offline
- Pridružio: 04 Mar 2005
- Poruke: 520
- Gde živiš: Zemun
|
Prvo mi je pokazao ovaj prozor
http://www.dodaj.rs/t/3o/Us/Z9K9YVM/dscn0158.jpg
A evo ga i log
https://www.mycity.rs/must-login.png
Malo sam se zeznuo... Na zarazenom racunaru sam otvorio IE da napisem odgovor a on je krenuo posle ucitanog home pagea da ide na neki (film-za-odrasle)- site pa sam iskljucio IE.
Posle toga se pokrenuo i poceo da skenira MS AntiSpyware 2009 i na prijavio da je nasao Vulnerbilities pa me pita Acitvate MS AntiSpyware 2009 ili stay unprotected.
Zaboravio sam u prvom postu da se zahvalim unapred.
ComboFix 09-01-21.04 - Stanica1 2009-01-24 12:06:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.511.320 [GMT 1:00]
Running from: c:\uros\C-F.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\qyzzigiryw.dll
c:\documents and settings\All Users\Application Data\Microsoft\Protect\svhost.exe
c:\documents and settings\All Users\Application Data\Microsoft\Protect\track.sys
c:\documents and settings\All Users\Application Data\svhost.exe
c:\documents and settings\Stanica1\Start Menu\Programs\Spyware Guard 2009
c:\documents and settings\Stanica1\Start Menu\Programs\Spyware Guard 2009\Spyware Guard 2009.lnk
c:\program files\FunWebProducts
c:\program files\Spyware Guard 2009
c:\program files\Spyware Guard 2009\conf.cfg
c:\program files\Spyware Guard 2009\mbase.vdb
c:\program files\Spyware Guard 2009\quarantine.vdb
c:\program files\Spyware Guard 2009\queue.vdb
c:\program files\Spyware Guard 2009\spywareguard.exe
c:\program files\Spyware Guard 2009\uninstall.exe
c:\program files\Spyware Guard 2009\vbase.vdb
c:\windows\IE4 Error Log.txt
c:\windows\reged.exe
c:\windows\spoolsystem.exe
c:\windows\sys.com
c:\windows\syscert.exe
c:\windows\sysexplorer.exe
c:\windows\system32\Cache
c:\windows\system32\drivers\TDSSmhct.sys
c:\windows\system32\Drivers\TDSSmumw.sys
c:\windows\system32\TDSSbvqh.dll
c:\windows\system32\TDSScrrn.dll
c:\windows\system32\TDSSdamv.dll
c:\windows\system32\TDSSdlif.dll
c:\windows\system32\TDSSfjaa.log
c:\windows\system32\TDSSgkql.dll
c:\windows\system32\TDSSgrxx.dll
c:\windows\system32\TDSSjfum.dll
c:\windows\system32\TDSSkhyp.log
c:\windows\system32\TDSSkkai.log
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSmtkt.dat
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnxca.dll
c:\windows\system32\TDSSotub.dll
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSwpyh.dat
c:\windows\system32\winscenter.exe
c:\windows\vmreg.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys
((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
.
2009-01-24 10:12 . 2009-01-24 10:22 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-23 16:44 . 2009-01-23 16:44 3,324 --a------ c:\windows\system32\PerfStringBackup.TMP
2009-01-23 16:28 . 2008-09-15 12:57 1,846,016 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-01-23 16:27 . 2008-08-14 10:51 138,368 -----c--- c:\windows\system32\dllcache\afd.sys
2009-01-23 16:01 . 2009-01-23 16:01 96,976 --a------ c:\windows\system32\drivers\klin.dat
2009-01-23 16:01 . 2009-01-23 16:01 87,855 --a------ c:\windows\system32\drivers\klick.dat
2009-01-23 16:00 . 2009-01-23 16:00 <DIR> d-------- c:\program files\Kaspersky Lab
2009-01-23 16:00 . 2009-01-24 12:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-23 16:00 . 2009-01-24 12:15 139,296 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-01-23 16:00 . 2009-01-24 12:13 1,668 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-01-23 16:00 . 2009-01-24 12:11 32 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-23 16:00 . 2009-01-24 12:11 32 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-23 15:58 . 2009-01-23 15:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-23 15:46 . 2004-08-04 00:56 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-23 15:45 . 2004-08-04 00:56 239,616 --------- c:\windows\system32\wstrenderer.ax
2009-01-23 15:45 . 2004-08-04 00:56 164,352 --------- c:\windows\system32\wstpager.ax
2009-01-23 15:45 . 2004-08-04 00:56 96,768 -----c--- c:\windows\system32\dllcache\dpcdll.dll
2009-01-23 15:45 . 2004-08-04 00:56 53,248 --------- c:\windows\system32\vbicodec.ax
2009-01-23 15:45 . 2004-08-04 00:56 10,752 --------- c:\windows\system32\smtpapi.dll
2009-01-23 15:45 . 2004-08-04 00:56 9,728 --------- c:\windows\system32\rwnh.dll
2009-01-23 15:45 . 2004-08-03 22:59 9,728 --------- c:\windows\system32\comsdupd.exe
2009-01-23 15:37 . 2004-08-04 00:56 2,897,920 --------- c:\windows\system32\xpsp2res.dll
2009-01-23 15:36 . 2004-07-17 11:40 19,528 --a------ c:\windows\002447_.tmp
2009-01-23 15:35 . 2005-02-25 04:35 22,752 --a------ c:\windows\system32\spupdsvc.exe
2009-01-23 15:26 . 2009-01-23 15:49 <DIR> d-------- C:\d6f4b6fb4a6a2bca5a2139e925793b
2009-01-20 11:11 . 2009-01-20 11:11 <DIR> d-------- c:\program files\Skype
2009-01-20 10:24 . 2008-07-23 14:12 7,851,704 --a------ c:\temp\spyhunterS.exe
2009-01-20 10:24 . 2008-07-18 16:40 1,076,384 --a------ c:\temp\def.dat
2009-01-20 10:24 . 2008-07-18 17:20 643,072 --a------ c:\temp\Common.dll
2009-01-20 10:12 . 2009-01-24 11:58 <DIR> d-------- C:\uros
2009-01-20 08:39 . 2009-01-20 08:39 <DIR> d-------- c:\program files\Enigma Software Group
2009-01-19 15:34 . 2009-01-20 11:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-15 17:22 . 2009-01-15 17:22 <DIR> d-------- c:\documents and settings\Stanica1\Application Data\skypePM
2009-01-15 17:22 . 2009-01-15 17:22 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-15 17:20 . 2009-01-20 11:11 <DIR> d-------- c:\program files\Skype(2)
2009-01-15 17:20 . 2009-01-20 11:11 <DIR> d-------- c:\program files\Google
2009-01-05 12:21 . 2009-01-05 12:21 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-05 12:04 . 2009-01-05 12:29 <DIR> d-------- c:\program files\NOS
2009-01-05 12:04 . 2009-01-05 12:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 11:14 --------- d-----w c:\documents and settings\Stanica1\Application Data\Skype
2009-01-23 14:56 --------- d-----w c:\program files\MSN Messenger
2009-01-23 14:20 --------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-01-23 13:36 --------- d-----w c:\documents and settings\All Users\Application Data\pdf995
2009-01-15 16:20 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-01-05 11:13 --------- d-----w c:\program files\Common Files\Adobe
2008-12-24 14:54 --------- d-----w c:\documents and settings\Stanica1\Application Data\U3
2006-04-11 10:42 44 -c--a-w c:\program files\launcher.ini
2006-04-11 10:42 23 -c--a-w c:\program files\QTW.TPR
2006-04-11 10:42 1,171 -c--a-w c:\program files\TPRTech.INI
2005-07-14 09:15 17,536 -c--a-w c:\documents and settings\Stanica1\Application Data\GDIPFONTCACHEV1.DAT
2004-11-07 11:57 41,571 -c--a-w c:\program files\mozilla firefox\components\jar50.dll
2004-11-07 11:57 48,221 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll
2004-11-07 11:57 158,821 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2008-09-02 15:04 398768 --a------ c:\program files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2002-01-08 401496]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2005-08-25 17679400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-09-23 4841472]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-10-06 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-11-11 206088]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2003-09-23 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"wave2"= vacumd.dll
"mixer1"= vacumd.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Canon iR1200-1300 Status Window.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Canon iR1200-1300 Status Window.LNK
backup=c:\windows\pss\Canon iR1200-1300 Status Window.LNKCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2002-01-08 01:24 401496 c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2005-10-06 17:03 278528 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
--a------ 2008-07-24 16:07 363591 c:\program files\Plaxo\3.14.0.44\PlaxoHelper_en.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2005-10-16 16:01 155648 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2005-08-25 22:00 17679400 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a--c--- 2002-04-24 04:02 12288 c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a--c--- 2004-12-02 09:34 37888 c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R1 VirtualAudioCable;Virtual Audio Cable;c:\windows\system32\drivers\vackmd.sys [2005-08-29 24064]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 LHidPPKE;Logitech SetPoint HID Function Driver;c:\windows\system32\drivers\LHidPPKE.Sys [2006-01-20 22497]
S4 RapidPortM2;RapidPortM2;\??\c:\windows\System32\Drivers\CAPM2LP.SYS --> c:\windows\System32\Drivers\CAPM2LP.SYS [?]
S4 Usbeserts;Usbeserts; [x]
.
Contents of the 'Scheduled Tasks' folder
2009-01-23 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 12:24]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-spywareguard - c:\program files\Spyware Guard 2009\spywareguard.exe
MSConfigStartUp-spywareguard - c:\program files\Spyware Guard 2009\spywareguard.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.refot.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} - hxxps://www.eiss.biz/eRoomSetup/client.cab
FF - ProfilePath -
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 12:13:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(996)
c:\windows\system32\vacumd.dll
- - - - - - - > 'lsass.exe'(1052)
c:\windows\system32\vacumd.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\ScsiAccess.EXE
c:\program files\MSN Messenger\usnsvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-24 12:17:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-24 11:17:27
Pre-Run: 3,476,205,568 bytes free
Post-Run: 3,515,293,696 bytes free
313 --- E O F --- 2009-01-24 09:14:00
|
) u donjem, desnom uglu ekrana i izaberi 
