Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Combo Fix

    Загружено:

    Baltaretu Catalina
    32 просмотров9 страниц

    Авторское право

    © Attribution Non-Commercial (BY-NC)

    Доступные форматы

    TXT, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате TXT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    32 просмотров9 страниц

    Combo Fix

    Загружено:

    Baltaretu Catalina

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате TXT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 9

    ComboFix 13-01-21.01 - cpu 21.01.2013 10:31:21.1.

    2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1428 [GMT 2:00
    ]
    Running from: c:\docume~1\cpu\LOCALS~1\Temp\ComboFix.exe
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    .
    C:\data
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\cpu\Application Data\PriceGong
    c:\documents and settings\cpu\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\cpu\Application Data\Toolbar4
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\all_games.png
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\arrow_refresh.png
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\basis.xml
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\07731e7af5244a41e77c92e0fd855c4d
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\1304a1579ee071a6a207d8f4bb4dd9ae
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\179ec0aee898317b28aa802678273c04
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\1b73e18dc1ec2c750658cb5a86eda2c8
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\31ec77371d84beb43315d93b14216624
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\35da709191736a2bdae4b4665616e60a
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\35f09e6ea32ac0928b80a113a37394c1
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\409283ce07ee72d87ff7b4ded85ce4b9
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\4458cd2b59d3b08452853ed051e0acb7
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\46ea2643634e121645313aac2804f4f2
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\48a4d889e9d6049893f1d481c4438a8b
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\4c290da86254fd07e114438cf2bfb1a4
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\4dd238afa8bcf33ce361e6a32215e04d
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\4f6749a6b040a6d4b7bd7d13474f2b10
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\5210185242143499dd9c9ece59d84114
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\56ac1fe780bccadbf2d88e80e65d6d25
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\59becf3e7c5e05c452dac28a534141a3
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\5a38469b56b83609d389dca7dd359397
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\5e1a58c27ae38d395245479db4d7c43d

    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7


    -0EAF0D857F5D}\cache\63fd7ec63530fdc082da140d0aedb281
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\6e30ab52c228faeab8c916244a7b2c7a
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\721a9ecab72859d95566baee5466c683
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\7d1d52eb4f04c7eb1909b68312ade0b9
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\918468493cce6de47017f51fab68468a
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\91bd6afe2be4c6dbae9209fc55e4456f
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\924e894f384767a0542ac4f4971a9dc2
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\93939cb74063d5babdc1ae48b3f6fa6d
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\a229dc4b401682b003caa8d92f291986
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\a9c7c5bc22afff6d72db93410f0caf09
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\ae11ed195257a4237ec3e8f8947a989e
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\b7e314fe3f0a08f1a29f24fe6f143884
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\bcbb561d50dada0c9cf13117f3bdf6f0
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\c5798211f7936b883bbf4eb2ae7bd85c
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\c5d3b6393542bb06d652b0011b37c74e
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\cc7b4885645c31647aeaf0e798f20bd0
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\cf56db65fbd387fd750e1668a5903033
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\d64fe71fc1aba598f639bea873447131
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\deac934dc79ed958b0d1439318c6cd0f
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\e22efa32be910213edf5e2f0e39ae363
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cache\ef4ee6d9b376c064a1cab14fb142387f
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\cog.png
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\computer_delete.png
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\fasttabs.add.png
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\fasttabs.default.png
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\fasttabs.html
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\fasttabs.jquery-ui-1.8.16.custom.css
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\fasttabs.loader.gif
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\fasttabs.ui-bg_flat_0_aaaaaa_40x100.png
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\fasttabs.ui-bg_flat_75_ffffff_40x100.png

    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7


    -0EAF0D857F5D}\fasttabs.ui-bg_glass_55_fbf9ee_1x400.png
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\fasttabs.ui-bg_glass_65_ffffff_1x400.png
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\fasttabs.ui-bg_glass_75_dadada_1x400.png
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\fasttabs.ui-bg_glass_75_e6e6e6_1x400.png
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\fasttabs.ui-bg_glass_95_fef1ec_1x400.png
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\fasttabs.ui-icons_222222_256x240.png
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\fasttabs.ui-icons_2e83ff_256x240.png
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\fasttabs.ui-icons_454545_256x240.png
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\fasttabs.ui-icons_cd0a0a_256x240.png
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\favicon.ico
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\favicon.png
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\hiddenwindow.xul
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\icons.bmp
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\include_files\65df0f4613c14a12a147b4364272af90
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\include_files\7f33cdcca86f5de29b71bbff32cae5c6
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\include_files\cbf3eba26c1bd2b5b94ea78afce28a79
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\info.txt
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\inst.tmp
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\jquery-1.6.2.min.js
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\jquery-ui-1.8.16.custom.min.js
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\json2.min.js
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\logo.png
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\new_games.png
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\play_now.png
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\search.png
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\TbHelper2.exe
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\top_games.png
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\uninstall.exe
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\version.txt
    c:\documents and settings\cpu\Application Data\Toolbar4\{5FC86FB3-A8B1-400B-8BE7
    -0EAF0D857F5D}\your_logo.png

    c:\program files\BrowserCompanion
    c:\program files\BrowserCompanion\BCHelper.exe
    c:\program files\BrowserCompanion\blabbers-ch.crx
    c:\program files\BrowserCompanion\blabbers-ff-full.xpi
    c:\program files\BrowserCompanion\jsloader.dll
    c:\program files\BrowserCompanion\logo.ico
    c:\program files\BrowserCompanion\sqlite3.dll
    c:\program files\BrowserCompanion\tdataprotocol.dll
    c:\program files\BrowserCompanion\toolbar.dll
    c:\program files\BrowserCompanion\updatebhoWin32.dll
    c:\program files\BrowserCompanion\updatebhoWin32.dll_1
    c:\program files\BrowserCompanion\updater.ini
    c:\program files\Funmoods
    c:\program files\Funmoods\1.5.23.22\bh\escort.dll
    c:\program files\Funmoods\1.5.23.22\escortApp.dll
    c:\program files\Funmoods\1.5.23.22\escortEng.dll
    c:\program files\Funmoods\1.5.23.22\escorTlbr.dll
    c:\program files\Funmoods\1.5.23.22\escortShld.dll
    c:\program files\Funmoods\1.5.23.22\FavIcon.ico
    c:\program files\Funmoods\1.5.23.22\funmoodssrv.exe
    c:\windows\system32\AutoRun.inf
    c:\windows\system32\sqlite3.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))
    ))))))))))))))))))))))))))))))
    .
    .
    -------\Service_amsint32
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-21 to 2013-01-21 )))))))
    ))))))))))))))))))))))))
    .
    .
    2013-01-21 09:33 . 2013-01-21 09:37
    -------d-----wC:\Setup
    2013-01-21 08:10 . 2013-01-21 08:10
    -------d-----wC:\TEMP
    2013-01-21 08:10 . 2013-01-21 08:14
    -------d-----wc:\windo
    ws\system32\wbem\Logs
    2013-01-21 06:22 . 2001-08-17 11:48
    12160 -c--a-wc:\windows\syste
    m32\dllcache\mouhid.sys
    2013-01-21 06:22 . 2001-08-17 11:48
    12160 ----a-wc:\windows\syste
    m32\drivers\mouhid.sys
    2013-01-21 06:22 . 2008-04-13 22:15
    10368 -c--a-wc:\windows\syste
    m32\dllcache\hidusb.sys
    2013-01-21 06:22 . 2008-04-13 22:15
    10368 ----a-wc:\windows\syste
    m32\drivers\hidusb.sys
    2013-01-14 07:08 . 2013-01-14 07:08
    96816 ----a-wc:\program files
    \Mozilla Firefox\webapprt-stub.exe
    2013-01-14 07:08 . 2013-01-14 07:08
    19504 ----a-wc:\program files
    \Mozilla Firefox\xpcom.dll
    2013-01-14 07:08 . 2013-01-14 07:08
    157864 ----a-wc:\program files
    \Mozilla Firefox\webapp-uninstaller.exe
    2013-01-14 07:08 . 2013-01-14 07:08
    17798192
    ----a-wc:\progr
    am files\Mozilla Firefox\xul.dll
    2013-01-10 07:07 . 2013-01-10 07:07
    -------d-----wc:\docum
    ents and settings\cpu\Application Data\BabSolution
    .
    .
    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))


    )))))))))))))))))))))))))))))))
    .
    2013-01-09 07:57 . 2012-10-24 11:20
    74248 ----a-wc:\windows\syste
    m32\FlashPlayerCPLApp.cpl
    2013-01-09 07:57 . 2012-10-24 11:20
    697864 ----a-wc:\windows\syste
    m32\FlashPlayerApp.exe
    2012-10-30 22:51 . 2012-09-13 12:48
    41224 ----a-wc:\windows\avast
    SS.scr
    2013-01-14 07:09 . 2012-12-06 11:02
    262704 ----a-wc:\program files
    \mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck ------Note: Unsigned files aren't necessarily malware.
    .
    [-] 2009-11-23 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512]
    . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskTo
    olbar.dll" [2012-06-06 1519304]
    "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtb
    DVD0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5
    f5}]
    2011-05-09 09:49
    176936 ----a-wc:\program files\DVDVideoSoftTB\
    prxtbDVD0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}"= "c:\program files\MyPlayCity Toolbar\t
    bunst20D.tmp\tbcore3.dll" [2012-01-31 2666112]
    "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtb
    DVD0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d}]
    [HKEY_CLASSES_ROOT\TBSB07116.TBSB07116.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\TBSB07116.TBSB07116]
    .
    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtb
    DVD0.dll" [2011-05-09 176936]
    "{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}"= "c:\program files\MyPlayCity Toolbar\t
    bunst20D.tmp\tbcore3.dll" [2012-01-31 2666112]
    .

    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    .
    [HKEY_CLASSES_ROOT\clsid\{5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d}]
    [HKEY_CLASSES_ROOT\TBSB07116.TBSB07116.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\TBSB07116.TBSB07116]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Driver Updater"="c:\program files\Carambis\Driver Updater\dupdater.exe" [2012-0
    3-11 4720176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2010-11-16 19722344]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-1203 946352]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [200
    7-03-11 49152]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
    "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-l
    sf?lic=TlVIRDQtWUg5UEUtTzNQNEUtUVJERUstR0RKWjctVk9YVUw&inst=NzYtOTM3OTg5MjU2LVNU
    MTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE&prod=55&ver=2012.0.1831&mid=63605e5a2050
    47d189c6c593af765f5b-a88398e2d09bfca31bf0308bffd3e7605d2759f8" [?]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra0
    8.exe [2007-3-11 210520]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SS
    Scheduler.exe [2012-9-5 271808]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001
    "FirewallDisableNotify"=dword:00000001
    "FirewallOverride"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "UacDisableNotify"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

    "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
    "c:\\WINDOWS\\RTHDCPL.EXE"=
    "c:\\Program Files\\AVG\\AVG2012\\avgtray.exe"=
    .
    R?2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\
    Update\NASvc.exe [5/4/2010 11:07 AM 503080]
    R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [8/19/2011 5:24 A
    M 2399560]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 A
    M 192776]
    R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;
    c:\windows\system32\drivers\l1c51x86.sys [9/16/2011 3:53 PM 65136]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/12/20
    11 5:23 AM 5265248]
    S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\syste
    m32\Drivers\SSPORT.sys [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/16/2011 3:52 PM 16
    91480]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program
    files\McAfee Security Scan\3.0.285\McCHSvc.exe [9/5/2012 5:56 PM 234776]
    .
    --- Other Services/Drivers In Memory --.
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ
    Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt
    REG_MULTI_SZ
    hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-24 07
    :57]
    .
    2013-01-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2012-06-06 18:33]
    .
    .
    ------- Supplementary Scan ------.
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://home.myplaycity.com/
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\documents and settings\cpu\Application Data\DVDVi
    deoSoftIEHelpers\freeyoutubedownload.htm
    IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resourc
    es\menuext.html
    IE: {{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857
    F5D} - c:\program files\MyPlayCity Toolbar\tbunst20D.tmp\tbcore3.dll
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\cpu\Application Data\Mozilla\Firefo
    x\Profiles\ax6yz4co.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&
    tb=FF&o=14594&locale=en_EU&apn_uid=fcb84b1a-3d97-4995-8bb6-18e850f24cd6&apn_ptnr

    s=FV&apn_sauid=0942D0FE-C865-4352-9D8B-1B2381F86FB7&apn_dtid=YYYYYYYYRO&&q=
    .
    - - - - ORPHANS REMOVED - - - .
    ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
    HKCU-Run-Messenger (Yahoo!) - ~c:\program files\Yahoo!\Messenger\YahooMessenger.
    exe
    HKLM-Run-NBAgent - c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
    HKLM-Run-Browser companion helper - c:\program files\BrowserCompanion\BCHelper.e
    xe
    AddRemove-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.
    17\uninstall.exe
    AddRemove-BrowserCompanion - c:\program files\BrowserCompanion\uninstall.exe
    AddRemove-BSPlayerf - c:\program files\Webteh\BSplayer\uninstall.exe
    AddRemove-FormatFactory - c:\program files\FreeTime\FormatFactory\uninst.exe
    AddRemove-funmoods - c:\progra~1\Funmoods\1.5.23.22\uninstall.exe
    AddRemove-HP Imaging Device Functions - c:\program files\HP\Digital Imaging\Devi
    ceManagement\hpzscr01.exe
    AddRemove-HP Photosmart Essential - c:\program files\HP\Digital Imaging\PhotoSma
    rtEssential\hpzscr01.exe
    AddRemove-HP Solution Center & Imaging Support Tools - c:\program files\HP\Digit
    al Imaging\eSupport\hpzscr01.exe
    AddRemove-KLiteCodecPack_is1 - c:\program files\K-Lite Codec Pack\unins000.exe
    AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall
    .exe
    AddRemove-MyPlayCity Toolbar - c:\program files\MyPlayCity Toolbar\tbunst20D.tmp
    \uninstaller.exe
    AddRemove-Nero - Burning Rom!UninstallKey - c:\program files\Ahead\nero\uninstal
    l\UNNERO.exe
    AddRemove-Picasa 3 - c:\program files\Google\Picasa3\Uninstall.exe
    AddRemove-PrimoPDF - c:\program files\Nitro PDF\PrimoPDF\uninstaller.exe
    AddRemove-Prism - c:\program files\NCH Software\Prism\uninst.exe
    AddRemove-Samsung SCX-4x21 Series - c:\program files\Samsung\Samsung SCX-4x21 Se
    ries\Install\Setup.exe
    AddRemove-VideoPad - c:\program files\NCH Software\VideoPad\uninst.exe
    AddRemove-VLC media player - c:\program files\VideoLAN\VLC\uninstall.exe
    AddRemove-Winamp - c:\program files\Winamp\UninstWA.exe
    AddRemove-Yahoo! Companion - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
    AddRemove-Yahoo! Messenger - c:\progra~1\Yahoo!\MESSEN~1\UNWISE.EXE
    AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
    AddRemove-_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F} - c:\program files\Common File
    s\Corel\Shared\Shell Extension\ShellUninst.exe
    AddRemove-_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051} - c:\program files\Corel\Corel
    DRAW Graphics Suite X5\Setup\SetupARP.exe
    AddRemove-{3108C217-BE83-42E4-AE9E-A56A2A92E549} - c:\program files\InstallShiel
    d Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe
    AddRemove-{46ea8446-fb61-4228-99c8-9e0498676e72} - c:\program files\Common Files
    \Nero\Nero ProductInstaller 4\SetupX.exe
    AddRemove-{B2C61EBB-F47C-48ba-B375-27A40F8F48F7} - c:\program files\HP\Digital I
    maging\{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}\setup\hpzscr01.exe
    AddRemove-Funmoods Web Search - c:\progra~1\Funmoods\1.5.23.22\uninstall.exe
    AddRemove-Winamp Detect - c:\program files\Winamp Detect\UninstWaDetect.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2013-01-21 10:35

    Windows 5.1.2600 Service Pack 3 NTFS


    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes --------------------.
    - - - - - - - > 'winlogon.exe'(720)
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'explorer.exe'(2932)
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\wpdshserviceobj.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\portabledevicetypes.dll
    c:\windows\system32\portabledeviceapi.dll
    .
    ------------------------ Other Running Processes -----------------------.
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\windows\system32\imapi.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2013-01-21 10:36:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-01-21 08:36
    .
    Pre-Run: 32.706.424.832 bytes free
    Post-Run: 32.557.088.768 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
    /noexecute=optin /fastdetect
    .
    - - End Of File - - E12C04FA3A7F1A24FE70D6C3AB846B9C

    Вам также может понравиться