ferynico
Потребител
-
Регистрация
-
Последно онлайн
Всичко публикувано от ferynico
-
Здравейте,и аз мисля, че съм със същия проблем. Прочетох и приложих съветите на Maniac дословно. Ето резултата ComboFix.txt. Трябва ли да правя още нещо или с това се приключва ? ComboFix 09-12-21.04 - Sany 12/22/2009 13:16:11.1.2 - x86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1251.359.1033.18.2012.1277 [GMT 2:00] Running from: c:\users\Sany\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\nbkwlxkufpts.bat C:\ndocthwivhnotj.bat c:\program files\FunWebProducts c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL c:\program files\MyWebSearch\bar\1.bin\F3DTactl.dll c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dll c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE c:\program files\MyWebSearch\bar\1.bin\F3SCrctr.dll c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE c:\program files\MyWebSearch\bar\1.bin\M3HTml.dll c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3OUtlcn.dll c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files\MyWebSearch\bar\Game\CHESS.F3S c:\program files\MyWebSearch\bar\Game\REVERSI.F3S c:\program files\MyWebSearch\bar\icons\CM.ICO c:\program files\MyWebSearch\bar\icons\MFC.ICO c:\program files\MyWebSearch\bar\icons\PSS.ICO c:\program files\MyWebSearch\bar\icons\SMILEY.ICO c:\program files\MyWebSearch\bar\icons\WB.ICO c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files\MyWebSearch\bar\Message\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\DOG.F3S c:\program files\MyWebSearch\bar\Notifier\FISH.F3S c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files\MyWebSearch\bar\Notifier\MAID.F3S c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files\MyWebSearch\bar\Settings\s_pid.dat C:\vhoylvgoxf.bat c:\windows\system32\ammppg.dll c:\windows\system32\f3PSSavr.scr D:\autorun.inf D:\nbkwlxkufpts.bat D:\ndocthwivhnotj.bat D:\vhoylvgoxf.bat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Ias -------\Service_MyWebSearchService ((((((((((((((((((((((((( Files Created from 2009-11-22 to 2009-12-22 ))))))))))))))))))))))))))))))) . 2009-12-22 11:22 . 2009-12-22 11:25 -------- d-----w- c:\users\Sany\AppData\Local\temp 2009-12-22 11:22 . 2009-12-22 11:22 -------- d-----w- c:\users\user\AppData\Local\temp 2009-12-22 11:22 . 2009-12-22 11:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-12-21 14:10 . 2009-12-22 10:55 -------- d-----w- C:\Antivir 2009-12-21 13:58 . 2009-12-21 13:58 -------- d-----w- c:\users\Sany\AppData\Local\Apple 2009-12-21 13:39 . 2009-12-21 13:39 -------- d-----w- c:\programdata\Winferno 2009-12-21 13:35 . 2004-10-19 12:30 380928 ----a-w- c:\windows\3D Snowy Cottage Full.scr 2009-12-21 13:34 . 2009-12-21 13:34 -------- d-----w- c:\program files\Freeze.com 2009-12-21 13:34 . 2004-04-29 12:24 28672 ----a-w- c:\windows\vorbisfile.dll 2009-12-21 13:34 . 2004-04-29 12:24 974848 ----a-w- c:\windows\vorbis.dll 2009-12-21 13:34 . 2004-04-29 12:24 49152 ----a-w- c:\windows\ogg.dll 2009-12-21 13:34 . 2006-10-09 11:06 495616 ----a-w- c:\windows\system32\WINUTIL5.DLL 2009-12-21 13:34 . 2006-05-17 06:40 393216 ----a-w- c:\windows\system32\WINLCTL5.DLL 2009-12-21 13:34 . 2009-12-21 13:34 -------- d-----w- c:\program files\Winferno 2009-12-21 13:25 . 2009-12-21 13:25 -------- d-----w- c:\programdata\ParetoLogic 2009-12-21 13:25 . 2009-12-21 13:25 -------- d-----w- c:\program files\Common Files\ParetoLogic 2009-12-21 13:25 . 2009-12-21 13:25 -------- d-----w- c:\program files\Common Files\XoftSpySE 2009-12-21 13:25 . 2009-12-21 13:25 -------- d-----w- c:\programdata\XoftSpySE 2009-12-21 13:25 . 2009-12-21 13:25 99864 ----a-w- c:\users\Sany\AppData\Local\GDIPFONTCACHEV1.DAT 2009-12-21 13:25 . 2009-12-21 13:25 -------- d-----w- c:\program files\XoftSpySE6 2009-12-21 11:25 . 2009-12-21 11:25 -------- d-----w- c:\program files\Runtimeware.com 2009-12-21 10:03 . 2009-12-21 10:03 0 ----a-w- c:\windows\nsreg.dat 2009-12-21 10:03 . 2009-12-21 10:03 -------- d-----w- c:\users\Sany\AppData\Local\Mozilla 2009-12-16 16:27 . 2009-12-16 16:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-12-16 16:26 . 2009-12-16 16:26 -------- d-----w- c:\program files\Skype 2009-12-16 16:25 . 2009-12-16 16:26 -------- d-----w- c:\program files\Common Files\Skype 2009-12-16 12:21 . 2009-12-16 12:21 -------- d-----w- c:\users\Guest\AppData\Local\CyberDefender Internet Security 2009-12-15 13:46 . 2009-12-21 05:27 487424 ----a-w- c:\programdata\Xerox\WCProWIA\WCProInbox.exe 2009-12-15 13:46 . 2009-12-21 05:27 487424 ----a-w- c:\programdata\Xerox\WCProWIA\Templates\0000\0000.exe 2009-12-15 13:46 . 2009-12-21 05:27 487424 ----a-w- c:\programdata\Xerox\WCProWIA\0001\0001.scr 2009-12-15 13:46 . 2009-12-21 05:27 487424 ----a-w- c:\programdata\Xerox\WCProWIA\0000\0000.exe 2009-12-15 13:46 . 2009-12-21 05:26 487424 ----a-w- c:\programdata\Xerox\WCProWIA\Templates\Templates.bat 2009-12-15 13:46 . 2009-12-21 05:26 487424 ----a-w- c:\programdata\Xerox\WCProWIA\Templates\0001\0001.scr 2009-12-10 18:40 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-12-10 18:40 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll 2009-12-10 18:40 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys 2009-12-09 11:48 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll 2009-12-09 11:48 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll 2009-12-06 23:11 . 2009-12-06 23:11 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-12-04 12:45 . 2009-12-04 12:45 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-04 12:44 . 2009-12-04 12:44 -------- d-----w- c:\program files\Java 2009-11-26 19:59 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-25 07:54 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll 2009-11-25 07:54 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-22 11:27 . 2009-12-15 12:23 2408 ---h--w- c:\program files\vhoylvgoxfhefrghejvcmzjucltvstfu.sxj 2009-12-22 11:27 . 2009-12-15 12:23 280 ---h--w- c:\program files\zbyybbcazxpctvarezbyyb.caz 2009-12-22 11:26 . 2009-12-15 12:23 1332 ---h--w- c:\program files\mblyobpamxccgvnrrzoylbocnzkpptiaeem.lyo 2009-12-22 11:26 . 2009-12-15 12:06 569344 --sh--r- c:\windows\pngcbxuojdranlmzizxqml.exe 2009-12-22 11:26 . 2009-12-15 12:06 569344 --sh--r- c:\windows\yvnigbxqkdqykhhtbrogb.exe 2009-12-22 11:26 . 2009-12-15 12:06 569344 --sh--r- c:\windows\wrhawpjasjuakfdnthc.exe 2009-12-22 11:26 . 2009-12-15 12:06 569344 --sh--r- c:\windows\lfumhzsizpzenhensf.exe 2009-12-22 11:26 . 2009-12-15 12:06 569344 --sh--r- c:\windows\jfwqnhcunfryjfepwlhy.exe 2009-12-22 11:26 . 2009-12-15 12:06 569344 --sh--r- c:\windows\vnaqjzqethpszrmt.exe 2009-12-22 11:26 . 2009-12-15 12:06 569344 --sh--r- c:\windows\cvjauldsixgkslhpt.exe 2009-12-22 11:25 . 2009-12-15 12:06 569344 --sh--r- c:\windows\system32\pngcbxuojdranlmzizxqml.exe 2009-12-22 11:25 . 2009-12-15 12:06 569344 --sh--r- c:\windows\system32\yvnigbxqkdqykhhtbrogb.exe 2009-12-22 11:25 . 2009-12-15 12:06 569344 --sh--r- c:\windows\system32\wrhawpjasjuakfdnthc.exe 2009-12-22 11:25 . 2009-12-15 12:06 569344 --sh--r- c:\windows\system32\lfumhzsizpzenhensf.exe 2009-12-22 11:25 . 2009-12-15 12:06 569344 --sh--r- c:\windows\system32\cvjauldsixgkslhpt.exe 2009-12-22 11:24 . 2009-12-15 12:06 569344 --sh--r- c:\windows\system32\vnaqjzqethpszrmt.exe 2009-12-22 11:07 . 2009-12-15 12:23 2153 ---h--w- c:\program files\ndocthwivhnotjchirhsgxlamzlrsxnglmvl.kbp 2009-12-22 10:52 . 2009-12-15 12:06 569344 --sh--r- c:\windows\system32\jfwqnhcunfryjfepwlhy.exe 2009-12-21 09:48 . 2009-06-26 19:18 -------- d-----w- c:\users\user\AppData\Roaming\Skype 2009-12-21 09:20 . 2009-08-03 13:39 -------- d-----w- c:\users\user\AppData\Roaming\skypePM 2009-12-17 20:33 . 2009-06-22 13:17 1356 ----a-w- c:\users\user\AppData\Local\d3d9caps.dat 2009-12-17 14:14 . 2009-12-15 12:23 4488 ---h--w- c:\program files\qdlwkvhqajmkmzprpviqbpamvforpreuw.anv 2009-12-16 19:31 . 2009-07-01 07:16 -------- d-----w- c:\program files\BitComet 2009-12-16 16:26 . 2009-08-03 13:35 -------- d-----w- c:\programdata\Skype 2009-12-10 22:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-11-22 07:52 . 2009-11-22 07:52 -------- d-----w- c:\users\Guest\AppData\Roaming\Winamp 2009-11-22 00:35 . 2009-06-28 00:19 -------- d-----w- c:\users\Miss Shady\AppData\Roaming\Skype 2009-11-21 06:40 . 2009-12-09 11:53 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-21 06:34 . 2009-12-09 11:53 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-11-21 06:34 . 2009-12-09 11:53 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-11-21 04:59 . 2009-12-09 11:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-11-10 13:26 . 2009-11-10 13:26 -------- d-----w- c:\program files\Ask.com 2009-11-10 13:26 . 2009-11-10 13:26 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-11-10 13:21 . 2009-11-10 13:17 -------- d-----w- c:\program files\Xvid 2009-11-02 18:42 . 2009-10-03 13:55 195456 ------w- c:\windows\system32\MpSigStub.exe 2008-04-09 23:35 . 2008-04-09 23:35 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-06-16 15:22 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "qhtiapfsgtacizt"="wrhawpjasjuakfdnthc.exe" [2009-12-22 569344] "nbkwlxkufpts"="c:\users\Sany\AppData\Local\Temp\cvjauldsixgkslhpt.exe" [2009-12-22 569344] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "vnaqjzqethpszrmt"="yvnigbxqkdqykhhtbrogb.exe ." [X] "mblyobpamxccg"="c:\users\Sany\AppData\Local\Temp\lfumhzsizpzenhensf.exe" [2009-12-22 569344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-11 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-11 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-11 145944] "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136] "QuickTime Task"="d:\downloads\QTTask.exe" [2009-05-26 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-04 149280] "nbkwlxkufpts"="yvnigbxqkdqykhhtbrogb.exe" [2009-12-22 569344] "XoftSpySE"="c:\program files\XoftSpySE6\XoftSpySE.exe" [2009-10-23 4854040] "lfumhzsizpzenhensf"="c:\users\Sany\AppData\Local\Temp\yvnigbxqkdqykhhtbrogb.exe" [2009-12-22 569344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "mblyobpamxccg"="lfumhzsizpzenhensf.exe ." [X] "cvjauldsixgkslhpt"="c:\users\Sany\AppData\Local\Temp\lfumhzsizpzenhensf.exe" [2009-12-22 569344] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "ndocthwivhnotj"="yvnigbxqkdqykhhtbrogb.exe" [2009-12-22 569344] "qdlwkvhqajm"="c:\users\Sany\AppData\Local\Temp\jfwqnhcunfryjfepwlhy.exe" [2009-12-22 569344] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-14 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "EnableVirtualization"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "DisableRegistryTools"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2005-09-03 12:18 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor] 2008-10-31 09:17 54576 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2009-04-10 17:29 37888 ----a-w- c:\program files\Winamp\winampa.exe S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe --> c:\program files\System Control Manager\MSIService.exe [?] S3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [10/23/2009 11:58 PM 582424] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.bg/ IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {C18DF632-BFF1-4CD6-B221-C0AF809A82E7} = 192.168.0.1 FF - ProfilePath - c:\users\Sany\AppData\Roaming\Mozilla\Firefox\Profiles\yjf9ffb5.default\ FF - prefs.js: browser.search.selectedEngine - MyWebSearch FF - prefs.js: browser.startup.homepage - hxxp://www.google.bg/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=cg0827dIRufr89euO6HumA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npkanevapatch.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll FF - plugin: d:\downloads\Plugins\npqtplugin.dll FF - plugin: d:\downloads\Plugins\npqtplugin2.dll FF - plugin: d:\downloads\Plugins\npqtplugin3.dll FF - plugin: d:\downloads\Plugins\npqtplugin4.dll FF - plugin: d:\downloads\Plugins\npqtplugin5.dll FF - plugin: d:\downloads\Plugins\npqtplugin6.dll FF - plugin: d:\downloads\Plugins\npqtplugin7.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - HKLM-Run-NWEReboot - (no file) HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe AddRemove-Free YouTube Download_is1 - c:\users\user\Desktop\Free YouTube Download\unins000.exe AddRemove-save2pc Light_is1 - c:\users\user\Desktop\save2pc\unins000.exe AddRemove-save2pc_is1 - c:\users\user\Desktop\save2pc\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-22 13:25 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\TEMP\TMP00000001E970CF32F0284189 524288 bytes executable scan completed successfully hidden files: 1 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WLANExt.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\windows\System32\jfwqnhcunfryjfepwlhy.exe c:\windows\RtHDVCpl.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\wbem\unsecapp.exe c:\users\Sany\AppData\Local\Temp\wfjqahp.exe c:\users\Sany\AppData\Local\Temp\wfjqahp.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Completion time: 2009-12-22 13:29:26 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-22 11:29 Pre-Run: 2,121,576,448 bytes free Post-Run: 2,126,336,000 bytes free - - End Of File - - E558B1F6EEAF5255CE825A6A7A1C6EE5
Разглеждащи това в момента 0
- Няма регистрирани потребители разглеждащи тази страница.