przez adamsio » 01 Lip 2009, 12:24
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1) Gecko/20090624 Firefox/3.5
przez adamsio » 01 Lip 2009, 20:46
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1) Gecko/20090624 Firefox/3.5
przez AJAN » 01 Lip 2009, 21:45
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11
Zapisz listę raportu)
Klikasz "Skanuj" Wybierasz dyski i skanujesz jak jakieś będą to Usuń i pokaż raport
przez adamsio » 01 Lip 2009, 22:37
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1) Gecko/20090624 Firefox/3.5
przez AJAN » 01 Lip 2009, 23:48
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11
przez adamsio » 02 Lip 2009, 12:45
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1) Gecko/20090624 Firefox/3.5
--------------------------------------------------------------------------------
RAPORT KASPERSKY ONLINE SCANNER 7.0
czwartek, 2 lipiec 2009
System operacyjny: Microsoft Windows XP Professional Dodatek Service Pack 3 (build 2600)
Wersja Kaspersky Online Scanner: 7.0.26.12
Data ostatniej aktualizacji bazy danych: Thursday, July 02, 2009 08:10:19
Liczba wpisów: 2413936
--------------------------------------------------------------------------------
Ustawienia skanowania:
Typ bazy danych użytej do skanowania: rozszerzona
Skanuj archiwa: tak
Skanuj pocztowe bazy danych: tak
Obszar skanowania - Mój komputer:
C:\
D:\
E:\
F:\
G:\
Statystyki skanowania:
Przeskanowanych plików: 62834
Nazwa zagrożenia: 1
Zainfekowanych obiektów: 1
Podejrzanych obiektów: 0
Czas skanowania: 01:07:39
Nazwa pliku / Nazwa zagrożenia / Liczba zagrożeń
C:\WINDOWS\system32\viwc.exe Zainfekowany: Trojan.Win32.Agent2.cdb 1
Wybrany obszar został przeskanowany.
przez AJAN » 02 Lip 2009, 21:19
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11
File::
C:\WINDOWS\system32\viwc.exe
- jak na obrazkuprzez adamsio » 02 Lip 2009, 21:41
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1) Gecko/20090624 Firefox/3.5
ComboFix 09-07-01.04 - Kamil 2009-07-02 21:35.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.726 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Kamil\Moje dokumenty\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Kamil\Moje dokumenty\CFScript.txt.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Outpost Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FILE ::
"c:\windows\system32\viwc.exe"
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\viwc.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2009-06-02 do 2009-07-02 )))))))))))))))))))))))))))))))
.
2009-07-01 20:30 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-01 20:30 . 2009-07-01 20:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-01 20:30 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-01 19:50 . 2009-07-01 19:50 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2009-06-07 09:20 . 2008-04-14 16:20 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-06-07 09:20 . 2008-04-14 16:20 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-06-03 16:30 . 2009-06-03 16:30 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nokia
2009-06-03 16:29 . 2009-03-19 11:48 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2009-06-03 16:28 . 2009-03-19 11:48 136704 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2009-06-03 16:28 . 2009-02-09 05:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-06-03 16:28 . 2009-02-09 05:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-06-03 16:28 . 2009-02-09 05:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-06-03 16:28 . 2009-02-09 05:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-06-03 16:28 . 2009-02-09 05:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-06-03 16:28 . 2009-02-09 05:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-06-03 16:27 . 2009-06-03 16:12 24549928 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_pl.exe
2009-06-03 16:27 . 2009-06-03 16:27 -------- d-----w- c:\program files\MSXML 6.0
2009-06-03 16:26 . 2009-06-03 16:26 36864 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe
2009-06-03 16:26 . 2009-06-03 16:26 3351812 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe
2009-06-03 16:26 . 2009-06-03 16:26 3181612 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 19:34 . 2008-12-16 19:14 -------- d-----w- c:\documents and settings\Kamil\Dane aplikacji\Skype
2009-07-02 14:00 . 2008-12-16 19:17 -------- d-----w- c:\documents and settings\Kamil\Dane aplikacji\skypePM
2009-07-01 20:53 . 2004-08-03 21:14 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-07-01 20:23 . 2009-04-26 14:50 95744 ----a-w- c:\documents and settings\All Users\Dane aplikacji\SpeedBit\DAP\Updates\Condition.dll
2009-06-30 16:15 . 2008-12-19 15:54 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-06-30 15:45 . 2008-12-15 19:09 1 ----a-w- c:\documents and settings\Kamil\Dane aplikacji\OpenOffice.ux.pl\3\user\uno_packages\cache\stamp.sys
2009-06-30 13:14 . 2009-01-11 13:54 83456 ----a-w- c:\documents and settings\All Users\Dane aplikacji\SpeedBit\DAP\SDCondition.dll
2009-06-19 11:42 . 2008-12-15 20:15 119138 ----a-w- c:\windows\hpoins11.dat
2009-06-13 17:16 . 2008-12-17 20:27 -------- d-----w- c:\program files\ALLPlayer
2009-06-07 09:18 . 2009-06-07 09:18 -------- d-----w- c:\program files\Vimicro
2009-06-07 09:18 . 2008-12-15 17:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-06 14:29 . 2001-10-26 16:15 66616 ----a-w- c:\windows\system32\perfc015.dat
2009-06-06 14:29 . 2001-10-26 16:15 389068 ----a-w- c:\windows\system32\perfh015.dat
2009-06-03 16:28 . 2009-01-22 18:55 -------- d-----w- c:\program files\Nokia
2009-06-03 16:26 . 2009-01-22 18:53 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Installations
2009-06-03 16:13 . 2009-01-22 18:59 -------- d-----w- c:\documents and settings\Kamil\Dane aplikacji\Nokia
2009-06-03 16:05 . 2009-01-22 18:59 -------- d-----w- c:\documents and settings\Kamil\Dane aplikacji\PC Suite
2009-05-27 14:38 . 2008-12-15 20:17 -------- d-----w- c:\program files\HP
2009-05-27 14:37 . 2009-05-27 14:37 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant
2009-05-26 13:23 . 2009-05-26 13:15 126798 ----a-w- c:\windows\HPHins12.dat
2009-05-26 13:21 . 2009-05-26 13:21 -------- d-----w- c:\program files\Common Files\HP
2009-05-26 13:19 . 2009-05-26 13:19 -------- d-----w- c:\program files\Hewlett-Packard
2009-05-26 13:15 . 2008-12-15 19:41 25800 ----a-w- c:\documents and settings\Kamil\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-05-25 18:44 . 2008-12-15 20:23 -------- d-----w- c:\documents and settings\Kamil\Dane aplikacji\Image Zone Express
2009-05-24 08:34 . 2009-05-24 06:05 -------- d-----w- c:\program files\Gothic III
2009-05-24 06:11 . 2009-05-24 06:11 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-05-24 06:11 . 2009-05-24 06:11 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-05-24 05:49 . 2009-05-24 05:49 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-05-24 05:49 . 2009-05-24 05:49 -------- d-----w- c:\program files\UltraISO
2009-05-23 12:35 . 2008-12-30 15:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-07 15:34 . 2004-08-03 22:44 347648 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 19:23 . 2009-05-04 19:23 -------- d-----w- c:\program files\ViSplore
2009-05-04 19:23 . 2009-05-04 19:23 -------- d-----w- c:\program files\TrueTransparency
2009-05-04 19:23 . 2009-05-04 19:23 -------- d-----w- c:\program files\WinFlip
2009-05-04 19:23 . 2009-05-04 19:23 -------- d-----w- c:\program files\ViStart
2009-05-04 19:23 . 2009-05-04 19:23 -------- d-----w- c:\program files\ViOrb
2009-05-04 19:23 . 2009-05-04 19:23 -------- d-----w- c:\program files\VisualTooltip
2009-05-04 19:23 . 2009-05-04 19:23 -------- d-----w- c:\program files\Styler
2009-05-04 19:23 . 2009-05-04 19:23 -------- d-----w- c:\program files\Vista Rainbar
2009-05-04 19:23 . 2009-05-04 19:23 -------- d-----w- c:\program files\LClock
2009-05-04 19:23 . 2009-05-04 19:23 -------- d-----w- c:\program files\Vista Drive Icon
2009-05-04 19:07 . 2009-05-04 19:02 -------- d-----w- c:\documents and settings\Kamil\Dane aplikacji\Winamp
2009-05-04 19:02 . 2009-05-04 19:02 -------- d-----w- c:\program files\Winamp
2009-05-04 18:42 . 2009-01-22 19:38 -------- d-----w- c:\documents and settings\Kamil\Dane aplikacji\Vso
2009-05-04 18:42 . 2009-01-22 19:38 47360 -c--a-w- c:\documents and settings\Kamil\Dane aplikacji\pcouffin.sys
2009-05-04 18:42 . 2009-01-22 19:38 47360 -c--a-w- c:\documents and settings\Kamil\Dane aplikacji\pcouffin.sys
2009-04-29 04:47 . 2004-08-03 22:44 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:47 . 2004-08-03 22:44 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-26 12:09 . 2009-04-26 12:09 15872 -c--a-r- c:\documents and settings\Kamil\Dane aplikacji\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
2009-04-19 19:51 . 2004-08-03 22:37 1847424 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:54 . 2004-08-03 22:44 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-14 08:59 . 2009-01-11 11:06 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-04-14 08:59 . 2009-01-11 11:05 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2007-12-23 738304]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2007-12-19 405504]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Kamil^Menu Start^Programy^Autostart^OpenOffice.ux.pl 3.0.lnk]
path=c:\documents and settings\Kamil\Menu Start\Programy\Autostart\OpenOffice.ux.pl 3.0.lnk
backup=c:\windows\pss\OpenOffice.ux.pl 3.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ServiceLayer"=3 (0x3)
"PnkBstrA"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"NVSvc"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"EhttpSrv"=3 (0x3)
"aspnet_state"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\master_adams\\counter-strike\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26868:TCP"= 26868:TCP:BitComet 26868 TCP
"26868:UDP"= 26868:UDP:BitComet 26868 UDP
R0 axwhisky;axwhisky;c:\windows\system32\drivers\axwhisky.sys [2003-07-02 5248]
R0 axwskbus;axwskbus;c:\windows\system32\drivers\axwskbus.sys [2003-07-02 124160]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-01-24 443424]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPortIO.SYS [2009-01-08 3584]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-01-24 200464]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2009-06-07 428160]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009-01-24 1232896]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2009-01-24 32896]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]
S3 FT3893;FT3893 Filter;c:\windows\system32\drivers\FT3893.sys [2009-01-18 30923]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [2008-06-24 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-06-03 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-06-03 8320]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.windowsxlive.net
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Kamil\Dane aplikacji\Mozilla\Firefox\Profiles\t5zpcaze.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.start.tcz.pl/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&gc=1&q=
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 21:38
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(1512)
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1640)
c:\windows\system32\scecli.dll
.
Czas ukończenia: 2009-07-02 21:39
ComboFix-quarantined-files.txt 2009-07-02 19:39
Przed: 12 518 043 648 bajtów wolnych
Po: 12 584 194 048 bajtów wolnych
262 --- E O F --- 2009-06-10 16:39
przez AJAN » 02 Lip 2009, 23:37
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11
Zapisz listę raportu)przez adamsio » 03 Lip 2009, 10:02
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1) Gecko/20090624 Firefox/3.5
przez adamsio » 03 Lip 2009, 11:43
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1) Gecko/20090624 Firefox/3.5
przez AJAN » 03 Lip 2009, 21:06
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11
Zarejestrowani użytkownicy: Bing [Bot]