Her er loggen fra ComboFix. Jeg har lige fået at vide, at vores hjemmeside har været hakket. Kan det været sket gennem denne computer? De øvrige computere her er MACs udover en enkelt anden PC, som kører med Avast-beskyttelse.
Det er fedt, at I kan hjælpe :) Hvad er næste skridt?
ComboFix 09-04-20.05 - HP_Ejer 20-04-2009 10:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.2047.1642 [GMT 2:00]
K¯rer fra: c:\documents and settings\HP_Ejer\Skrivebord\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090419-0] *On-access scanning disabled* (Updated)
* Dannede nyt systemgendannelsespunkt
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\HP_Ejer\Lokale indstillinger\Temporary Internet Files\CPV.stt
c:\programmer\FÊlles filer\download
c:\programmer\FÊlles filer\inetget
c:\programmer\FÊlles filer\windows
c:\programmer\FÊlles filer\windows\AutoIt3.exe
c:\programmer\FÊlles filer\windows\psapi.dll
c:\windows\system32\acrnxbvc.ini
c:\windows\system32\activedsy.exe
c:\windows\system32\agxqub.dll
c:\windows\system32\ancwsolv.ini
c:\windows\system32\atxtdxaq.ini
c:\windows\system32\bhhhhutn.ini
c:\windows\system32\btjixysm.ini
c:\windows\system32\ccuoguek.ini
c:\windows\system32\crypts.dll
c:\windows\system32\digiwet.dll
c:\windows\system32\dnxtfukg.ini
c:\windows\system32\dvenjndn.ini
c:\windows\system32\dvxynpcp.ini
c:\windows\system32\ebbnvdvk.ini
c:\windows\system32\igafwpav.ini
c:\windows\system32\ijsgoufx.ini
c:\windows\system32\inctefrl.ini
c:\windows\system32\jkobtgop.ini
c:\windows\system32\lcnkrokl.ini
c:\windows\system32\lmiecxpf.ini
c:\windows\system32\loesvfvk.ini
c:\windows\system32\lubaquqi.ini
c:\windows\system32\lvdcvlja.ini
c:\windows\system32\ncskbvkj.dll
c:\windows\system32\nwypwims.ini
c:\windows\system32\ohrgohfd.dll
c:\windows\system32\oqhnlssh.ini
c:\windows\system32\pfmsjthk.ini
c:\windows\system32\ptsotlls.ini
c:\windows\system32\pxhwptio.ini
c:\windows\system32\pYJlonpo.ini
c:\windows\system32\pYJlonpo.ini2
c:\windows\system32\qfotvnrd.ini
c:\windows\system32\qmnxfyfy.dll
c:\windows\system32\rqviacqf.dll
c:\windows\system32\rtxwyqrv.ini
c:\windows\system32\rxtwehtm.ini
c:\windows\system32\skdmrg.dll
c:\windows\system32\sxavyvts.ini
c:\windows\system32\sxkedfrg.ini
c:\windows\system32\ucvheqkh.ini
c:\windows\system32\udwwsnpu.ini
c:\windows\system32\uokbeciy.ini
c:\windows\system32\vunkquiv.ini
c:\windows\system32\wsbnnl.dll
c:\windows\system32\yzqpwr.dll
D:\Autorun.inf
c:\windows\system32\drivers\str.sys . . . . lykkedes ikke at slette
.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SAMSSRPCSS
-------\Service_SamSsRpcSs
((((((((((((((((((((((((((((( Filer skabt fra 2009-03-20 til 2009-04-20 )))))))))))))))))))))))))))))))))))
.
2009-04-20 08:38 . 2009-04-20 08:38 20480 --sha-w c:\windows\system32\accessn.dll
2009-04-20 08:37 . 2009-04-20 08:38 86 --s-a-w c:\windows\system32\283006063.dat
2009-04-17 10:20 . 2009-04-17 10:20 -------- d-----w c:\documents and settings\HP_Ejer\Application Data\Malwarebytes
2009-04-17 10:20 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-17 10:20 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-17 10:20 . 2009-04-17 10:23 -------- d-----w c:\programmer\Malwarebytes' Anti-Malware
2009-04-17 10:20 . 2009-04-17 10:20 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-16 14:31 . 2009-04-16 14:31 578560 -c--a-w c:\windows\system32\dllcache\user32.dll
2009-04-16 14:28 . 2009-04-16 14:28 -------- d-----w c:\windows\ERUNT
2009-04-16 14:24 . 2009-04-17 07:14 -------- d-----w C:\SDFix
2009-04-16 09:45 . 2009-04-16 09:45 -------- d-----w c:\documents and settings\HP_Ejer\DoctorWeb
2009-04-16 08:56 . 2009-04-16 08:56 -------- d--h--r c:\documents and settings\All Users\Application Data\Atheros
2009-04-16 08:54 . 2009-04-16 08:54 -------- d-----w c:\programmer\NETGEAR
2009-04-16 08:54 . 2009-04-16 08:54 -------- d-----w c:\documents and settings\All Users\Application Data\NETGEAR
2009-04-14 11:09 . 2009-04-14 11:09 -------- d-----w c:\programmer\Alwil Software
2009-04-03 11:02 . 2009-04-03 11:02 -------- d-----w c:\programmer\CCleaner
2009-03-26 12:19 . 2009-03-27 19:22 283 ----a-w c:\windows\system32\ub.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 08:56 . 2004-01-01 09:27 -------- d--h--w c:\programmer\InstallShield Installation Information
2009-04-14 12:30 . 2005-11-30 14:55 -------- d-----w c:\programmer\Freeprod Toolbar
2009-04-14 11:09 . 2005-12-02 09:15 -------- d-----w c:\programmer\NaviSearch
2009-04-14 11:09 . 2005-12-02 09:15 -------- d-----w c:\programmer\BullsEye Network
2009-04-14 11:02 . 2004-01-01 07:07 -------- d-----w c:\programmer\Symantec
2009-04-14 11:02 . 2004-01-01 07:07 -------- d-----w c:\programmer\FÊlles filer\Symantec Shared
2009-04-03 11:14 . 2004-01-01 15:22 75196 ----a-w c:\windows\system32\perfc006.dat
2009-04-03 11:14 . 2004-01-01 15:22 420068 ----a-w c:\windows\system32\perfh006.dat
2009-04-03 10:54 . 2004-01-01 07:07 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-03 10:44 . 2004-01-01 08:05 -------- d-----w c:\programmer\Java
2009-03-13 08:46 . 2009-03-13 08:46 -------- d-----w c:\documents and settings\HP_Ejer\Application Data\Twain
2009-03-09 03:19 . 2009-03-05 14:39 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 09:17 . 2004-01-01 07:30 80647 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-03-06 09:12 . 2004-01-01 15:22 250576 --sha-r C:\ntldr
2009-02-09 14:07 . 2004-01-01 15:22 1846784 ----a-w c:\windows\system32\win32k.sys
2006-07-07 10:57 . 2006-07-07 10:56 142 ----a-w c:\documents and settings\Administrator\Lokale indstillinger\Application Data\fusioncache.dat
2005-06-10 13:20 . 2004-12-10 14:39 71800 ----a-w c:\documents and settings\HP_Ejer\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2004-12-10 14:39 . 2004-12-08 12:09 136 ----a-w c:\documents and settings\HP_Ejer\Lokale indstillinger\Application Data\fusioncache.dat
2005-05-11 17:2005-06-30 12:04 34:00 . c:\programmer\mozilla firefox\components\jar50.dll
2005-05-11 17:2005-06-30 12:04 34:00 . c:\programmer\mozilla firefox\components\jsd3250.dll
2005-05-11 17:2005-06-30 12:04 34:00 . c:\programmer\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*BemÊrk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"SiS Windows KeyHook"="c:\windows\System32\keyhook.exe" [2004-05-20 249856]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 339968]
"DAEMON Tools-1033"="c:\programmer\D-Tools\daemon.exe" [2004-08-22 81920]
"ATICCC"="c:\programmer\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-01 73728]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-07-06 2550272]
c:\documents and settings\HP_Ejer\Menuen Start\Programmer\Start\
Corel Registration.lnk - c:\programmer\Corel\Graphics9\Register\Remind32.exe [2005-3-3 67584]
c:\documents and settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - c:\programmer\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
NETGEAR WN111v2 Smart Wizard.lnk - c:\programmer\NETGEAR\WN111v2\WN111V2.exe [2008-5-9 1474631]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2service.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\casecuritycenter.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FAMEH32.EXE]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVServer.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWin.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32st.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMA32.EXE]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe]
"Debugger"=ntsd -d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll]
"Debugger"=ntsd -d
[HKLM\~\startupfolder\c:^documents and settings^all users^menuen start^programmer^start^adobe reader hurtigstart.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=c:\windows\pss\Adobe Reader Hurtigstart.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"SNDSrvc"=3 (0x3)
"ose"=3 (0x3)
"iPodService"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Programmer\\Autodesk\\backburner\\monitor.exe"=
"c:\\Programmer\\Autodesk\\backburner\\manager.exe"=
"c:\\Programmer\\Autodesk\\backburner\\server.exe"=
"c:\\Programmer\\SmartFTP\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 89fd950;89fd950; [x]
S1 aswsp;avast! Self Protection; [x]
S2 aswfsblk;aswfsblk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S3 dnindis5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Ujafrofb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\autorun.exe
.
- - - - TOMME GENVEJE FJERNET - - - -
BHO-{fe887f31-69c0-4a97-937f-e76930556d3b} - (no file)
HKCU-Run-Sonic RecordNow! - (no file)
HKLM-Run-VTTimer - VTTimer.exe
Notify-gebspnlb - geBspnLb.dll
.
------- Yderligere scanning -------
.
uStart Page =
hxxp://www.google.com/uDefault_Search_URL =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q404&bd=pavilion&pf=desktopmSearch Bar =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q404&bd=pavilion&pf=desktopuInternet Connection Wizard,ShellNext = iexplore
IE: Bloker alle billeder fra den samme server - c:\programmer\Avant Browser\AddAllToADBlackList.htm
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Marker forekomster af ord p denne side - c:\programmer\Avant Browser\Highlight.htm
IE: S¯g p ord - c:\programmer\Avant Browser\Search.htm
IE: Tilf¯j til AD Black List - c:\programmer\Avant Browser\AddToADBlackList.htm
IE: ≈ben alle links p denne side... - c:\programmer\Avant Browser\OpenAllLinks.htm
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} -
hxxps://www.sparlolland.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cabFF - ProfilePath -
---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "
chrome://mozapps/locale/update/update.properties");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "
chrome://browser/content/searchconfig.properties");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "
chrome://browser/content/searchconfig.properties");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "
chrome://mozapps/locale/plugins/plugins.properties");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-20 10:53
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
c:\windows\system32\drivers\str.sys 0 bytes
c:\windows\system32\drivers\rjjasotfffv.sys 31104 bytes executable
scanning gennemf¯rt med succes
skjulte filer: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gyuwcubnkcii]
"ImagePath"="\??\c:\windows\system32\drivers\rjjasotfffv.sys"
--
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSsRpcSs]
"ImagePath"="c:\windows\system32\activedsy.exe srv"
.
--------------------- DLLs startet under k¯rende Processer ---------------------
- - - - - - - > 'winlogon.exe'(1156)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Andre k¯rende processer ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\acs.exe
c:\programmer\FÊlles filer\Autodesk Shared\Service\AdskScSrv.exe
c:\windows\system32\drivers\CDANTSRV.EXE
c:\programmer\FÊlles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmer\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Gennemf¯rt tid: 2009-04-20 10:56 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2009-04-20 08:56
Pre-K¯rsel: 135.457.615.872 byte ledig
Post-K¯rsel: 136.051.482.624 byte ledig
369 --- E O F --- 2009-03-12 02:00