- This topic has 16 ответов, 3 участника, and was last updated 14 years, 8 months назад by
.
-
Сообщения
-
Извиняюсь, но просто не успеваю ответить на все сообщения.
Запустите Combofix без перетаскивания образа диска.
наконец наша эпопея кажется закончена, всё работает отлично спасибо вам за помощь. У меня еще ноутбук барахлит но я вам потом в личку кину лог( какой прогой кстати лучше?) если вы не против. И вот еще какой мне антивирус лучше поставить нод32 или доктор веб?
ComboFix 10-03-15.04 — user 16.03.2010 9:54.1.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2046.1681 [GMT 3:00]
Running from: h:documents and settingsuserРабочий столComboFix.exe
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.D:Autorun.inf
D:khq
h:docume~1userLOCALS~1Temp_co.txt
h:documents and settingsuserApplication Data.#
h:documents and settingsuserApplication Data.#MBX@BF0@343578.###
h:documents and settingsuserApplication Data.#MBX@BF0@343588.###
h:documents and settingsuserApplication Data.#MBX@BF0@343598.###
h:documents and settingsuserApplication Data.#MBX@BF0@3435A8.###
h:program filesMyCentria
h:program filesWebMoney Advisor
h:program filesWebMoney Advisor16x16x32b.bmp
h:program filesWebMoney Advisorbasis.xml
h:program filesWebMoney Advisorbooble.html
h:program filesWebMoney Advisorinfo.txt
h:program filesWebMoney Advisortbs_include_script_014708.js
h:program filesWebMoney Advisortbs_include_script_wmadvisor.js
h:program filesWebMoney Advisorversion.txt
h:program filesWebMoney Advisorwmadvisor.crc
h:recyclerS-1-5-21-2525408738-8637638833-374915209-6575
h:recyclerS-1-5-21-3960467834-7783471534-966831158-4505
h:recyclerS-1-5-21-5173805693-6086749553-795268656-0509
h:recyclerS-1-5-21-6830404304-3184402041-501554399-5429
h:recyclerS-1-5-21-6952829768-3549675177-572841897-3797
h:windowsccdrive32.exe
h:windowsjjdrive32.exe
h:windowssystem32.exe
h:windowssystem320.exe
h:windowssystem3212.exe
h:windowssystem3224.scr
h:windowssystem3233.exe
h:windowssystem3241.exe
h:windowssystem3246.exe
h:windowssystem3256.scr
h:windowssystem3273.scr
h:windowssystem32alog.txt
h:windowssystem32avsys.exe
h:windowssystem32bb1.dat
h:windowssystem32browseit.log
h:windowssystem32COMEt.dll
h:windowssystem32cs.dat
h:windowssystem32ealregsnapshot1.reg
h:windowssystem32i
h:windowssystem32ieuinit.inf
h:windowssystem32msvmcls64.exe
h:windowssystem32netprotocol.dll
h:windowssystem32office.exe
h:windowssystem32ps1.dat
h:windowssystem32rc.dat
h:windowssystem32SIntf16.dll
h:windowssystem32sshnas21.dll
h:windowssystem32umdmgr.exe
h:windowssystem32umdmgr.log
h:windowssystem32upd32.exe.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_NETPROTOCOL
Legacy_SSHNAS
Service_Netprotocol
Service_SSHNAS((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 )))))))))))))))))))))))))))))))
.2010-03-16 06:49 . 2007-09-29 05:30 65024 —-a-r- h:windowssystem32driversJRAID_2.sys
2010-03-15 09:59 . 2010-03-15 12:45
d-sh—w- h:documents and settingsuserLocal SettingsApplication Data.#
2010-03-12 21:05 . 2010-03-12 21:05
d
w- h:program filesMicrosoft Games
2010-02-23 07:51 . 2010-02-23 07:51
d
w- H:_OTM
2010-02-22 12:34 . 2008-04-15 12:00 9216 -c—a-w- h:windowssystem32dllcachewamps51.dll
2010-02-22 12:34 . 2008-04-15 12:00 76800 -c—a-w- h:windowssystem32dllcachewam51.dll
2010-02-22 12:34 . 2008-04-15 12:00 53248 -c—a-w- h:windowssystem32dllcachewamreg51.dll
2010-02-22 12:34 . 2008-04-15 12:00 41600 -c—a-w- h:windowssystem32dllcacheweitekp9.dll
2010-02-22 12:34 . 2008-04-15 12:00 364544 -c—a-w- h:windowssystem32dllcachew3svc.dll
2010-02-22 12:34 . 2008-04-15 12:00 31232 -c—a-w- h:windowssystem32dllcacheweitekp9.sys
2010-02-22 12:32 . 2008-04-15 12:00 7680 -c—a-w- h:windowssystem32dllcacheftpctrs2.dll
2010-02-22 12:16 . 2008-04-15 12:00 13312 -c—a-w- h:windowssystem32dllcacheirclass.dll
2010-02-22 12:16 . 2008-04-15 12:00 13312 —-a-w- h:windowssystem32irclass.dll
2010-02-22 12:16 . 2008-04-15 12:00 24661 -c—a-w- h:windowssystem32dllcachespxcoins.dll
2010-02-22 12:16 . 2008-04-15 12:00 24661 —-a-w- h:windowssystem32spxcoins.dll
2010-02-19 18:15 . 2010-02-23 08:01
d
w- h:program filestrend micro
2010-02-19 18:15 . 2010-02-19 18:16
d
w- H:rsit
2010-02-19 16:51 . 2008-04-14 18:40 221184 —-a-w- h:windowssystem32wmpns.dll.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 07:06 . 2008-08-26 10:43 16608 —-a-w- h:windowsgdrv.sys
2010-03-16 07:03 . 2009-02-28 13:26
d
w- h:program filesAutochartist
2010-03-16 06:37 . 2008-08-27 14:31
d
w- h:documents and settingsuserApplication DatauTorrent
2010-03-14 21:53 . 2009-03-10 20:42
d
w- h:program filesFxClub
2010-03-14 21:22 . 2009-07-23 22:15
d
w- h:documents and settingsAll UsersApplication DataWinZip
2010-03-14 21:21 . 2008-08-26 10:44
d—h—w- h:program filesInstallShield Installation Information
2010-03-14 13:28 . 2008-12-21 12:59 2056552 —-a-w- h:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2010-03-13 10:15 . 2008-08-26 10:40 69448 —-a-w- h:documents and settingsuserLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-03-08 17:17 . 2008-08-26 15:44
d
w- h:program filesEset
2010-03-06 20:39 . 2009-02-11 13:38
d
w- h:program filesuTorrent
2010-02-28 09:57 . 2009-11-27 14:19 79488 —-a-w- h:documents and settingsuserApplication DataSunJavajre1.6.0_17gtapi.dll
2010-02-26 21:30 . 2009-03-03 20:28
d
w- h:documents and settingsuserApplication Datadvdcss
2010-02-22 12:46 . 2001-10-20 12:00 85634 —-a-w- h:windowssystem32perfc019.dat
2010-02-22 12:46 . 2001-10-20 12:00 485954 —-a-w- h:windowssystem32perfh019.dat
2010-02-22 12:29 . 2008-08-26 10:33 24428 —-a-w- h:windowssystem32emptyregdb.dat
2010-02-22 08:38 . 2010-01-25 19:13
d
w- h:program filesSteam
2010-02-22 08:37 . 2010-01-23 10:27
d
w- h:documents and settingsAll UsersApplication DataSkype
2010-02-22 08:04 . 2010-01-23 10:40
d
w- h:documents and settingsuserApplication DataskypePM
2010-02-19 17:58 . 2009-11-11 14:55
d
w- h:program filesTeorex Inpaint
2010-02-19 17:58 . 2009-10-11 16:54
d
w- h:program filesReal Alternative
2010-02-19 17:58 . 2009-09-22 20:29
d
w- h:program filesMetaTrader — Alpari
2010-02-19 17:58 . 2009-06-24 09:07
d
w- h:program filesA-one Video Convertor
2010-02-19 17:58 . 2009-07-30 11:00
d
w- h:program filesDivX
2010-02-19 17:36 . 2009-10-26 08:25
d
w- h:program filesAll Office Converter Platinum
2010-02-13 19:33 . 2010-02-13 18:06 139264 —-a-w- h:windowssystem32dh.exe
2010-02-13 18:06 . 2010-02-13 18:06 139264 —sh—r- h:windowsacp.exe
2010-02-13 17:19 . 2010-02-13 17:19 143360 —sh—r- h:windowssystem32driversCbfgm.exe
2010-02-12 06:10 . 2009-08-30 13:53
d
w- h:documents and settingsuserApplication DataDivX
2010-02-09 14:34 . 2010-02-09 14:34
d
w- h:documents and settingsuserApplication DataPlayFirst
2010-02-09 14:34 . 2010-02-09 14:34
d
w- h:documents and settingsAll UsersApplication DataPlayFirst
2010-02-09 14:13 . 2010-01-23 08:50
d
w- h:program filesGames
2010-02-07 13:09 . 2010-02-07 13:09
d
w- h:program filesBaldaWin Demo
2010-01-31 12:39 . 2010-01-31 12:39
d
w- h:documents and settingsuserApplication DataEltima Software
2010-01-31 12:37 . 2010-01-31 12:37
d
w- h:program filesEltima Software
2010-01-27 11:16 . 2010-01-27 11:16
d
w- h:program filesElectronic Arts
2010-01-24 19:59 . 2009-12-21 23:21
d
w- h:program filesGamesTopDownloads
2010-01-24 19:39 . 2010-01-24 19:38
d
w- h:program filesAGEIA Technologies
2010-01-24 19:38 . 2009-09-25 07:01
d
w- h:program filesCommon FilesWise Installation Wizard
2010-01-24 13:45 . 2008-09-03 10:49 138184 —-a-w- h:windowssystem32driversPnkBstrK.sys
2010-01-24 13:45 . 2008-09-03 10:49 183112 —-a-w- h:windowssystem32PnkBstrB.exe
2010-01-23 10:40 . 2010-01-23 10:40 56 —ha-w- h:windowssystem32ezsidmv.dat
2010-01-22 15:44 . 2010-01-22 15:42
d
w- h:program filesРусская Рыбалка 2.2
2010-01-22 15:39 . 2009-11-11 19:46
d
w- h:program filesРусская Рыбалка Installsoft Edition
2010-01-19 07:13 . 2009-06-02 02:21
d
w- h:program filesICQ6.5
2009-05-13 21:55 . 2009-05-13 21:55 1044480 —-a-w- h:program filesmozilla firefoxpluginslibdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 —-a-w- h:program filesmozilla firefoxpluginsssldivx.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Autochartist»=»h:program filesAutochartistAutochartist_FXCLUB2.exe» [2010-02-22 4144456]
«AlcoholAutomount»=»h:program filesAlcohol SoftAlcohol 120axcmd.exe» [2009-04-24 203928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NokiaMServer»=»h:program filesCommon FilesNokiaMPlatformNokiaMServer» [X]
«GEST»=»h:program filesGIGABYTEGESTRUN.exe» [2007-12-14 236040]
«JMB36X IDE Setup»=»h:windowsRaidToolxInsIDE.exe» [2007-03-20 36864]
«36X Raid Configurer»=»h:windowssystem32xRaidSetup.exe» [2007-08-29 1966080]
«Acronis True Image Monitor»=»h:program filesAcronisTrueImageTrueImageMonitor.exe» [2008-08-26 417536]
«Acronis Scheduler2 Service»=»h:program filesCommon FilesAcronisSchedule2schedhlp.exe» [2008-08-26 61440]
«NeroFilterCheck»=»h:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«Adobe Reader Speed Launcher»=»h:program filesAdobeReader 9.0ReaderReader_sl.exe» [2008-06-11 34672]
«QuickTime Task»=»h:program filesQuickTimeqttask.exe» [2008-09-06 413696]
«Nokia FastStart»=»h:program filesNokiaNokia MusicNokiaMusic.exe» [2008-12-03 2372840]
«SunJavaUpdateSched»=»h:program filesJavajre6binjusched.exe» [2009-06-09 136600]
«StartCCC»=»h:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe» [2009-04-28 61440]
«RTHDCPL»=»RTHDCPL.EXE» [2007-09-19 16844800][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»h:windowssystem32CTFMON.EXE» [2008-04-15 15360]h:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Nokia Ovi Suite.lnk — h:program filesNokiaOviSuiteRunLauncher.exe [2008-11-28 946176][HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«h:\Program Files\GIGABYTE\GEST\run.exe»=
«h:\Program Files\QIP\qip.exe»=
«h:\WINDOWS\system32\PnkBstrA.exe»=
«h:\WINDOWS\system32\PnkBstrB.exe»=
«h:\WINDOWS\system32\CNAB4RPK.EXE»=
«h:\Program Files\TVUPlayer\TVUPlayer.exe»=
«h:\WINDOWS\system32\dplaysvr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«h:\Program Files\uTorrent\utorrent.exe»=
«h:\Program Files\ICQ6.5\ICQ.exe»=R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);h:windowssystem32driverssfdrv01a.sys [05.07.2006 15:46 63352]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;h:program filesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe [06.12.2007 21:03 660768]
R3 GEST Service;GEST Service for program management.;h:program filesGIGABYTEGESTGSvr.exe [26.08.2008 13:44 47624]
S0 sptd;sptd;h:windowssystem32driverssptd.sys [31.01.2009 18:22 721904]
S2 gupdate1ca1104ee4fa4be;Служба Google Update (gupdate1ca1104ee4fa4be);h:program filesGoogleUpdateGoogleUpdate.exe [30.07.2009 14:00 133104][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
DcomLaunch REG_MULTI_SZ DcomLaunch TermService Netprotocol
.
Contents of the ‘Scheduled Tasks’ folder2010-03-15 h:windowsTasksAppleSoftwareUpdate.job
— h:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 09:34]2010-03-16 h:windowsTasksGoogleUpdateTaskMachineCore.job
— h:program filesGoogleUpdateGoogleUpdate.exe [2009-07-30 11:00]2010-03-16 h:windowsTasksGoogleUpdateTaskMachineUA.job
— h:program filesGoogleUpdateGoogleUpdate.exe [2009-07-30 11:00]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/
IE: &Экспорт в Microsoft Excel — h:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
FF — ProfilePath — h:documents and settingsuserApplication DataMozillaFirefoxProfilesi1vdypvy.default
FF — plugin: h:documents and settingsuserApplication DataMozillaFirefoxProfilesi1vdypvy.defaultextensionsfirefox@tvunetworks.compluginsnpTVUAx.dll
FF — plugin: h:program filesGoogleUpdate1.2.183.17npGoogleOneClick8.dll—- FIREFOX POLICIES —-
h:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
h:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_popup_windows», false);
h:program filesMozilla Firefoxgreprefsall.js — pref(«browser.enable_click_image_resizing», true);
h:program filesMozilla Firefoxgreprefsall.js — pref(«accessibility.browsewithcaret_shortcut.enabled», true);
h:program filesMozilla Firefoxgreprefsall.js — pref(«javascript.options.mem.high_water_mark», 32);
h:program filesMozilla Firefoxgreprefsall.js — pref(«javascript.options.mem.gc_frequency», 1600);
h:program filesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
h:program filesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
h:program filesMozilla Firefoxgreprefsall.js — pref(«ui.trackpoint_hack.enabled», -1);
h:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.debug», false);
h:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.agedWeight», 2);
h:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.bucketSize», 1);
h:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.maxTimeGroupings», 25);
h:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.timeGroupingSize», 604800);
h:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.boundaryWeight», 25);
h:program filesMozilla Firefoxgreprefsall.js — pref(«browser.formfill.prefixWeight», 5);
h:program filesMozilla Firefoxgreprefsall.js — pref(«html5.enable», false);
h:program filesMozilla Firefoxdefaultspreffirefox-branding.js — pref(«app.update.download.backgroundInterval», 600);
h:program filesMozilla Firefoxdefaultspreffirefox-branding.js — pref(«app.update.url.manual», «http://www.firefox.com»);
h:program filesMozilla Firefoxdefaultspreffirefox-branding.js — pref(«browser.search.param.yahoo-fr-ja», «mozff»);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«xpinstall.whitelist.add», «addons.mozilla.org»);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«xpinstall.whitelist.add.36», «getpersonas.com»);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«lightweightThemes.update.enabled», true);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.allTabs.previews», false);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.hide_infobar_for_outdated_plugin», false);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«toolbar.customization.usesheet», false);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.taskbar.previews.enable», false);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.taskbar.previews.max», 20);
h:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.taskbar.previews.cachetime», 20);
.
— — — — ORPHANS REMOVED — — — —HKCU-Run-RGSC — h:program filesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe
HKCU-Run-EA Core — h:program filesElectronic ArtsEADMCore.exe
HKCU-Run-RealJukeboxSystray — h:program filesRealRealJukeboxtsystray.exe
HKCU-Run-AlSrvN — h:program filesAlcohol SoftAlcohol 120PluginsHelperAlSrvN.exe
HKLM-Run-avsys — h:windowssystem32avsys.exe
HKLM-Run-upd32 — h:windowssystem32upd32.exe
HKLM-Run-Microsoft Update Setup — h:windowsjjdrive32.exe
HKLM-Explorer_Run-Microsoft Update Setup — h:windowsjjdrive32.exe
AddRemove-Darkest of Days_is1 — d:dVIDEO_TSНовая папка (3)Darkest of Daysunins000.exe
AddRemove-delete — d:сall of duty modern warfare 2Uninstall.exe
AddRemove-EADM — h:program filesElectronic ArtsEADMUninstall.exe
AddRemove-MyCentria — h:program filesMyCentriaMyCentriaUninstall.exe
AddRemove-RealJukebox 1.0 — h:program filesRealRealJukeboxUpdaternuninst.exe
AddRemove-{19282A44-3FD7-4E9F-A848-F59AD64A0E57}_is1 — d:pcgamePRO EVOLUTION SOCCER 2009unins000.exe**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-16 10:02
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89E1DCA8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> CLASSPNP.SYS @ 0xba0fcf28
DriverACPI -> ACPI.sys @ 0xb9f7fcb8
Driveratapi -> 0x89e1dca8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
DeviceHarddisk0DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9cdebb0
PacketIndicateHandler -> NDIS.sys @ 0xb9ceba21
SendHandler -> NDIS.sys @ 0xb9cc987b
Warning: possible MBR rootkit infection !
user & kernel MBR OK**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(764)
h:windowssystem32Ati2evxx.dll— — — — — — — > ‘explorer.exe'(408)
h:windowssystem32WPDShServiceObj.dll
h:windowssystem32PortableDeviceTypes.dll
h:windowssystem32PortableDeviceApi.dll
.
Other Running Processes
.
h:windowssystem32Ati2evxx.exe
h:windowssystem32Ati2evxx.exe
h:windowssystem32CNAB4RPK.EXE
h:program filesCommon FilesAcronisSchedule2schedul2.exe
h:windowssystem32bgsvcgen.exe
h:program filesJavajre6binjqs.exe
h:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
h:windowssystem32wscntfy.exe
h:program filesCommon FilesNokiaMPlatformNokiaMServer.exe
h:windowsRTHDCPL.EXE
h:program filesATI TechnologiesATI.ACECore-StaticMOM.exe
h:program filesATI TechnologiesATI.ACECore-Staticccc.exe
h:program filesNokiaPC Connectivity SolutionServiceLayer.exe
h:program filesNokiaPC Connectivity SolutionTransportsNclUSBSrv.exe
h:program filesNokiaPC Connectivity SolutionTransportsNclRSSrv.exe
.
**************************************************************************
.
Completion time: 2010-03-16 10:08:05 — machine was rebooted
ComboFix-quarantined-files.txt 2010-03-16 07:08Pre-Run: 6 362 587 136 байт свободно
Post-Run: 6 757 535 744 байт свободноWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
h:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /fastdetect /noexecute=optinCurrent=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
— — End Of File — — 5EC151442F97A811D9549DBB2DC7F1FD
- Для ответа в этой теме необходимо авторизоваться.
