Viruses, Spyware and...

Viruses, Spyware and other Nasties RSS

Homepage changed to about:blank can't change back

Thread Solved

« First

Last »

•

Join Date: Jul 2009

Posts: 30

Reputation: mysticwepx is an unknown quantity at this point

Solved Threads: 0

mysticwepx mysticwepx is offline

Offline

Light Poster

Re: Homepage changed to about:blank can't change back

#21

Jul 19th, 2009

Nope no improvement the website is still there...
Feeling like giveing up,if i leave it like this will anything happen?

•

Join Date: May 2009

Posts: 908

Reputation: Rik from RCE is on a distinguished road

Solved Threads: 68

Rik from RCE Rik from RCE is offline

Offline

Posting Shark

Re: Homepage changed to about:blank can't change back

#22

Jul 19th, 2009

I think that Thunder may be the case of your problems.
What exactly is that bit of software for and are you happy to uninstall it?
If you are happy to uninstall it, get revo uninstaller from here - http://www.revouninstaller.com/
Use it's most aggressive setting.

•

Join Date: Jul 2009

Posts: 30

Reputation: mysticwepx is an unknown quantity at this point

Solved Threads: 0

mysticwepx mysticwepx is offline

Offline

Light Poster

Re: Homepage changed to about:blank can't change back

#23

Jul 19th, 2009

Thunder software is to help me dl file faster and watch movie onlie.
I have uninstall it and useing the revouninstaller and restart the com it still the same

If i leave it like this is it bad?

•

Join Date: May 2009

Posts: 908

Reputation: Rik from RCE is on a distinguished road

Solved Threads: 68

Rik from RCE Rik from RCE is offline

Offline

Posting Shark

Re: Homepage changed to about:blank can't change back

#24

Jul 19th, 2009

It's not bad as such, but it's not correct.

One more thing to try, internet settings, homepage, set it to http:\www.google.com and see if it helps.
I noticed in your combofix log that something has set it to hxxp:\www.google.com.

•

Join Date: Jul 2009

Posts: 30

Reputation: mysticwepx is an unknown quantity at this point

Solved Threads: 0

mysticwepx mysticwepx is offline

Offline

Light Poster

Re: Homepage changed to about:blank can't change back

#25

Jul 19th, 2009

hmm still the same

•

Join Date: Jul 2009

Posts: 30

Reputation: mysticwepx is an unknown quantity at this point

Solved Threads: 0

mysticwepx mysticwepx is offline

Offline

Light Poster

Re: Homepage changed to about:blank can't change back

#26

Jul 19th, 2009

Rik from RCE Thanks you very much for hleping till so far,i guess i'm giveing up.

•

Join Date: May 2009

Posts: 908

Reputation: Rik from RCE is on a distinguished road

Solved Threads: 68

Rik from RCE Rik from RCE is offline

Offline

Posting Shark

Re: Homepage changed to about:blank can't change back

#27

Jul 19th, 2009

I must admit to being stumped too.

•

Join Date: Feb 2004

Posts: 10,013

Reputation: crunchie is a splendid one to behold

Solved Threads: 759

crunchie

Offline

Spyware Killer

Re: Homepage changed to about:blank can't change back

#28

Jul 19th, 2009

Can you post the log from combofix's first run. You will find it in C:\qoobox folder.

Download the HostsXpert.
Run it and press "Restore M$ Hosts File" and press "OK". Exit Program.
Note that if you have a custom host file, this will remove it.

Reboot and see if the redirect still occurs.

Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster

•

Join Date: Jul 2009

Posts: 30

Reputation: mysticwepx is an unknown quantity at this point

Solved Threads: 0

mysticwepx mysticwepx is offline

Offline

Light Poster

Re: Homepage changed to about:blank can't change back

#29

Jul 20th, 2009

The problem is still there after i restart my com
This the new log that i run combofix again the old 1 is at second page

ComboFix 09-07-19.04 - Owner -07-20 星期一 14:51.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.1033.18.2047.1696 [GMT -7:00]
执行位置: d:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( 2009-06-20 至 2009-07-20 的新的档案 )))))))))))))))))))))))))))))))
.

2009-07-20 21:43 . 2009-07-20 21:43 16384 ----atw- d:\temp\Perflib_Perfdata_7d4.dat
2009-07-20 21:37 . 2009-07-20 21:37 -------- d-----w- d:\program files\Common Files\Thunder Network
2009-07-20 21:37 . 2009-07-20 21:37 -------- d-----w- d:\program files\Thunder Network
2009-07-20 07:18 . 2009-07-20 07:18 -------- d-----w- d:\program files\VS Revo Group
2009-07-20 04:50 . 2009-07-20 04:50 -------- d-----w- d:\program files\CCleaner
2009-07-20 03:20 . 2009-04-30 21:22 12800 -c----w- d:\windows\system32\dllcache\xpshims.dll
2009-07-20 03:20 . 2009-04-30 21:22 1985024 -c----w- d:\windows\system32\dllcache\iertutil.dll
2009-07-20 03:20 . 2009-04-30 21:22 246272 -c----w- d:\windows\system32\dllcache\ieproxy.dll
2009-07-20 03:20 . 2009-04-30 21:22 11064832 -c----w- d:\windows\system32\dllcache\ieframe.dll
2009-07-19 23:32 . 2009-07-19 23:32 -------- d-----w- d:\documents and settings\Owner\Local Settings\Application Data\Google
2009-07-19 23:31 . 2009-07-19 23:32 -------- d-----w- d:\program files\Google
2009-07-19 09:35 . 2009-07-20 05:46 -------- d-----w- d:\temp\_avast4_
2009-07-19 03:24 . 2009-07-19 03:24 -------- d-----w- d:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-19 03:24 . 2009-07-19 03:24 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-17 06:42 . 2009-07-20 21:29 -------- d-----w- d:\program files\QvodPlayer
2009-07-14 02:37 . 2009-07-14 02:37 -------- d-----w- d:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2009-07-05 05:01 . 2009-07-05 05:01 -------- d-----w- d:\documents and settings\Owner\Application Data\AVS4YOU
2009-07-05 05:01 . 2009-07-05 05:01 -------- d-----w- d:\documents and settings\All Users\Application Data\AVS4YOU
2009-07-05 05:00 . 2009-07-05 05:01 -------- d-----w- d:\program files\Common Files\AVSMedia
2009-07-05 05:00 . 2008-08-13 18:22 974848 ----a-w- d:\windows\system32\mfc70.dll
2009-07-05 05:00 . 2008-08-13 18:22 487424 ----a-w- d:\windows\system32\msvcp70.dll
2009-07-05 05:00 . 2009-07-05 05:01 -------- d-----w- d:\program files\AVS4YOU
2009-07-05 05:00 . 2008-08-13 18:22 1700352 ----a-w- d:\windows\system32\GdiPlus.dll
2009-07-05 05:00 . 2008-08-13 18:22 24576 ----a-w- d:\windows\system32\msxml3a.dll
2009-07-05 04:52 . 2009-07-05 04:52 -------- d-----w- d:\documents and settings\Owner\Application Data\Red Kawa
2009-07-05 04:52 . 2009-07-06 21:49 -------- d-----w- d:\program files\WeFi
2009-07-05 04:51 . 2009-07-05 04:51 5931872 ----a-w- d:\documents and settings\Owner\Application Data\OpenCandy\WeFiSetup_5_141_4.exe
2009-07-05 04:51 . 2009-07-05 04:51 -------- d-----w- d:\documents and settings\Owner\Application Data\OpenCandy
2009-07-05 04:51 . 2009-07-05 04:51 -------- d-----w- d:\program files\Red Kawa
2009-07-05 04:47 . 2009-07-05 04:47 -------- d-----w- d:\program files\E-Zsoft
2009-07-05 04:24 . 2009-07-05 04:24 -------- d-----w- d:\program files\DVDVideoSoft
2009-07-05 03:55 . 2009-07-05 03:55 -------- d-----w- d:\documents and settings\Owner\Application Data\ImTOO Software Studio
2009-07-05 03:48 . 2002-01-05 22:37 344064 ----a-w- d:\windows\system32\msvcr70.dll
2009-07-05 03:48 . 2009-07-05 04:24 -------- d-----w- d:\program files\Common Files\DVDVideoSoft
2009-07-03 10:49 . 2009-07-03 10:49 -------- d-----w- d:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2009-07-02 23:35 . 2009-07-02 23:35 -------- d-----w- d:\program files\AviSynth 2.5
2009-07-02 23:32 . 2009-07-02 23:32 -------- d-----w- d:\program files\MSBuild
2009-07-02 23:29 . 2009-07-20 03:26 -------- d-----w- d:\windows\system32\XPSViewer
2009-07-02 23:29 . 2009-07-02 23:29 -------- d-----w- d:\program files\Reference Assemblies
2009-07-02 23:28 . 2006-06-29 20:07 14048 ------w- d:\windows\system32\spmsg2.dll
2009-07-02 22:07 . 2009-07-02 22:07 -------- d-----w- d:\program files\GVOD
2009-07-01 08:53 . 2009-07-01 08:53 1060864 ----a-w- d:\windows\system32\MFC71.dll

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 07:22 . 2009-05-12 08:36 3740 ----a-w- d:\windows\system32\cid_store.dat
2009-07-20 05:48 . 2009-05-11 20:11 22016 ----a-w- d:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-19 22:21 . 2009-05-12 00:34 139584 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2009-07-19 22:21 . 2009-05-12 00:34 189104 ----a-w- d:\windows\system32\PnkBstrB.exe
2009-07-19 02:10 . 2009-05-11 21:24 -------- d-----w- d:\program files\Warcraft III
2009-07-17 12:06 . 2009-05-11 21:43 -------- d-----w- d:\program files\MpcStar
2009-07-16 16:13 . 2009-05-16 04:06 -------- d-----w- d:\program files\Garena
2009-07-05 04:01 . 2009-05-13 00:23 -------- d-----w- d:\program files\Windows Media Connect 2
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- d:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- d:\windows\system32\t2embed.dll
2009-06-08 06:32 . 2009-06-08 06:32 -------- d-----w- d:\documents and settings\Owner\Application Data\DragonicaSCB
2009-06-08 05:42 . 2009-06-08 05:42 -------- d-----w- d:\program files\IAHGames
2009-06-08 05:37 . 2009-05-16 06:00 -------- d-----w- d:\program files\Windows Live
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- d:\windows\system32\quartz.dll
2009-05-29 08:59 . 2009-05-26 05:20 -------- d-----w- d:\documents and settings\Owner\Application Data\Skype
2009-05-29 08:59 . 2009-05-26 05:29 -------- d-----w- d:\documents and settings\Owner\Application Data\skypePM
2009-05-26 05:29 . 2009-05-26 05:29 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2009-05-26 05:20 . 2009-05-26 05:20 -------- d-----r- d:\program files\Skype
2009-05-26 05:20 . 2009-05-26 05:20 -------- d-----w- d:\documents and settings\All Users\Application Data\Skype
2009-05-26 05:20 . 2009-05-26 05:20 -------- d-----w- d:\program files\Common Files\Skype
2009-05-25 02:25 . 2009-05-25 02:25 410984 ----a-w- d:\windows\system32\deploytk.dll
2009-05-25 02:25 . 2009-05-25 02:25 -------- d-----w- d:\program files\Java
2009-05-25 02:25 . 2009-05-25 02:25 152576 ----a-w- d:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-24 23:24 . 2009-05-12 00:34 75064 ----a-w- d:\windows\system32\PnkBstrA.exe
2009-05-24 22:09 . 2009-05-24 22:09 22328 ----a-w- d:\documents and settings\Owner\Application Data\PnkBstrK.sys
2009-05-24 22:09 . 2009-05-24 22:09 22328 ----a-w- d:\documents and settings\Owner\Application Data\PnkBstrK.sys
2009-05-24 22:09 . 2009-05-11 20:40 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-05-24 21:47 . 2009-05-24 21:47 -------- d-----w- d:\program files\Activision
2009-05-13 05:15 . 2004-08-04 12:00 915456 ----a-w- d:\windows\system32\wininet.dll
2009-05-13 00:45 . 2009-05-11 19:45 76487 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-12 08:44 . 2009-05-12 08:44 0 ----a-w- d:\windows\nsreg.dat
2009-05-12 08:33 . 2009-05-12 08:33 20 ----a-w- d:\windows\system32\pub_store.dat
2009-05-11 21:41 . 2009-05-11 21:27 77641 ----a-w- d:\windows\War3Unin.dat
2009-05-11 21:41 . 2009-05-11 21:27 2829 ----a-w- d:\windows\War3Unin.pif
2009-05-11 21:41 . 2009-05-11 21:27 139264 ----a-w- d:\windows\War3Unin.exe
2009-05-11 19:43 . 2009-05-11 19:43 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- d:\windows\system32\localspl.dll
2009-05-04 20:09 . 2009-05-12 08:32 89600 ----a-w- d:\windows\system32\atl71.dll
2009-05-04 20:09 . 2009-05-12 08:32 499712 ----a-w- d:\windows\system32\msvcp71.dll
2009-05-04 20:09 . 2009-05-12 08:32 348160 ----a-w- d:\windows\system32\msvcr71.dll
2009-07-19 10:08 . 2009-07-14 02:36 137208 ----a-w- d:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-04 20:14 . 2009-07-20 21:37 36864 ----a-w- d:\program files\mozilla firefox\components\NsThunderLoader.dll
2009-05-04 20:14 . 2009-07-20 21:37 53248 ----a-w- d:\program files\mozilla firefox\components\ThunderComponent.dll
.

------- Sigcheck -------

[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 d:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D d:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E d:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 10:45 360320 01D5EAAFF224415A7FF513E4C882BE30 d:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 d:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2004-08-04 12:00 359040 C1783498EDB152656303B5D5BCABD86C d:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 d:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D d:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 4AFB3B0919649F95C1964AA1FAD27D73 d:\windows\system32\drivers\tcpip.sys

.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-08-24 13574144]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2008-08-24 86016]
"razer"="d:\program files\Razer\razerhid.exe" [2005-05-18 147456]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888]
"QuickTime Task"="d:\program files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2009-05-11 282624]
"PSPVideoConverter_upgrade"="d:\program files\E-Zsoft\PSPVideoConverter\PSPVideoConverter.exe" [2009-03-25 495616]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2008-08-24 1657376]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.EXE [2007-08-20 16384512]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Funshion Online\\Funshion\\Funshion.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"=

S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [2009-5-11 13:40 1684736]
S3 PciCon;PciCon;\??\f:\pcicon.sys --> f:\PciCon.sys [?]
S3 Razerlow;Razerlow USB Filter Driver;d:\windows\system32\drivers\Razerlow.sys [2009-5-11 14:04 13225]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"d:\windows\system32\rundll32.exe" "d:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.google.com.sg/
mStart Page = about:blank
IE: ê1ó???à×???? - d:\program files\Thunder Network\Thunder\Program\GetUrl.htm
IE: ê1ó???à×????è?2?á′?ó - d:\program files\Thunder Network\Thunder\Program\GetAllUrl.htm
IE: 使用迅雷下载 - d:\program files\Thunder Network\Thunder\Program\GetUrl.htm
IE: 使用迅雷下载全部链接 - d:\program files\Thunder Network\Thunder\Program\GetAllUrl.htm
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\program files\Thunder Network\Thunder\Thunder.exe
Trusted Zone: photobucket.com
FF - ProfilePath - d:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\hdcqx96q.default\
FF - plugin: d:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll

---- 火狐配置文件 ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 14:53
Windows 5.1.2600 Service Pack 3 NTFS

扫描被隐藏的进程。。。

扫描被隐藏的启动组。。。

扫描被隐藏的文件。。。

扫描完成
被隐藏的档案: 0

**************************************************************************
.
--------------------- 运行进程下的动态链接库 ---------------------

- - - - - - - > 'explorer.exe'(3608)
d:\windows\system32\WININET.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
完成时间: 2009-07-20 14:54
ComboFix-quarantined-files.txt 2009-07-20 21:54
ComboFix2.txt 2009-07-20 05:57

Pre-Run: 14,262,792,192 bytes free
Post-Run: 14,243,262,464 bytes free

231 --- E O F --- 2009-05-16 17:22

Thank in advance