Созданные ответы форума
-
Сообщения
-
Спасибо за помощь.
порно видео удалось убить откатом, а остальные три строчки удалил по вашему совету.
Откуда взялся Smart-Anti-Spyware установить теперь сложно ,я не едиственный пользователь 🙁
А Combofix лог следующий:ComboFix 08-11-26.05 — Аня 2008-11-27 11:34:07.1 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.661 [GMT 3:00]
Running from: e:combofixComboFix.exe
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:program filesFunWebProducts
c:program filesFunWebProductsScreenSaverImages00440EAB.urr
c:program filesMyWebSearch
c:program filesMyWebSearchbarHistorysearch2
c:program filesMyWebSearchbarSettingss_pid.dat
c:program filesMyWebSearchbarSettingssetting2.htm
c:program filesMyWebSearchbarSettingssettings.dat.
((((((((((((((((((((((((( Files Created from 2008-10-27 to 2008-11-27 )))))))))))))))))))))))))))))))
.2008-11-27 11:26 . 2008-11-27 11:26
d
c:program filesTrend Micro
2008-11-26 11:59 . 2008-11-26 16:33d
c:program filesMaxthon
2008-11-25 16:18 . 2008-11-25 16:18d
c:windowssystem32LogFiles
2008-11-25 10:32 . 2008-11-25 10:32d
c:windowsuscripts
2008-11-22 14:28 . 2008-11-26 16:33d
c:program filesResource Kit(2)
2008-11-21 13:32 . 2008-11-21 13:32d
c:windowssystem32ru-ru
2008-11-21 13:29 . 2008-11-21 13:29d
c:windows$hf_mig$
2008-11-19 10:29 . 2008-11-19 10:29d
c:program filesSiSoftware
2008-11-11 08:59 . 2008-11-11 08:59 10 —a
c:windowssystem.snk
2008-11-11 08:58 . 2002-09-10 14:22 40,960 —a
c:windowsenigma.dll
2008-11-11 08:55 . 2008-11-11 08:55d
c:program filesGMX Media
2008-10-30 15:49 . 2008-10-30 15:49d—s—- c:documents and settingsАняUserData
2008-10-30 15:49 . 2008-10-30 15:49d—s—- c:documents and settingsАняUserData .
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 08:37 858,912 —sha-w c:windowssystem32driversfidbox2.dat
2008-11-27 08:37 21,414,432 —sha-w c:windowssystem32driversfidbox.dat
2008-11-27 08:32
d
w c:documents and settingsAll UsersApplication DataKaspersky Lab
2008-11-27 08:31 82,424 —sha-w c:windowssystem32driversfidbox2.idx
2008-11-27 08:31 289,340 —sha-w c:windowssystem32driversfidbox.idx
2008-11-26 14:02
d
w c:documents and settingsАняApplication DataBatMail
2008-10-11 04:55
d—h—w c:program filesInstallShield Installation Information
2008-10-09 05:14
d
w c:program filesdirectx
2008-10-09 05:10
d
w c:program filesSSI
2008-10-09 05:10
d
w c:program filesCommon FilesInstallShield
2008-09-29 06:04
d
w c:program filesGoogle
2008-09-29 06:04
d
w c:documents and settingsAll UsersApplication DataGRETECH
2008-09-29 06:04
d
w c:documents and settingsАняApplication DataGRETECH
2008-09-29 06:03
d
w c:program filesGRETECH
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=»c:program filesPunto Switcherps.exe» [2004-11-13 205824]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2004-08-17 15360]
«EDLauncher»=»c:program filesPRMT8PRMTEDEDLauncher.exe» [2007-03-14 118784]
«updateMgr»=»c:program filesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe» [2006-03-30 313472]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2008-11-13 68856][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«igfxtray»=»c:windowssystem32igfxtray.exe» [2005-11-28 98304]
«igfxhkcmd»=»c:windowssystem32hkcmd.exe» [2005-11-28 77824]
«igfxpers»=»c:windowssystem32igfxpers.exe» [2005-11-28 118784]
«QuickTime Task»=»c:program filesK-Lite Codec PackQuickTimeqttask.exe» [2007-06-29 286720]
«VTTimer»=»VTTimer.exe» [2007-12-06 c:windowssystem32VTTimer.exe]
«RTHDCPL»=»RTHDCPL.EXE» [2006-11-14 c:windowsRTHDCPL.exe]
«SkyTel»=»SkyTel.EXE» [2006-05-16 c:windowsSkyTel.exe][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-17 15360]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Reader Speed Launch.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2008-04-23 29696][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«vidc.DIV3″= DivXc32.dll
«vidc.DIV4″= DivXc32f.dll
«vidc.3iv2″= 3ivxVfWCodec.dll
«msacm.divxa32″= msaud32_divx.acm
«VIDC.VP31″= vp31vfw.dll[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Reader Speed Launch.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаAdobe Reader Speed Launch.lnk
backup=c:windowspssAdobe Reader Speed Launch.lnkCommon Startup[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«wuauserv»=2 (0x2)
«wscsvc»=2 (0x2)
«Schedule»=2 (0x2)
«Browser»=2 (0x2)[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\ICQLite\ICQLite.exe»=
«c:\Program Files\Miranda IM\miranda32.exe»=
«c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\Russian\setup.exe»=
«c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe»=
«c:\Program Files\SSI\Silent Hunter II\Shell\SH2.exe»=
«c:\Program Files\SSI\Silent Hunter II\Sim\Sim.exe»=
«c:\WINDOWS\system32\dpnsvr.exe»=
«c:\Games\HD2\hd2.exe»=R0 videX32;videX32;c:windowssystem32DRIVERSvideX32.sys [2006-02-23 9216]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32DRIVERSklim5.sys [2007-12-13 24592]*Newly Created Service* — PROCEXP90
.
Contents of the ‘Scheduled Tasks’ folder2008-11-21 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2007-06-03 12:42]
.
— — — — ORPHANS REMOVED — — — —SafeBoot-Winfk05.sys
SafeBoot-Wingl40.sys
SafeBoot-Winkq85.sys
SafeBoot-Winou74.sys
SafeBoot-Winrx32.sys
SafeBoot-Winvc41.sys.
Supplementary Scan
.
FireFox -: Profile — c:documents and settingsАняApplication DataMozillaFirefoxProfiles7wbv4sl8.default
FF -: plugin — c:program filesAdobeAcrobat 7.0Readerbrowsernppdf32.dll
FF -: plugin — c:program filesK-Lite Codec PackQuickTimePluginsnpqtplugin.dll
FF -: plugin — c:program filesK-Lite Codec PackQuickTimePluginsnpqtplugin2.dll
FF -: plugin — c:program filesK-Lite Codec PackQuickTimePluginsnpqtplugin3.dll
FF -: plugin — c:program filesK-Lite Codec PackQuickTimePluginsnpqtplugin4.dll
FF -: plugin — c:program filesK-Lite Codec PackQuickTimePluginsnpqtplugin5.dll
FF -: plugin — c:program filesK-Lite Codec PackQuickTimePluginsnpqtplugin6.dll
FF -: plugin — c:program filesK-Lite Codec Packrealbrowserpluginsnppl3260.dll
FF -: plugin — c:program filesK-Lite Codec Packrealbrowserpluginsnprpjplug.dll
.
.
File Associations
.
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 11:37:20
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(1188)
c:program filesKaspersky LabKaspersky Anti-Virus 7.0miscr3.dll
c:windowssystem32klogon.dll— — — — — — — > ‘lsass.exe'(1244)
c:program filesKaspersky LabKaspersky Anti-Virus 7.0dnsq.dll
c:program filesKaspersky LabKaspersky Anti-Virus 7.0miscr3.dll
c:program filesKaspersky LabKaspersky Anti-Virus 7.0fssync.dll
.
Completion time: 2008-11-27 11:38:10
ComboFix-quarantined-files.txt 2008-11-27 08:38:05Pre-Run: 23 207 170 048 байт свободно
Post-Run: 23,402,442,752 байт свободно155
