Не могу удалить всплывающее окно информера в Explorer

This topic has 1 ответ, 2 участника, and was last updated 16 years, 7 months назад by Admin.

Просмотр 2 сообщений - с 1 по 2 (из 2 всего)

Автор

Сообщения
30 ноября, 2008 в 2:27 пп #15969
Аноним
Гость
- Темы:532
- Сообщений:1553
Cкачал Combofix,проделал операции,информер не удалился.

ComboFix 08-11-29.03 — User 2008-11-30 19:19:32.1 — NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.1.1049.18.687 [GMT 6:00]
Running from: c:documents and settingsUserРабочий столComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:docume~1UserLOCALS~1Tempwinlogon.exe
c:documents and settingsUserApplication DataMicrosoftWindowslsass.exe
c:documents and settingsUserLocal SettingsTemporary Internet Files0EB9F12C_6E6B_4c03_AEBA_8C04CFA98AA4.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files15913497_F86C_4218_8817_F50940D1E1B2.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files29887DDE_00B9_4011_9CF7_59511F1ECC1B.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files2A665EDD_5758_480c_8366_66DFC5F23877.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files35B7DFFA_884F_4fbc_8E60_DA601BDC7BF7.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files362FD6E8_8CDA_4c2a_A8AA-BDA22B321711.jpg
c:documents and settingsUserLocal SettingsTemporary Internet Files3DF04940_9866_4241_A998_0CDDFAFD147A.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files426500D7_0FF3_426c_828D_065DBAEA0581.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files478BD4AE_2691_438d_BDCA_3485DC022700.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files5C6C645F_BAA8_4149_BFEB_2031230FF0FD.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files61EA7D69_19D4_421a_A899_0DF4D58CD119.jpg
c:documents and settingsUserLocal SettingsTemporary Internet Files777FDAFB_83CF_4960_AA71_4E5D7BCD8E57.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files8DA878D5_E80B_4721_B75A_17EFFAF1A700.gif
c:documents and settingsUserLocal SettingsTemporary Internet Files98F6DF79_7171_452d_9C26_C0193E12DBDF.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesA2B240D6_0386_419e_91C5_3F7D90437CD0.jpg
c:documents and settingsUserLocal SettingsTemporary Internet FilesC75CEF8D_5AF4_4563_8594_C45A45E14E63.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesE21285C1_40E6_435c_A69F_3387E7BD89CB.gif
c:documents and settingsUserLocal SettingsTemporary Internet FilesE9A4D648_ED73_4ea7_88B2_18332DBA4F3E.jpg
c:program filesCommon FilesTarget Marketing Agency
c:program filesCommon FilesTarget Marketing AgencyTMAgentlicense.txt
c:program filesCommon FilesTarget Marketing AgencyTMAgenttma-setup.exe
c:program filesCommon FilesTarget Marketing AgencyTMAgenttmagent.dll
c:program filesCommon FilesTarget Marketing AgencyTMAgenttmasrv.exe
c:program filesCommon FilesTarget Marketing AgencyTMAgentUninstaller.exe
c:windowsmsauc.exe
c:windowsservices.exe
c:windowssystem32msansspc.dll
c:windowssystem32msvcrtd.exe
c:windowssystem32rs32net.exe
c:windowssystem32shell31.dll
c:windowssystem32tmp70.tmp
c:windowssystem32wpv221227133386.cpx
c:windowssystem32wpv321226364629.cpx
c:windowswiaservb.log
c:windowswiaserviv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

Legacy_MSUPDATE

Legacy_TCPSR

Service_msupdate

Service_tcpsr

((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))))))
.

2099-10-28 13:15 . 2099-10-28 13:15 333 —a

c:windowssystem32$ncsp$.inf
2099-10-28 13:10 . 2099-10-28 13:10 d

c:windowssystem32Futuremark
2099-10-28 13:10 . 1999-10-21 09:12 20,400 —a

c:windowssystem32driversEntech.sys
2099-10-28 13:10 . 2001-11-19 18:05 3,972 —a

c:windowssystem32driversPciBus.sys
2099-10-28 13:07 . 2099-10-28 13:07 146,650 —a

c:windowssystem32BuzzingBee.wav
2099-10-28 13:06 . 2099-10-28 13:06 d

c:windowssystem32Lang
2099-10-28 13:06 . 2099-10-28 13:07 940,794 —a

c:windowssystem32LoopyMusic.wav
2099-10-28 13:04 . 2004-08-03 23:07 171,776 —a

c:windowssystem32driverskmixer.sys
2099-10-28 13:04 . 2004-08-03 22:39 142,464 —a

c:windowssystem32driversaec.sys
2099-10-28 13:04 . 2004-08-03 23:15 82,944 —a

c:windowssystem32driverswdmaud.sys
2099-10-28 13:04 . 2004-08-03 23:15 60,800 —a

c:windowssystem32driverssysaudio.sys
2099-10-28 13:04 . 2001-08-17 22:00 54,272 —a

c:windowssystem32driversswmidi.sys
2099-10-28 13:04 . 2004-08-03 23:07 52,864 —a

c:windowssystem32driversDMusic.sys
2099-10-28 13:04 . 2004-08-03 22:58 7,552 —a

c:windowssystem32driversMSKSSRV.sys
2099-10-28 13:04 . 2004-08-03 23:07 6,400 —a

c:windowssystem32driverssplitter.sys
2099-10-28 13:04 . 2004-08-03 22:58 5,376 —a

c:windowssystem32driversMSPCLOCK.sys
2099-10-28 13:04 . 2004-08-03 22:58 4,992 —a

c:windowssystem32driversMSPQM.sys
2099-10-28 13:04 . 2004-08-03 23:07 2,944 —a

c:windowssystem32driversdrmkaud.sys
2099-10-28 13:03 . 2007-05-09 14:03 d

c:windowssystem32RTCOM
2099-10-28 13:03 . 2008-11-25 17:07 d—h

c:program filesInstallShield Installation Information
2099-10-28 13:03 . 2004-08-17 15:05 130,048 —a

c:windowssystem32ksproxy.ax
2099-10-28 13:03 . 2004-08-03 22:08 60,288 —a

c:windowssystem32driversdrmk.sys
2099-10-28 13:03 . 2004-11-18 10:42 22,752 —a

c:windowssystem32spupdsvc.exe
2099-10-28 13:03 . 2004-08-17 15:04 4,096 —a

c:windowssystem32ksuser.dll
2099-10-28 13:02 . 2005-09-30 10:51 202,240 -ra

c:windowssystem32fdco1ins.dll
2099-10-28 13:02 . 2005-09-30 10:51 202,240 -ra

c:windowssystem32fdco1.dll
2099-10-28 13:02 . 2006-03-22 12:22 159,232 -ra

c:windowssystem32fdco_l1036.dll
2099-10-28 13:02 . 2006-03-22 12:22 159,232 -ra

c:windowssystem32fdco_l1034.dll
2099-10-28 13:02 . 2006-03-22 12:22 159,232 -ra

c:windowssystem32fdco_l1031.dll
2099-10-28 13:02 . 2006-03-22 12:22 158,720 -ra

c:windowssystem32fdco_l1046.dll
2099-10-28 13:02 . 2006-03-22 12:22 158,720 -ra

c:windowssystem32fdco_l1040.dll
2099-10-28 13:02 . 2006-03-22 12:22 156,672 -ra

c:windowssystem32fdco_l1042.dll
2099-10-28 13:02 . 2006-03-22 12:22 156,672 -ra

c:windowssystem32fdco_l1041.dll
2099-10-28 13:02 . 2006-03-22 12:22 155,648 -ra

c:windowssystem32fdco_l1028.dll
2099-10-28 13:02 . 2006-03-22 12:22 155,136 -ra

c:windowssystem32fdco_l2052.dll
2099-10-28 13:02 . 2005-09-30 10:52 34,048 -ra

c:windowssystem32driversNVENETFD.sys
2099-10-28 13:01 . 2007-08-27 08:28 d

c:program filesCommon FilesInstallShield
2099-10-28 13:00 . 2006-07-01 22:27 43,520 —a

c:windowssystem32driversAmdK8.sys
2099-10-28 12:51 . 2004-08-17 16:04 153,088 —a

c:windowssystem32irftp.exe
2099-10-28 12:51 . 2004-08-03 23:00 87,424 —a

c:windowssystem32driversirda.sys
2099-10-28 12:51 . 2004-08-17 16:04 27,136 —a

c:windowssystem32irmon.dll
2099-10-28 12:51 . 2001-08-17 21:51 19,584 —a

c:windowssystem32driversrasirda.sys
2099-10-28 12:51 . 2001-08-17 21:51 18,688 —a

c:windowssystem32driversirsir.sys
2099-10-28 12:51 . 2004-08-17 16:04 8,192 —a

c:windowssystem32wshirda.dll
2008-11-29 14:30 . 2008-11-29 14:30 327,680 —a

c:windowssystem32fbilib.dll
2008-11-25 17:28 . 2008-11-25 17:21 512,096 —a

c:windowssystem32driversamon.sys
2008-11-25 17:28 . 2008-11-25 17:21 298,104 —a

c:windowssystem32imon.dll
2008-11-25 17:28 . 2008-11-25 17:21 15,424 —a

c:windowssystem32driversnod32drv.sys
2008-11-25 17:21 . 2008-11-25 17:37 d

c:program filesESET
2008-11-25 17:07 . 2008-11-25 17:07 d

c:documents and settingsUserDoctorWeb
2008-11-22 13:50 . 2008-11-22 13:50 0 —a

c:windowsnsreg.dat
2008-11-18 16:56 . 2008-11-18 16:58 d

C:Downloads
2008-11-18 16:55 . 2008-11-18 17:27 d

c:documents and settingsUserApplication DataDownload Master
2008-11-17 17:36 . 2008-11-30 13:12 32,768 —a

c:windowssystem32driversati4jpxx.sys
2008-11-14 15:52 . 2008-11-14 15:52 d

c:program filesIntercross
2008-11-13 18:41 . 2008-11-13 18:41 d

C:C&M
2008-11-01 21:07 . 2008-11-01 21:07 d

c:documents and settingsAll UsersApplication DataSony Ericsson
2008-11-01 21:06 . 2008-11-01 21:06 d

c:program filesSony Ericsson
2008-11-01 21:06 . 2008-11-01 21:07 d

c:program filesCommon FilesSony Ericsson Shared
2008-11-01 21:06 . 2008-11-01 21:07 d

c:documents and settingsAll UsersApplication DataTeleca
2008-10-19 16:38 . 2008-11-30 13:06 100 —a

c:windowsadobe.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 07:07

d

w c:documents and settingsUserApplication DataOpenOffice.org1.9.100
2008-11-01 15:07

d

w c:program filesCommon FilesTeleca Shared
2008-10-16 05:42

d

w c:documents and settingsUserApplication DataTemporary
2008-08-11 07:07 46,080 —-a-w c:documents and settingsUsersysthosts.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
«{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}»= «c:program filesMyPlayCityRUtbMyPl.dll» [2008-03-02 1470488]

[HKEY_CLASSES_ROOTclsid{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{453C1118-A500-4188-BC8D-E196075601BE}]
2008-11-29 14:30 327680 —a

c:windowssystem32fbilib.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}]
2008-03-02 15:19 1470488 —a

c:program filesMyPlayCityRUtbMyPl.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}»= «c:program filesMyPlayCityRUtbMyPl.dll» [2008-03-02 1470488]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{DFBEB35B-444D-4F25-8D7D-EB2683C206EC}»= «c:program filesMyPlayCityRUtbMyPl.dll» [2008-03-02 1470488]

[HKEY_CLASSES_ROOTclsid{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2004-08-18 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-08-17 1667584]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2006-08-11 7630848]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2006-08-11 86016]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2005-12-07 30208]
«LanguageShortcut»=»c:program filesCyberLinkPowerDVDLanguageLanguage.exe» [2006-05-18 49152]
«Synchronization Manager»=»c:windowssystem32mobsync.exe» [2004-08-18 143360]
«HP Software Update»=»c:program filesHPHP Software UpdateHPWuSchd2.exe» [2006-02-19 49152]
«QuickTime Task»=»d:проигровательqttask.exe» [2008-03-28 413696]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2007-03-26 161328]
«Sony Ericsson PC Suite»=»c:program filesSony EricssonMobile2Application LauncherApplication Launcher.exe» [2006-11-24 487424]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2008-11-25 949376]
«nwiz»=»nwiz.exe» [2006-08-11 c:windowssystem32nwiz.exe]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-18 15360]

c:documents and settingsUserѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
OpenOffice.org 1.9.100.lnk — c:program filesOpenOffice.org 1.9.100programquickstart.exe [2005-05-02 61440]

c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
HP Digital Imaging Monitor.lnk — c:program filesHPDigital Imagingbinhpqtra08.exe [2006-02-19 288472]
InterVideo WinCinema Manager.lnk — c:program filesInterVideoCommonBinWinCinemaMgr.exe [2007-05-12 303104]
Ѓлбвал© § ЇгбЄ HP Photosmart Premier.lnk — c:program filesHPDigital Imagingbinhpqthb08.exe [2006-02-10 73728]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.I420″= i420vfw.dll
«VIDC.3iv2″= c:progra~1K-LITE~1codecs3IVXVF~1.DLL
«VIDC.VP31″= c:progra~1K-LITE~1codecsvp31vfw.dll
«msacm.l3fhg»= mp3fhg.acm
«VIDC.X264″= x264vfw.dll

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati4jpxx.sys]
@=»Driver»

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusDisableNotify»=dword:00000001
«UpdatesDisableNotify»=dword:00000001
«FirewallOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hposid01.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe»=
«c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe»=
«c:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe»=
«d:\Program Files\МОИ ИГРЫ\Терминатор 3 — Война машин\t3.exe»=
«d:\Program Files\ПРОГРАММЫ\MTA\MTAServer.exe»=
«d:\Program Files\МОИ ИГРЫ\TRIADA\Need For Speed Underground\speed.exe»=

R0 ati4jpxx;ati4jpxx;c:windowssystem32Driversati4jpxx.sys [2008-11-17 32768]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:windowssystem32driverssfsync03.sys [2005-12-06 35328]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:windowssystem32sfrem02.exe svc []
S3 acfva;acfva;c:windowssystem32DRIVERSacfva.sys [2008-06-06 72192]
S3 cm102u32;C-Media CM6501 Like Sound Interface;c:windowssystem32driversc6501.sys []
S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:windowssystem32DRIVERSs716bus.sys [2008-03-30 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:windowssystem32DRIVERSs716mdfl.sys [2008-03-30 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:windowssystem32DRIVERSs716mdm.sys [2008-03-30 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:windowssystem32DRIVERSs716mgmt.sys [2008-03-30 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:windowssystem32DRIVERSs716nd5.sys [2008-03-30 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:windowssystem32DRIVERSs716obex.sys [2008-03-30 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:windowssystem32DRIVERSs716unic.sys [2008-03-30 98952]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:windowssystem32DRIVERSSE31bus.sys [2008-05-24 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:windowssystem32DRIVERSSE31mdfl.sys [2008-05-24 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:windowssystem32DRIVERSSE31mdm.sys [2008-05-24 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:windowssystem32DRIVERSSE31mgmt.sys [2008-05-24 88688]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);c:windowssystem32DRIVERSse31nd5.sys [2008-05-24 18704]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;c:windowssystem32DRIVERSSE31obex.sys [2008-05-24 86560]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);c:windowssystem32DRIVERSse31unic.sys [2008-05-24 90800]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);c:windowssystem32DRIVERSss_bus.sys [2007-08-12 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:windowssystem32DRIVERSss_mdfl.sys [2007-08-12 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:windowssystem32DRIVERSss_mdm.sys [2007-08-12 94000]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{19879a24-b7c4-11dc-87dc-001a923347f7}]
ShellAutoRuncommand — G:AutoRun.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4949396e-b941-11dd-af01-001a923347f7}]
ShellAutoRuncommand — h:system_cachelocale.exe
ShellexploreCommand — h:system_cachelocale.exe
ShellopenCommand — h:system_cachelocale.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a9ae1e1f-8955-11dd-90a1-001a923347f7}]
ShellAutoRuncommand — G:autorun.exe
ShellDirectXcommand — g:directxDXSETUP.exe
Shellinstallcommand — G:setup.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d90e8da9-8a44-11dd-90a9-001a923347f7}]
ShellAutoRuncommand — G:autorun.exe
ShellDirectXcommand — g:directxDXSETUP.exe
Shellinstallcommand — G:setup.exe
.
Contents of the ‘Scheduled Tasks’ folder

2008-09-26 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2007-08-29 13:57]
.
— — — — ORPHANS REMOVED — — — —

HKLM-Run-WinampAgent — d:winampwinampa.exe
HKLM-Run-RTHDCPL — RTHDCPL.EXE
HKLM-Run-SkyTel — SkyTel.EXE
HKLM-Explorer_Run-services — c:windowsservices.exe

.

Supplementary Scan

.
FireFox -: Profile — c:documents and settingsUserApplication DataMozillaFirefoxProfilesl0wrin60.default
FireFox -: prefs.js — STARTUP.HOMEPAGE — hxxp://r.mail.ru/cln2407/www.mail.ru/pages/help/11.html
FF -: plugin — c:documents and settingsAll UsersApplication DataZylomZylomGamesPlayernpzylomgamesplayer.dll
FF -: plugin — d:рїсђрѕрёрісђрѕрір°с‚рµр»сњPluginsnpqtplugin.dll
FF -: plugin — d:рїсђрѕрёрісђрѕрір°с‚рµр»сњPluginsnpqtplugin2.dll
FF -: plugin — d:рїсђрѕрёрісђрѕрір°с‚рµр»сњPluginsnpqtplugin3.dll
FF -: plugin — d:рїсђрѕрёрісђрѕрір°с‚рµр»сњPluginsnpqtplugin4.dll
FF -: plugin — d:рїсђрѕрёрісђрѕрір°с‚рµр»сњPluginsnpqtplugin5.dll
FF -: plugin — d:рїсђрѕрёрісђрѕрір°с‚рµр»сњPluginsnpqtplugin6.dll
FF -: plugin — d:рїсђрѕрёрісђрѕрір°с‚рµр»сњPluginsnpqtplugin7.dll
FF -: plugin — d:program filesРџР РћР“Р РђРњРњР«mozilla firefoxpluginsnpnul32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 19:22:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

DLLs Loaded Under Running Processes

— — — — — — — > ‘lsass.exe'(616)
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll
.

Other Running Processes

.
c:program filesCommon FilesLightScribeLSSrvc.exe
c:program filesESETnod32krn.exe
c:windowssystem32nvsvc32.exe
c:program filesCyberLinkShared filesRichVideo.exe
d:program filesc:windowssystem32svchost.exe
c:windowssystem32wdfmgr.exe
c:program filesOpenOffice.org 1.9.100programsoffice.exe
c:program filesOpenOffice.org 1.9.100programsoffice.bin
c:program filesHPDigital Imagingbinhpqimzone.exe
c:program filesHPDigital Imagingbinhpqste08.exe
c:program filesCommon FilesTeleca SharedGeneric.exe
c:program filesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
.
**************************************************************************
.
Completion time: 2008-11-30 19:24:58 — machine was rebooted
ComboFix-quarantined-files.txt 2008-11-30 13:24:56

Pre-Run: 14 271 778 816 байт свободно
Post-Run: 17,027,686,400 байт свободно

293
1 декабря, 2008 в 4:21 дп #20137
Admin
Keymaster
- Темы:40
- Сообщений:5676
Combofix удалил множество паразитов.
Но ещё осталось кое-что.

Откройте блокнот и вставьте в него следующий текст:
```
Driver::

ati4jpxx



Registry::

[-HKEY_LOCAL_MACHINE~Browser Helper Objects{453C1118-A500-4188-BC8D-E196075601BE}]

[-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalati4jpxx.sys]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{19879a24-b7c4-11dc-87dc-001a923347f7}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4949396e-b941-11dd-af01-001a923347f7}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a9ae1e1f-8955-11dd-90a1-001a923347f7}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d90e8da9-8a44-11dd-90a9-001a923347f7}]



File::

c:windowssystem32fbilib.dll

c:windowssystem32Driversati4jpxx.sys
```
Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.

Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.
Автор

Сообщения