 110696][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»C:WINDOWSsystem32CTFMON.EXE» [2002-12-31 12:00:00 15360][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«lanmanworkstation»=2 (0x2)
«lanmanserver»=2 (0x2)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe»=
«C:\Program Files\Steam\Steam.exe»=
«C:\Program Files\Pro Evolution Soccer 2009\pes2009.exe»=
«C:\Games\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe»=
«C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe»=
«C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe»=
«C:\Program Files\ICQ6.5\ICQ.exe»=
«C:\Program Files\Dragon Age\bin_ship\daorigins.exe»=
«C:\Program Files\Dragon Age\DAOriginsLauncher.exe»=
«C:\Program Files\uTorrent\uTorrent.exe»=
«C:\Program Files\Gaijin\Крылатые Хищники\launcher.exe»=
«C:\Program Files\Gaijin\Крылатые Хищники\aces.exe»=
«C:\Program Files\Gaijin\Крылатые Хищники\yuPlay\yuPlay.exe»=
«C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe»=
«C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe»=
«C:\Program Files\Ubisoft\Tom Clancy’s Splinter Cell Conviction\src\system\conviction_game.exe»=
«C:\Program Files\Ubisoft\Tom Clancy’s Splinter Cell Conviction\src\system\gu.exe»=
«C:\Ubisoft\Silent Hunter 5\sh5.exe»=
«C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe»=
«C:\Program Files\Mass Effect 2\MassEffect2Launcher.exe»=
«C:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«C:\Program Files\Skype\Phone\Skype.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«6176:TCP»= 6176:TCPR0 pe3amnqb;Anstoss 2007 Environment Driver (pe3amnqb);C:WINDOWSsystem32driverspe3amnqb.sys [02.08.2007 18:55:27 64632]
R0 ps6amnqb;Anstoss 2007 Synchronization Driver (ps6amnqb);C:WINDOWSsystem32driversps6amnqb.sys [02.08.2007 18:55:00 68224]
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:WINDOWSsystem32driversMsikbd2k.sys [19.04.2007 0:23:59 6656]
R1 uziyodu4;AVZ-RK Kernel Driver;C:WINDOWSsystem32driversuziyodu4.sys [19.05.2010 21:49:19 11264]
R2 AntiVirSchedulerService;Avira AntiVir Планировщик;C:Program FilesAviraAntiVir Desktopsched.exe [08.01.2010 13:39:43 108289]
R2 nhksrv;Netropa NHK Server;C:Program FilesNetropaMultimedia Keyboardnhksrv.exe [19.04.2007 0:24:00 28672]
S2 gupdate;Служба Google Update (gupdate);C:Program FilesGoogleUpdateGoogleUpdate.exe [03.07.2009 15:53:51 133104]
S2 pr2amnqb;Anstoss 2007 Drivers Auto Removal (pr2amnqb);C:WINDOWSsystem32pr2amnqb.exe svc —> C:WINDOWSsystem32pr2amnqb.exe svc [?]
S3 DAUpdaterSvc;Dragon Age: Начало — Контентное обновление;C:Program FilesDragon Agebin_shipdaupdatersvc.service.exe [16.12.2009 0:07:16 25832]
S3 GarenaPEngine;GarenaPEngine;??C:DOCUME~19335~1LOCALS~1TempHPT9CB.tmp —> C:DOCUME~19335~1LOCALS~1TempHPT9CB.tmp [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:WINDOWSsystem32driversnmwcdnsu.sys [26.12.2009 17:03:51 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:WINDOWSsystem32driversnmwcdnsuc.sys [26.12.2009 17:03:52 8320]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:WINDOWSsystem32driversRTL8187.sys [14.04.2007 16:46:29 176128]
S3 SjyPkt;SjyPkt;C:WINDOWSsystem32driversSjyPkt.sys [14.04.2007 16:46:28 13532]
S4 sptd;sptd;C:WINDOWSsystem32driverssptd.sys [29.04.2010 19:04:13 691696]
.
Contents of the ‘Scheduled Tasks’ folder2010-07-02 C:WINDOWSTasksGoogle Software Updater.job
— C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-07-29 16:56:07 . 2009-03-27 13:31:32]2010-07-02 C:WINDOWSTasksGoogleUpdateTaskMachineCore.job
— C:Program FilesGoogleUpdateGoogleUpdate.exe [2009-07-03 11:53:51 . 2009-07-03 11:53:49]2010-07-02 C:WINDOWSTasksGoogleUpdateTaskMachineUA.job
— C:Program FilesGoogleUpdateGoogleUpdate.exe [2009-07-03 11:53:51 . 2009-07-03 11:53:49]2010-07-02 C:WINDOWSTasksRealUpgradeLogonTaskS-1-5-21-725345543-515967899-2147187605-500.job
— C:Program FilesRealRealUpgraderealupgrade.exe [2010-02-24 19:09:42 . 2010-02-24 19:09:42]2010-07-02 C:WINDOWSTasksRealUpgradeScheduledTaskS-1-5-21-725345543-515967899-2147187605-500.job
— C:Program FilesRealRealUpgraderealupgrade.exe [2010-02-24 19:09:42 . 2010-02-24 19:09:42]2010-05-25 C:WINDOWSTasksUniblue SpeedUpMyPC Nag.job
— C:Program FilesUniblueSpeedUpMyPC 3SpeedUpMyPC.exe [2008-05-05 17:19:49 . 2008-04-02 05:50:22]2008-05-05 C:WINDOWSTasksUniblue SpeedUpMyPC.job
— C:Program FilesUniblueSpeedUpMyPC 3SpeedUpMyPC.exe [2008-05-05 17:19:49 . 2008-04-02 05:50:22]
.
.
Supplementary Scan
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &Экспорт в Microsoft Excel — C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: {{DAC5944B-F843-4b90-B605-09DE3360CDE6} — {61772ADE-7CC1-410B-A449-8EEED0930EDE} —
TCP: {048935CF-F262-4B0D-A172-B99BC4215F06} = 94.158.112.5
FF — ProfilePath — C:Documents and SettingsАдминистраторApplication DataMozillaFirefoxProfilesj7ppin35.default
FF — prefs.js: browser.search.selectedEngine — Google
FF — prefs.js: browser.startup.homepage — hxxp://ru.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:ru:official
FF — component: C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginFirefoxExtcomponentsnprpffbrowserrecordext.dll
FF — component: C:Program FilesMozilla Firefoxextensions{AB2CE124-6272-4b12-94A9-7303C7397BD1}componentsSkypeFfComponent.dll
FF — plugin: C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll
FF — plugin: C:Program FilesGoogleGoogle Updater2.4.1536.6592npCIDetect13.dll
FF — plugin: C:Program FilesGoogleUpdate1.2.183.23npGoogleOneClick8.dll
FF — plugin: C:Program FilesMozilla Firefoxpluginsnp-mswmp.dll
FF — plugin: C:Program FilesRealRealArcadePluginsMozillanpracplug.dll—- FIREFOX POLICIES —-
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.lu», true);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nu», true);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.nz», true);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgberp4a5d4ar», true);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--p1ai», true);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.xn--mgbayh7gpa», true);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«network.IDN.whitelist.tel», true);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«network.proxy.type», 5);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«dom.ipc.plugins.timeoutSecs», 45);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
C:Program FilesMozilla Firefoxgreprefsall.js — pref(«accelerometer.enabled», true);
C:Program FilesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
C:Program FilesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
C:Program FilesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
C:Program FilesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
C:Program FilesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
C:Program FilesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
C:Program FilesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
C:Program FilesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.nptest.dll», true);
C:Program FilesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npswf32.dll», true);
C:Program FilesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npctrl.dll», true);
C:Program FilesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled.npqtplugin.dll», true);
C:Program FilesMozilla Firefoxdefaultspreffirefox.js — pref(«dom.ipc.plugins.enabled», false);
.
.
File Associations
.
.scr=AutoCADScriptFile
.
— — — — ORPHANS REMOVED — — — —BHO-{422D016D-ACC7-4B28-A90F-437396175B82} — (no file)
BHO-{86AA1341-3F97-42EF-BDF9-F3686C65F729} — (no file)
BHO-{A1F254C7-DD01-4ABC-85CB-E6DFC64A4A74} — (no file)
HKCU-Run-Start WingMan Profiler — (no file)
AddRemove-NVIDIA Display Control Panel — C:Program FilesNVIDIA CorporationUninstallnvuninst.exe
