Новости
Видео
Microsoft
Windows 10
Железо
Программы
Форум
Имя пользователя:
Пароль:
 

Название темы: [решено] Банер SMS вымогателя Панда - W32/Xor-encoded.A отключился доступ к сайтам
Показать сообщение отдельно

Новый участник


Сообщения: 8
Благодарности: 0

Профиль | Отправить PM | Цитировать

ComboFix
Код: Выделить весь код
ComboFix 10-11-23.05 - Владимир 24.11.2010  20:56:04.2.2 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.3.1251.7.1049.18.1022.564 [GMT 3:00]
Running from: d:\софт\virus\ComboFix.exe
Command switches used :: c:\documents and settings\Владимир\Рабочий стол\CFScript.txt
AV: Panda Global Protection 2010 *On-access scanning disabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2010 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

FILE ::
"c:\windows1\system32\'dnЂ"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\FE5DE07a
c:\windows1\system32\'dnЂ
.
---- Previous Run -------
.
c:\documents and settings\Владимир\Application Data\avdrn.dat
c:\documents and settings\Владимир\Application Data\HomePage.exe
c:\documents and settings\Владимир\Local Settings\Application Data\Target Marketing Agency
c:\documents and settings\Владимир\Local Settings\Application Data\Target Marketing Agency\TMAgent\data.bin
c:\documents and settings\Владимир\Local Settings\Application Data\Target Marketing Agency\TMAgent\params.bin
c:\documents and settings\Владимир\Local Settings\Application Data\Target Marketing Agency\TMAgent\tmagent.bin
c:\documents and settings\Владимир\Local Settings\Temporary Internet Files\005B0CEE_9E44_4874_BB3A_AA90BF414B9B.gif
c:\documents and settings\Владимир\Local Settings\Temporary Internet Files\01166880_8BC0_4d39_A5B3_2B79D15BD947.gif
c:\documents and settings\Владимир\Local Settings\Temporary Internet Files\1F48DC7F-5AAB-4068-94FB-28260DD487DD.gif
c:\documents and settings\Владимир\Local Settings\Temporary Internet Files\224C20AC-2B10-4f47-A087-071DF48FA255.gif
c:\documents and settings\Владимир\Local Settings\Temporary Internet Files\285A80BD-1AA2-44e2-8A9A-8AC461BE0EFE.gif
c:\documents and settings\Владимир\Local Settings\Temporary Internet Files\A9C3BB22_B095_4bb9_A4FD_1CB3643AF9A0.jpg
c:\documents and settings\Владимир\Local Settings\Temporary Internet Files\ADED7C5B-E485-4485-8089-5F2E2DE42E91.gif
c:\documents and settings\Владимир\Local Settings\Temporary Internet Files\B12B218E_7A00_457d_BC82_2757D4C18CC1.gif
c:\documents and settings\Владимир\Local Settings\Temporary Internet Files\C82F82E3_1710_4965_ACF4_176308ED93A5.gif
c:\documents and settings\Владимир\Local Settings\Temporary Internet Files\D0FE389E_400B_440b_9071_2587A57961E3.gif
c:\documents and settings\Владимир\Local Settings\Temporary Internet Files\D376F538-6C5D-41ae-B596-C030BE6366B7.gif
c:\documents and settings\Владимир\Local Settings\Temporary Internet Files\DE6B7F39_B028_48ef_8D77_5471C7278A14.gif
c:\documents and settings\Владимир\Local Settings\Temporary Internet Files\E293A409_F14F_4c04_962F_4FE36C7CDD9F.jpg
c:\documents and settings\Владимир\Local Settings\Temporary Internet Files\E99CE768_8677_4652_B475_BA6BE092A64A.gif
c:\documents and settings\Владимир\Local Settings\Temporary Internet Files\F3FCCA3A_1396_4121_84BC_C7AA4524D721.gif
c:\documents and settings\Владимир\Local Settings\Temporary Internet Files\FE560CBF_28CF_4906_A438_C86C6CA84F93.gif
C:\feed.txt
c:\program files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll
c:\program files\Mozilla Firefox\setupapi.dll
c:\program files\MyCentria
c:\program files\MyCentria\Firefox\adcentria.uid
c:\program files\MyCentria\Firefox\adcentria.xml
c:\windows1\74m.dll
c:\windows1\system32\drivers\etc\lmhosts
d:\проект~1\КРЕСТЬ~1\ИЗУЧЕНИЕ\ЖИВОТНЫЕ\СПРАво~1.exe

.
(((((((((((((((((((((((((   Files Created from 2010-10-24 to 2010-11-24  )))))))))))))))))))))))))))))))
.

2010-11-24 15:29 . 2010-11-24 15:29	--------	d--h--w-	c:\windows1\ie8
2010-11-24 14:15 . 2010-11-24 14:15	--------	d-----w-	c:\documents and settings\Владимир\Application Data\Malwarebytes
2010-11-24 14:15 . 2010-04-29 12:39	38224	----a-w-	c:\windows1\system32\drivers\mbamswissarmy.sys
2010-11-24 14:15 . 2010-11-24 14:15	--------	d-----w-	c:\documents and settings\All Users.WINDOWS1\Application Data\Malwarebytes
2010-11-24 14:15 . 2010-04-29 12:39	20952	----a-w-	c:\windows1\system32\drivers\mbam.sys
2010-11-24 14:15 . 2010-11-24 14:15	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-11-24 11:13 . 2010-11-24 11:13	--------	d-----w-	c:\documents and settings\TTL-L¦L¦
2010-11-23 20:09 . 2010-11-23 20:09	--------	d-----w-	C:\rsit
2010-11-23 20:09 . 2010-11-23 20:09	--------	d-----w-	c:\program files\trend micro
2010-11-23 17:54 . 2010-11-23 17:54	--------	d-----w-	c:\documents and settings\Администратор\DoctorWeb
2010-11-23 16:50 . 2001-10-04 11:13	3584	----a-w-	c:\program files\Common Files\Microsoft Shared\DAO\comcat.dll
2010-11-23 16:50 . 2001-10-04 10:16	1338880	----a-w-	c:\program files\Common Files\Microsoft Shared\DAO\shdocvw.dll
2010-11-23 16:25 . 2010-11-23 16:25	--------	d-----w-	c:\program files\Uniblue
2010-11-23 16:25 . 2010-11-23 16:25	--------	d-----w-	c:\documents and settings\Владимир\Local Settings\Application Data\PackageAware
2010-11-20 20:19 . 2010-11-20 20:19	--------	d-----w-	c:\program files\deLight3D
2010-11-19 06:34 . 2010-11-10 04:33	6273872	----a-w-	c:\documents and settings\All Users.WINDOWS1\Application Data\Microsoft\Windows Defender\Definition Updates\{8A58145F-0C23-4767-B7B3-41BE985C2FDA}\mpengine.dll
2010-11-16 06:38 . 2010-11-16 06:38	--------	d-----w-	c:\program files\QipGuard
2010-11-16 06:38 . 2010-11-16 06:38	--------	d-----w-	c:\documents and settings\Владимир\Application Data\QipGuard
2010-11-16 06:38 . 2010-11-08 10:24	149968	----a-w-	c:\documents and settings\Владимир\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
2010-11-16 06:36 . 2010-11-16 06:36	--------	d-----w-	c:\program files\QIP 2010
2010-11-11 12:16 . 2010-11-11 12:16	--------	d-----w-	c:\program files\18 Wheels Of Steel Extreme Trucker
2010-10-27 13:33 . 1999-05-26 23:09	277504	----a-w-	c:\windows1\system32\PerlCRT.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-24 17:38 . 2010-10-12 13:34	13880	----a-w-	c:\windows1\system32\drivers\COMFiltr.sys
2010-10-19 07:41 . 2010-09-23 15:17	222080	------w-	c:\windows1\system32\MpSigStub.exe
2010-10-08 00:21 . 2010-09-23 15:17	6146896	----a-w-	c:\documents and settings\All Users.WINDOWS1\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-09-18 09:23 . 2006-03-02 09:00	974848	----a-w-	c:\windows1\system32\mfc42u.dll
2010-09-18 07:53 . 2006-03-02 09:00	974848	----a-w-	c:\windows1\system32\mfc42.dll
2010-09-18 07:53 . 2006-03-02 09:00	954368	----a-w-	c:\windows1\system32\mfc40.dll
2010-09-18 07:53 . 2006-03-02 09:00	953856	----a-w-	c:\windows1\system32\mfc40u.dll
2010-09-10 05:51 . 2006-03-02 09:00	916480	----a-w-	c:\windows1\system32\wininet.dll
2010-09-10 05:51 . 2006-03-02 09:00	43520	------w-	c:\windows1\system32\licmgr10.dll
2010-09-10 05:51 . 2006-03-02 09:00	1469440	------w-	c:\windows1\system32\inetcpl.cpl
2010-09-01 12:52 . 2006-03-02 09:00	285824	----a-w-	c:\windows1\system32\atmfd.dll
2010-09-01 08:57 . 2006-03-02 09:00	1852928	----a-w-	c:\windows1\system32\win32k.sys
2010-08-27 09:03 . 2006-03-02 09:00	119808	----a-w-	c:\windows1\system32\t2embed.dll
2010-08-27 06:54 . 2006-03-02 09:00	99840	----a-w-	c:\windows1\system32\srvsvc.dll
2010-08-27 02:43 . 2008-05-05 04:25	5120	----a-w-	c:\windows1\system32\xpsp4res.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-24 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"QIP Internet Guardian"="c:\documents and settings\Владимир\Application Data\QipGuard\QipGuard.exe" [2010-11-08 193488]
"Infium"="c:\program files\QIP 2010\qip.exe" [2010-11-08 5837264]
"ctfmon.exe"="c:\windows1\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MAgent"="c:\program files\Mail.Ru\Agent\MAgent.exe" [2009-12-23 8746680]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows1\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows1\system32\NvCpl.dll" [2010-07-09 13923432]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" [2009-09-25 906496]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2010\Inicio.exe" [2009-08-12 56064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows1\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\VVV\ѓ«*ў*®Ґ ¬Ґ*о\Џа®Ја*¬¬л\Ђўв®§*Јаг§Є*\
Total Commander.lnk - c:\program files\Total Commander\Totalcmd.exe [2008-10-4 1091768]

c:\documents and settings\All Users.WINDOWS1\ѓ«*ў*®Ґ ¬Ґ*о\Џа®Ја*¬¬л\Ђўв®§*Јаг§Є*\
Total Commander.lnk - c:\program files\Total Commander\Totalcmd.exe [2008-10-4 1091768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 13:58	58672	----a-w-	c:\windows1\system32\avldr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 wdigest schannel

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Владимир^Главное меню^Программы^Автозагрузка^MagicDisc.lnk]
path=c:\documents and settings\Владимир\Главное меню\Программы\Автозагрузка\MagicDisc.lnk
backup=c:\windows1\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Владимир^Главное меню^Программы^Автозагрузка^monmvr32.exe]
path=c:\documents and settings\Владимир\Главное меню\Программы\Автозагрузка\monmvr32.exe
backup=c:\windows1\pss\monmvr32.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 17:10	15360	----a-w-	c:\windows1\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS1\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS1\\System32\\usmt\\migwiz.exe"=
"c:\\WINDOWS1\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:*:Disabled:Группирование одноранговой сети Windows
"3540:UDP"= 3540:UDP:PNRP-протокол (Peer Name Resolution Protocol)
"9249:TCP"= 9249:TCP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 pavboot;Panda boot driver;c:\windows1\system32\drivers\pavboot.sys [12.10.2010 15:28 28552]
R1 APPFLT;App Filter Plugin;c:\windows1\system32\drivers\APPFLT.SYS [12.10.2010 16:29 75016]
R1 DSAFLT;DSA Filter Plugin;c:\windows1\system32\drivers\dsaflt.sys [12.10.2010 16:30 53128]
R1 FNETMON;NetMon Filter Plugin;c:\windows1\system32\drivers\fnetmon.sys [12.10.2010 16:29 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows1\system32\drivers\idsflt.sys [12.10.2010 16:30 193800]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows1\system32\drivers\NETFLTDI.SYS [12.10.2010 16:29 159112]
R1 ShldDrv;Panda File Shield Driver;c:\windows1\system32\drivers\ShlDrv51.sys [12.10.2010 15:27 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows1\system32\drivers\wnmflt.sys [12.10.2010 16:30 46728]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows1\system32\svchost -k Panda --> c:\windows1\system32\svchost -k Panda [?]
R2 Iprip;Слушатель RIP;c:\windows1\System32\svchost.exe -k netsvcs [02.03.2006 12:00 14336]
R2 PavProc;Panda Process Protection Driver;c:\windows1\system32\drivers\PavProc.sys [12.10.2010 15:27 163336]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2010\psksvc.exe [12.10.2010 16:29 28928]
R2 QipGuard;QipGuard;c:\program files\QipGuard\QipGuard.exe [16.11.2010 9:38 193488]
R3 NETIMFLT01060039;PANDA NDIS IM Filter Miniport v1.6.0.39;c:\windows1\system32\drivers\neti1639.sys [12.10.2010 16:29 199432]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows1\system32\PavTPK.sys --> c:\windows1\system32\PavTPK.sys [?]
S0 hliqn;hliqn; [x]
S2 gupdate;Служба Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.01.2010 23:30 135664]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03.11.2006 19:19 13592]
S3 AvFlt;Antivirus Filter Driver;c:\windows1\system32\drivers\av5flt.sys --> c:\windows1\system32\drivers\av5flt.sys [?]
S3 ComFiltr;Panda Anti-Dialer;c:\windows1\system32\drivers\COMFiltr.sys [12.10.2010 16:34 13880]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows1\system32\drivers\ggflt.sys [13.03.2009 13:48 13224]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows1\system32\PavSRK.sys --> c:\windows1\system32\PavSRK.sys [?]
S3 SWUSBFLT;Драйвер фильтра Microsoft SideWinder VIA;c:\windows1\system32\drivers\SWUSBFLT.SYS [01.12.2007 21:26 3968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc	REG_MULTI_SZ   	p2psvc p2pimsvc p2pgasvc PNRPSvc
panda	REG_MULTI_SZ   	Gwmsrv
.
Contents of the 'Scheduled Tasks' folder

2010-01-19 c:\windows1\Tasks\Базовая очистка1.job
- c:\program files\Panda Security\Panda Global Protection 2010\PlaTasks.exe [2010-10-12 10:46]

2010-10-12 c:\windows1\Tasks\Базовая очистка.job
- c:\program files\Panda Security\Panda Global Protection 2010\PlaTasks.exe [2010-10-12 10:46]

2010-10-14 c:\windows1\Tasks\GoogleUpdateTaskMachineCore1cb6b89b07492f4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:30]

2010-11-19 c:\windows1\Tasks\User_Feed_Synchronization-{C71399AB-9429-42D7-8E53-749F98923CD5}.job
- c:\windows1\system32\msfeedssync.exe [2007-08-13 01:31]

2010-11-22 c:\windows1\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver - c:\windows1\system32\GPhotos.scr/200
IE: Google ВикиКомментарии... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать при помощи Download Master
IE: Передать на удаленную закачку DM
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} - c:\program files\Mail.Ru\Agent\magent.exe
FF - ProfilePath - c:\documents and settings\Владимир\Application Data\Mozilla\Firefox\Profiles\le5dc63l.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://qip.ru
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\documents and settings\Владимир\Application Data\Mozilla\Firefox\Profiles\le5dc63l.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - plugin: c:\program files\deLight3D\npdelight3d.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
HKLM-Run-BHR - c:\program files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe
MSConfigStartUp-BlazeServoTool - c:\program files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
MSConfigStartUp-Download Master - c:\program files\Download Master\dmaster.exe
MSConfigStartUp-FileZilla Server Interface - c:\program files\FileZilla Server\FileZilla Server Interface.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-tropical_farm - c:\игры\Tropical farm\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-24 21:02
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows1\system32\avldr.dll

- - - - - - - > 'explorer.exe'(3332)
c:\windows1\system32\WININET.dll
c:\program files\Panda Security\Panda Global Protection 2010\pavoepl.dll
c:\windows1\system32\msi.dll
c:\windows1\system32\webcheck.dll
c:\windows1\system32\WPDShServiceObj.dll
c:\windows1\system32\PortableDeviceTypes.dll
c:\windows1\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows1\system32\nvsvc32.exe
c:\program files\Panda Security\Panda Global Protection 2010\TPSrv.exe
c:\windows1\System32\SCardSvr.exe
c:\program files\PANDA SECURITY\PANDA GLOBAL PROTECTION 2010\WebProxy.exe
c:\windows1\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
c:\windows1\system32\dllhost.exe
c:\program files\Panda Security\Panda Global Protection 2010\PsCtrls.exe
c:\program files\Panda Security\Panda Global Protection 2010\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files\panda security\panda global protection 2010\firewall\PSHOST.EXE
c:\program files\Panda Security\Panda Global Protection 2010\PsImSvc.exe
c:\windows1\system32\sessmgr.exe
c:\windows1\system32\locator.exe
c:\windows1\system32\tcpsvcs.exe
c:\windows1\System32\snmp.exe
c:\windows1\system32\RUNDLL32.EXE
c:\program files\Panda Security\Panda Global Protection 2010\SRVLOAD.EXE
c:\program files\Panda Security\Panda Global Protection 2010\PavBckPT.exe
c:\program files\Panda Security\Panda Global Protection 2010\pavsrv51.exe
c:\program files\Panda Security\Panda Global Protection 2010\AVENGINE.EXE
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows1\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2010-11-24  21:09:50 - machine was rebooted
ComboFix-quarantined-files.txt  2010-11-24 18:09

Pre-Run: 34 052 407 296 байт свободно
Post-Run: 34 108 145 664 байт свободно

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS1
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS1="Microsoft Windows XP Home Edition RU" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition RU" /noexecute=optin /fastdetect

- - End Of File - - 674637A5707D8BA3F389CF233BE7B581

Последний раз редактировалось iskander-k, 24-11-2010 в 22:55.

Отправлено: 21:15, 24-11-2010 | #6

Название темы: [решено] Банер SMS вымогателя Панда - W32/Xor-encoded.A отключился доступ к сайтам