- This topic has 1 ответ, 2 участника, and was last updated 14 years, 10 months назад by
.
-
Сообщения
-
Подскажите пожалуйста как убрать заставку, где идет запрос на отправку СМС на номер 7373, код К204114000
ComboFix 10-01-15.04 — 1 11.01.2010 11:54:40.1.2 — x86
Running from: c:documents and settings1Рабочий столComboFix.exe
Command switches used :: c:documents and settings1Рабочий столWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.
ADS — system32: deleted 129536 bytes in 1 streams.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:cleanup.exe
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:program filesdriver
c:program filesWebMoney Advisor
c:program filesWebMoney Advisor16x16x32b.bmp
c:program filesWebMoney Advisorautosearch_plugin.dll
c:program filesWebMoney Advisorbasis.xml
c:program filesWebMoney Advisorbooble.html
c:program filesWebMoney Advisorfavicon.ico
c:program filesWebMoney Advisorinfo.txt
c:program filesWebMoney AdvisortbHElper.dll
c:program filesWebMoney Advisortbs_include_script_014708.js
c:program filesWebMoney Advisortbs_include_script_wmadvisor.js
c:program filesWebMoney Advisortbu0603116x16x32b.bmp
c:program filesWebMoney Advisortbu06031autosearch_plugin.dll
c:program filesWebMoney Advisortbu06031basis.xml
c:program filesWebMoney Advisortbu06031booble.html
c:program filesWebMoney Advisortbu06031favicon.ico
c:program filesWebMoney Advisortbu06031info.txt
c:program filesWebMoney Advisortbu06031tbhelper.dll
c:program filesWebMoney Advisortbu06031tbs_include_script_014708.js
c:program filesWebMoney Advisortbu06031tbs_include_script_wmadvisor.js
c:program filesWebMoney Advisortbu06031uninstall.exe
c:program filesWebMoney Advisortbu06031version.txt
c:program filesWebMoney Advisortbu06031wmadvisor.crc
c:program filesWebMoney Advisortbu06031wmadvisor.dll
c:program filesWebMoney Advisortbu06031WMPlugin.dll
c:program filesWebMoney Advisoruninstall.exe
c:program filesWebMoney Advisorversion.txt
c:program filesWebMoney Advisorwmadvisor.crc
c:program filesWebMoney Advisorwmadvisor.dll
c:program filesWebMoney AdvisorWMPlugin.dll
c:program filesWebMoneyinetmib1.dll
c:windowsconfig.ini
c:windowssystem32d.dll
c:windowssystem32instsrv.exe
c:windowssystem32winlogon.bak
BITS: Possible infected sites
hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
c:windowssystem32winlogon.exe . . . is infected!!.
((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))))))
.2010-01-16 07:47 . 2010-01-16 07:47 129536 —-a-w- c:windowssystem32aeh.dll
2010-01-16 07:42 . 2010-01-16 07:42 129536 —-a-w- c:windowssystem32pdz.dll
2010-01-15 21:18 . 2010-01-15 21:18 129536 —-a-w- c:windowssystem32eaqiivegx.dll
2010-01-15 20:31 . 2010-01-15 20:31 129536 —-a-w- c:windowssystem32loimng.dll
2010-01-15 20:20 . 2010-01-15 20:20 129536 —-a-w- c:windowssystem32oj.dll
2010-01-15 20:03 . 2010-01-15 20:03 129536 —-a-w- c:windowssystem32odozxlrc.dll
2010-01-15 19:53 . 2010-01-15 19:53 129536 —-a-w- c:windowssystem32p.dll
2010-01-15 19:42 . 2010-01-15 19:42 129536 —-a-w- c:windowssystem32xowwhh.dll
2010-01-15 19:36 . 2010-01-15 19:36 129536 —-a-w- c:windowssystem32cqtxo.dll
2010-01-15 19:06 . 2010-01-15 19:06 129536 —-a-w- c:windowssystem32q.dll
2010-01-15 19:04 . 2010-01-15 19:04 129536 —-a-w- c:windowssystem32lci.dll
2010-01-15 18:38 . 2010-01-15 18:38 129536 —-a-w- c:windowssystem32kludu.dll
2010-01-15 18:36 . 2010-01-15 18:36 129536 —-a-w- c:windowssystem32kiheje.dll
2010-01-15 18:31 . 2010-01-15 18:31 129536 —-a-w- c:windowssystem32g.dll
2010-01-15 18:09 . 2010-01-15 18:09 129536 —-a-w- c:windowssystem32hbcws.dll
2010-01-15 17:30 . 2010-01-15 17:30 129536 —-a-w- c:windowssystem32xqdjvtfxp.dll
2010-01-14 19:37 . 2010-01-14 19:37 129536 —-a-w- c:windowssystem32pewuueg.dll
2010-01-14 19:25 . 2010-01-14 19:25 129536 —-a-w- c:windowssystem32pgvtnmy.dll
2010-01-14 18:13 . 2010-01-14 18:13 129536 —-a-w- c:windowssystem32tu.dll
2010-01-13 19:28 . 2010-01-13 19:28 129536 —-a-w- c:windowssystem32bqspmf.dll
2010-01-13 19:25 . 2010-01-13 19:25 129536 —-a-w- c:windowssystem32xvurgpt.dll
2010-01-13 19:00 . 2010-01-13 19:00
d-sh—w- c:documents and settingsАдминистраторPrivacIE
2010-01-13 18:47 . 2010-01-13 18:47 129536 —-a-w- c:windowssystem32ysv.dll
2010-01-13 18:17 . 2004-10-21 10:52 4096 —-a-w- c:documents and settingsAll UsersApplication DataMicrosoftUSMTiconlib.dll
2010-01-12 19:50 . 2010-01-12 19:50 129536 —-a-w- c:windowssystem32aego.dll
2010-01-12 19:42 . 2010-01-12 19:42 129536 —-a-w- c:windowssystem32iqrop.dll
2010-01-12 19:18 . 2010-01-12 19:18 129536 —-a-w- c:windowssystem32jtplim.dll
2010-01-12 19:12 . 2010-01-12 19:12 129536 —-a-w- c:windowssystem32tmwekolw.dll
2010-01-12 18:48 . 2010-01-12 18:48
d
w- c:documents and settingsАдминистраторApplication DataMalwarebytes
2010-01-12 18:01 . 2010-01-12 18:01 129536 —-a-w- c:windowssystem32gq.dll
2010-01-12 17:52 . 2010-01-12 17:52 129536 —-a-w- c:windowssystem32chvcyaan.dll
2010-01-12 17:49 . 2010-01-12 17:49 129536 —-a-w- c:windowssystem32hykdstjjd.dll
2010-01-12 17:11 . 2010-01-12 17:11 129536 —-a-w- c:windowssystem32pdfgrh.dll
2010-01-12 16:57 . 2010-01-12 16:57 129536 —-a-w- c:windowssystem32bghjpn.dll
2010-01-11 18:43 . 2010-01-11 07:54 79488 —-a-w- c:documents and settings1Application DataSunJavajre1.6.0_17gtapi.dll
2010-01-04 19:11 . 2010-01-04 19:11
d
w- c:program files1C
2010-01-01 17:39 . 2010-01-01 17:39
d
w- c:documents and settingsAll UsersApplication DataCodemasters
2009-12-31 13:12 . 2010-01-08 16:42
d
w- c:program filesCrashDay
2009-12-30 18:30 . 2009-12-30 18:30
d
w- C:games
2009-12-30 10:42 . 2009-12-30 10:42
d
w- c:program filesBuka
2009-12-26 08:46 . 1998-09-02 08:28 38160 —-a-w- c:windowssystem32LMRTREND.dll
2009-12-26 08:46 . 1998-08-27 04:51 182032 —-a-w- c:windowssystem32dxtmsft3.dll
2009-12-26 08:46 . 1998-09-02 08:28 63488 —-a-w- c:windowssystem32unam4ie.exe
2009-12-26 08:46 . 1998-08-17 09:21 10240 —-a-w- c:windowssystem32vidx16.dll
2009-12-26 08:46 . 1998-08-17 09:21 11776 —-a-w- c:windowssystem32mciqtz.drv
2009-12-26 08:46 . 1998-09-02 08:02 194320 —-a-w- c:windowssystem32qcut.dll
2009-12-26 08:46 . 2009-12-26 08:46 4608 —-a-w- c:windowssystem32w95inf32.dll
2009-12-26 08:46 . 2009-12-26 08:46 2272 —-a-w- c:windowssystem32w95inf16.dll
2009-12-19 16:26 . 2009-12-27 07:35
d
w- c:program filesGoogle.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 18:30 . 2009-12-06 20:11 5115824 —-a-w- c:documents and settingsAll UsersApplication DataMalwarebytesMalwarebytes’ Anti-Malwarembam-setup.exe
2010-01-11 09:57 . 2004-10-21 10:52 816312 —-a-w- c:windowssystem32perfh019.dat
2010-01-11 09:57 . 2004-10-21 10:52 196510 —-a-w- c:windowssystem32perfc019.dat
2010-01-11 09:56 . 2008-12-07 16:00
d
w- c:program filesWebMoney
2010-01-11 08:28 . 2009-03-13 07:11
d
w- c:documents and settingsAll UsersApplication DataAlawarWrapper
2010-01-05 18:12 . 2009-06-27 18:00
d
w- c:documents and settings1Application DataSuper-Cow
2010-01-02 08:17 . 2009-11-29 07:56
d
w- c:program filesMalwarebytes’ Anti-Malware
2010-01-01 18:59 . 2007-09-16 11:38
d
w- c:program filesAkella Games
2010-01-01 17:39 . 2009-07-18 13:11
d
w- c:program filesOpenAL
2010-01-01 17:39 . 2009-07-18 13:10 109080 —-a-w- c:windowssystem32OpenAL32.dll
2010-01-01 17:39 . 2009-07-18 13:10 444952 —-a-w- c:windowssystem32wrap_oal.dll
2009-12-30 12:55 . 2009-11-29 07:56 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2009-12-30 12:54 . 2009-11-29 07:56 19160 —-a-w- c:windowssystem32driversmbam.sys
2009-12-30 10:32 . 2008-05-10 08:40
d
w- c:documents and settings1Application DataNokia Multimedia Player
2009-12-26 16:47 . 2009-01-11 08:25
d
w- c:program filesCommon FilesWise Installation Wizard
2009-12-26 16:47 . 2009-01-11 08:25
d
w- c:program filesAGEIA Technologies
2009-12-15 17:57 . 2009-04-26 07:46
d
w- c:program filesMetaTrader
2009-12-13 08:44 . 2009-11-13 08:36
d
w- c:program filesVVSN
2009-12-13 08:30 . 2009-11-28 19:49
d
w- c:program filesUnlocker
2009-12-11 18:34 . 2009-11-23 18:22 79488 —-a-w- c:documents and settings1Application DataSuper-CowSunJavajre1.6.0_17gtapi.dll
2009-12-07 18:06 . 2007-09-14 14:46
d—h—w- c:program filesInstallShield Installation Information
2009-12-07 18:04 . 2009-12-07 18:04
d
w- c:program filesActivision
2009-12-06 20:07 . 2009-11-28 19:25
d
w- c:program filestrend micro
2009-12-06 20:02 . 2008-12-07 15:59
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2009-12-06 07:59 . 2009-12-06 07:59
d
w- c:program filesDivXCodec
2009-12-06 07:26 . 2009-12-06 07:26
d
w- c:program filesMemory Tester
2009-11-29 07:56 . 2009-11-29 07:56
d
w- c:documents and settings1Application DataMalwarebytes
2009-11-29 07:56 . 2009-11-29 07:56
d
w- c:documents and settingsAll UsersApplication DataMalwarebytes
2009-11-29 07:56 . 2009-11-29 07:56 4045528 —-a-w- C:mbam-setup.exe
2009-11-28 18:52 . 2009-11-28 18:52
d
w- c:program filesCA Yahoo! Anti-Spy
2009-11-28 12:59 . 2009-11-28 12:53 865 —-a-w- C:avexport.bat
2009-11-28 12:59 . 2009-11-28 12:39 574 —-a-w- C:cleanup.bat
2009-11-24 23:54 . 2009-05-28 19:14 1280480 —-a-w- c:windowssystem32aswBoot.exe
2009-11-24 23:51 . 2009-05-28 19:15 93424 —-a-w- c:windowssystem32driversaswmon.sys
2009-11-24 23:50 . 2009-05-28 19:15 94160 —-a-w- c:windowssystem32driversaswmon2.sys
2009-11-24 23:50 . 2009-05-28 19:15 114768 —-a-w- c:windowssystem32driversaswSP.sys
2009-11-24 23:50 . 2009-05-28 19:15 20560 —-a-w- c:windowssystem32driversaswFsBlk.sys
2009-11-24 23:49 . 2009-05-28 19:15 48560 —-a-w- c:windowssystem32driversaswTdi.sys
2009-11-24 23:48 . 2009-05-28 19:15 23120 —-a-w- c:windowssystem32driversaswRdr.sys
2009-11-24 23:47 . 2009-05-28 19:15 27408 —-a-w- c:windowssystem32driversaavmker4.sys
2009-11-24 23:47 . 2009-05-28 19:15 97480 —-a-w- c:windowssystem32AvastSS.scr
2009-11-24 10:24 . 2008-12-07 16:03
d
w- c:documents and settings1Application DataWebMoney
2009-11-19 08:43 . 2009-11-13 09:01 22328 —-a-w- c:windowssystem32driversPnkBstrK.sys
2009-11-13 08:44 . 2009-11-13 08:44
d—h—r- c:documents and settings1Application DataSecuROM
2009-11-13 08:44 . 2009-11-13 08:44 107888 —-a-w- c:windowssystem32CmdLineExt.dll
2009-10-13 17:45 . 2009-10-13 17:45 89 —-a-w- c:windowssystem3242627.bat
.
Sigcheck
[-] 2007-09-14 . BC260ED748748149DB05B29B256A0500 . 503808 . . [5.1.2600.2180] . . c:windowssystem32winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-04-20 3701024][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-04-20 3701024][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«YSearchProtection»=»c:program filesYahoo!Search ProtectionSearchProtection.exe» [2009-02-03 111856]
«Search Protection»=»c:program filesYahoo!Search ProtectionSearchProtection.exe» [2009-02-03 111856]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-08-17 1667584]
«ccleaner»=»c:program filesCCleanerCCleaner.exe» [2009-12-21 1803064][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-11-24 81000]
«VVSN»=»c:program filesVVSNVVSN.exe» [2005-10-25 107520]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-03-09 148888]
«YSearchProtection»=»c:program filesYahoo!Search ProtectionSearchProtection.exe» [2009-02-03 111856]
«RTBatteryMeter»=»c:program filesVibrateGameDeviceDriverRFPIcon.exe» [2003-01-16 49152]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2008-10-01 209376]
«PCSuiteTrayApplication»=»c:program filesNokiaNokia PC Suite 6LaunchApplication.exe» [2007-03-23 227328]
«AlcFDMonitor»=»c:windowsALCFDRTM.EXE» [2007-09-14 73728]
«DAEMON Tools»=»f:daemon toolsdaemon.exe» [2005-11-08 128920]
«ISUSScheduler»=»c:program filesCommon FilesInstallShieldUpdateServiceissch.exe» [2004-06-16 81920]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2004-11-02 32768]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2001-07-09 155648]
«ISUSPM Startup»=»c:progra~1COMMON~1INSTAL~1UPDATE~1isuspm.exe» [2004-06-16 221184]
«SkyTel»=»SkyTel.EXE» [2006-05-16 2879488]
«nwiz»=»nwiz.exe» [2007-04-20 1626112]
«UnlockerAssistant»=»c:program filesUnlockerUnlockerAssistant.exe» [2008-05-02 15872]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2007-04-20 8429568]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2007-04-20 81920]
«Malwarebytes Anti-Malware (reboot)»=»c:program filesMalwarebytes’ Anti-Malwarembam.exe» [2009-12-30 1389904]
«RTHDCPL»=»RTHDCPL.EXE» [2007-02-26 16125440][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-10-21 15360]
«Nokia.PCSync»=»c:program filesNokiaNokia PC Suite 6PcSync2.exe» [2007-03-27 1744896]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Adobe Reader Speed Launch.lnk — c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2004-12-14 29696][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Messenger\msmsgs.exe»=R0 sptd;sptd;c:windowssystem32driverssptd.sys [03.12.2007 19:23 664064]
R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [28.05.2009 21:15 114768]
R1 BIOS;BIOS;c:windowssystem32driversBIOS.sys [14.09.2007 21:28 13696]
R1 prodrv01;prodrv01;c:windowssystem32driversprodrv01.sys [09.02.2008 10:32 125184]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [28.05.2009 21:15 20560]
S0 lyny;lyny;c:windowssystem32driversailtkmj.sys —> c:windowssystem32driversailtkmj.sys [?]
S0 sonhck;sonhck;c:windowssystem32driversfksxgpg.sys —> c:windowssystem32driversfksxgpg.sys [?]
S0 ywstyig;ywstyig;c:windowssystem32driversgpuvdxuk.sys —> c:windowssystem32driversgpuvdxuk.sys [?]
S3 DynCal;Dynamic Calibration Service;c:windowssystem32driversDynCal.sys [21.05.2007 17:26 21168]
.
Contents of the ‘Scheduled Tasks’ folder2010-01-16 c:windowsTasksUser_Feed_Synchronization-{ECEC8751-3A19-4D55-82AF-C772CD7D74B5}.job
— c:windowssystem32msfeedssync.exe [2009-03-08 01:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/?clid=40316
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: {{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
.
— — — — ORPHANS REMOVED — — — —BHO-{B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} — c:program filesWebMoney Advisorwmadvisor.dll
Toolbar-{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
WebBrowser-{3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} — c:program filesWebMoney Advisorwmadvisor.dll
HKLM-Run-NevoDRM — c:игры от nevosoftNevoDRMNevoDRM.exe
AddRemove-chicken_rush — c:игры от nevosoftChicken Rushuninstall.exe
AddRemove-Driver — f:driverUninst.isu
AddRemove-Farming Simulator 2009 1.1 — f:farming simulator 2009Uninstall.exe
AddRemove-Indeo® software — c:program filesIntelIndeoUninst.isu
AddRemove-magic_academy_2 — c:игры от nevosoftMagic Academy 2uninstall.exe
AddRemove-super_cow — c:игрыSuper Cowuninstall.exe**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 11:59
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
c:windowssystem32iedkcs32.dll.mui:SxmeJqIiA1O 129536 bytes executable
c:windowssystem32msrating.dll.mui:SxmeJqIiA1O 129536 bytes executablescan completed successfully
hidden files: 2**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x879C70E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
DriverDisk -> 0x879c70e8
DriverACPI -> ACPI.sys @ 0xf72accb8
Driveratapi -> sfsync04.sys @ 0xf7284a7c
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
DeviceHarddisk0DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf714bba0
PacketIndicateHandler -> NDIS.sys @ 0xf7158b21
SendHandler -> NDIS.sys @ 0xf713687b
Warning: possible MBR rootkit infection !
user & kernel MBR OK**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘explorer.exe'(2556)
c:windowssystem32msi.dll
c:windowssystem32ieframe.dll
.
Other Running Processes
.
c:windowssystem32RUNDLL32.EXE
c:windowsRTHDCPL.EXE
c:program filesJavajre6binjqs.exe
c:windowssystem32nvsvc32.exe
c:program filesYahoo!SoftwareUpdateYahooAUService.exe
c:program filesPC Connectivity SolutionServiceLayer.exe
c:windowssystem32wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-11 12:00:25 — machine was rebooted
ComboFix-quarantined-files.txt 2010-01-11 10:00Pre-Run: 6 071 930 880 байт свободно
Post-Run: 6 006 202 368 байт свободноWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetectCurrent=9 Default=9 Failed=8 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
— — End Of File — — 4CA8742B12D2E0CEB0D053F6836C9B77
- Для ответа в этой теме необходимо авторизоваться.
