Poslao: 27 Avg 2010 18:12
|
offline
- Pridružio: 25 Nov 2007
- Poruke: 296
|
ComboFix 10-08-26.04 - User 27.08.2010 18:03:35.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.547 [GMT 2:00]
Running from: d:\documents and settings\User\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt.txt
AV: avast! antivirus 4.8.1368 [VPS 100827-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\system32\cfgnm.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_EGRLKRHA
-------\Service_egrlkrha
((((((((((((((((((((((((( Files Created from 2010-07-27 to 2010-08-27 )))))))))))))))))))))))))))))))
.
2010-08-27 08:35 . 2010-08-27 08:35 -------- d-----w- c:\windows\system32\wbem\snmp
2010-08-27 08:35 . 2010-08-27 08:35 -------- d-----w- c:\windows\system32\xircom
2010-08-27 08:35 . 2010-08-27 08:35 -------- d-----w- c:\program files\microsoft frontpage
2010-08-27 08:33 . 2009-11-24 22:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-27 08:33 . 2009-11-24 22:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-27 08:24 . 2010-08-27 08:24 -------- d-----w- c:\program files\CCleaner
2010-08-27 06:42 . 2010-08-27 06:42 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Ahead
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
------- Sigcheck -------
[-] 2007-10-27 . A11391BE25035570AE4B8970920F2C74 . 360704 . . [5.1.2600.3002] . . c:\windows\system32\drivers\tcpip.sys
[-] 2007-10-27 . 24FCD8FB0C6BD0E5F3B1203769948336 . 2346752 . . [5.1.2600.3181] . . c:\windows\system32\ntoskrnl.exe
[-] 2007-10-27 . 95E8B55443BD91DAB5632924D2616A1E . 2223616 . . [5.1.2600.3181] . . c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-08-27_06.19.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-27 08:35 . 2010-08-27 08:35 16384 c:\windows\Temp\Perflib_Perfdata_7d8.dat
+ 2010-08-27 16:09 . 2010-08-27 16:09 16384 c:\windows\Temp\Perflib_Perfdata_7b0.dat
+ 2004-08-03 21:00 . 2010-08-27 08:37 40196 c:\windows\system32\perfc009.dat
- 2004-08-03 21:00 . 2010-08-27 05:49 40196 c:\windows\system32\perfc009.dat
+ 2010-01-26 20:51 . 2009-11-24 22:49 48560 c:\windows\system32\drivers\aswTdi.sys
+ 2010-01-26 20:51 . 2009-11-24 22:48 23120 c:\windows\system32\drivers\aswRdr.sys
+ 2010-01-26 20:51 . 2009-11-24 22:50 94160 c:\windows\system32\drivers\aswmon2.sys
+ 2010-01-26 20:51 . 2009-11-24 22:51 93424 c:\windows\system32\drivers\aswmon.sys
+ 2010-01-26 20:51 . 2009-11-24 22:47 27408 c:\windows\system32\drivers\aavmker4.sys
+ 2010-01-26 20:51 . 2009-11-24 22:47 97480 c:\windows\system32\AvastSS.scr
+ 2004-08-03 21:00 . 2010-08-27 08:37 311934 c:\windows\system32\perfh009.dat
- 2004-08-03 21:00 . 2010-08-27 05:49 311934 c:\windows\system32\perfh009.dat
+ 2010-01-26 20:50 . 2009-11-24 22:54 1280480 c:\windows\system32\aswBoot.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-09-26 1232384]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-13 8466432]
"nwiz"="nwiz.exe" [2007-07-13 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-13 81920]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-09-26 1232384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-10-27 124928]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-21 06:57 176128 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27.8.2010 10:33 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.8.2010 10:33 20560]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2007-10-27 07:26 124928 ----a-w- c:\windows\system32\advpack.dll
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ha1ryb16.default\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 18:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(820)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
- - - - - - - > 'explorer.exe'(3124)
c:\windows\system32\SHDOCVW.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2010-08-27 18:11:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-27 16:11
ComboFix2.txt 2010-08-27 06:20
Pre-Run: 149.318.332.416 bytes free
Post-Run: 149.261.434.880 bytes free
- - End Of File - - 15A779956FF3CEED73093B8D1BCEFDA7
|
|
|
|
Poslao: 27 Avg 2010 18:35
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8617
- Gde živiš: Novi Beograd
|
Otvoriti Notepad i iskopirati sledeci tekst:
File::
c:\windows\system32\cfgnm.dll
Snimiti na Desktop fajl iz Notepada kao "CFScript"
Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.
|
|
|
|
Poslao: 27 Avg 2010 19:15
|
offline
- Pridružio: 25 Nov 2007
- Poruke: 296
|
ComboFix 10-08-26.04 - User 27.08.2010 19:06:44.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.704 [GMT 2:00]
Running from: d:\documents and settings\User\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100827-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\system32\cfgnm.dll"
.
((((((((((((((((((((((((( Files Created from 2010-07-27 to 2010-08-27 )))))))))))))))))))))))))))))))
.
2010-08-27 08:35 . 2010-08-27 08:35 -------- d-----w- c:\windows\system32\wbem\snmp
2010-08-27 08:35 . 2010-08-27 08:35 -------- d-----w- c:\windows\system32\xircom
2010-08-27 08:35 . 2010-08-27 08:35 -------- d-----w- c:\program files\microsoft frontpage
2010-08-27 08:33 . 2009-11-24 22:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-27 08:33 . 2009-11-24 22:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-27 08:24 . 2010-08-27 08:24 -------- d-----w- c:\program files\CCleaner
2010-08-27 06:42 . 2010-08-27 06:42 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Ahead
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
------- Sigcheck -------
[-] 2007-10-27 . A11391BE25035570AE4B8970920F2C74 . 360704 . . [5.1.2600.3002] . . c:\windows\system32\drivers\tcpip.sys
[-] 2007-10-27 . 24FCD8FB0C6BD0E5F3B1203769948336 . 2346752 . . [5.1.2600.3181] . . c:\windows\system32\ntoskrnl.exe
[-] 2007-10-27 . 95E8B55443BD91DAB5632924D2616A1E . 2223616 . . [5.1.2600.3181] . . c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-08-27_06.19.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-27 16:43 . 2010-08-27 16:43 16384 c:\windows\Temp\Perflib_Perfdata_7ac.dat
+ 2004-08-03 21:00 . 2010-08-27 08:37 40196 c:\windows\system32\perfc009.dat
- 2004-08-03 21:00 . 2010-08-27 05:49 40196 c:\windows\system32\perfc009.dat
+ 2010-01-26 20:51 . 2009-11-24 22:49 48560 c:\windows\system32\drivers\aswTdi.sys
+ 2010-01-26 20:51 . 2009-11-24 22:48 23120 c:\windows\system32\drivers\aswRdr.sys
+ 2010-01-26 20:51 . 2009-11-24 22:50 94160 c:\windows\system32\drivers\aswmon2.sys
+ 2010-01-26 20:51 . 2009-11-24 22:51 93424 c:\windows\system32\drivers\aswmon.sys
+ 2010-01-26 20:51 . 2009-11-24 22:47 27408 c:\windows\system32\drivers\aavmker4.sys
+ 2010-01-26 20:51 . 2009-11-24 22:47 97480 c:\windows\system32\AvastSS.scr
+ 2004-08-03 21:00 . 2010-08-27 08:37 311934 c:\windows\system32\perfh009.dat
- 2004-08-03 21:00 . 2010-08-27 05:49 311934 c:\windows\system32\perfh009.dat
+ 2010-01-26 20:50 . 2009-11-24 22:54 1280480 c:\windows\system32\aswBoot.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-09-26 1232384]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-13 8466432]
"nwiz"="nwiz.exe" [2007-07-13 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-13 81920]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-09-26 1232384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-10-27 124928]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-21 06:57 176128 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27.8.2010 10:33 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.8.2010 10:33 20560]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2007-10-27 07:26 124928 ----a-w- c:\windows\system32\advpack.dll
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ha1ryb16.default\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 19:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(820)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
- - - - - - - > 'explorer.exe'(800)
c:\windows\system32\SHDOCVW.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2010-08-27 19:11:53
ComboFix-quarantined-files.txt 2010-08-27 17:11
ComboFix2.txt 2010-08-27 16:11
ComboFix3.txt 2010-08-27 06:20
Pre-Run: 149.254.963.200 bytes free
Post-Run: 149.248.188.416 bytes free
- - End Of File - - 2C539B020E6A5CC358BA16BAF544488D
|
|
|
|
|
Poslao: 27 Avg 2010 20:59
|
offline
- Pridružio: 25 Nov 2007
- Poruke: 296
|
Vala sam ispostavljao ovi logova dosta.
Vrijedilo je, hvala ti mnogo.
|
|
|
|