|
вирусня в расшаренных папках по сети
всем привет, парни помогите как убить вирус!
в расшаренных папках по сети появляются папки типа как увнеличить ч..., или как студенты отметили выпуск, внутри папок фотки! антивирус стоит zillya. |
reddenya, выполните правила
Сделайте лог полного сканирования MBAM Скачайте ComboFix здесь, здесь или здесь и сохраните на рабочий стол. 1. Внимание! Обязательно закройте все браузеры, временно выключите антивирус, firewall и другое защитное программное обеспечение. Не запускайте других программ во время работы Combofix. Combofix может отключить интернет через некоторое время после запуска, не переподключайте интернет пока Combofix не завершит работу. Если интернет не появился после окончания работы Combofix, перезагрузите компьютер. Во время работы Combofix не нажимайте кнопки мыши, это может стать причиной зависания Combofix. 2. Запустите combofix.exe, когда процесс завершится, C:\ComboFix.txt прикрепите к сообщению. Примечание: в случае, если ComboFix не запускается, переименуйте combofix.exe в combo-fix.exe |
Лог ComboFix
читать дальше »
ComboFix 09-11-13.04 - Admin 13.11.2009 11:50.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.447.124 [GMT 3:00] Running from: c:\documents and settings\Admin\Рабочий стол\ComboFix.exe AV: Zillya! Антивірус *On-access scanning disabled* (Updated) {A0BEC30E-D001-49e9-9DF2-06577681054C} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat D:\install.exe ----- BITS: Possible infected sites ----- hxxp://soft.export.yandex.ru hxxp://download.yandex.ru . ((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-13 08:52 . 2009-11-13 07:13 -------- d-----w- c:\program files\Net Speakerphone 4 2009-11-13 08:46 . 2009-11-13 06:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Zillya Antivirus 2009-11-13 08:26 . 2009-11-13 08:26 167376 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\FlashGot.exe 2009-11-13 08:21 . 2009-11-13 06:27 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-11-13 08:09 . 2009-11-13 08:08 512 ----a-w- c:\windows\system32\WTCY9853.dat 2009-11-13 08:05 . 2009-11-13 08:05 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-13 08:05 . 2009-11-13 08:05 -------- d-----w- c:\program files\Common Files\InstallShield 2009-11-13 08:00 . 2009-11-13 06:46 69896 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-13 08:00 . 2009-11-13 07:59 -------- d-----w- c:\documents and settings\Admin\Application Data\Corel 2009-11-13 07:52 . 2009-11-13 07:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel 2009-11-13 07:48 . 2009-11-13 07:48 -------- d-----w- c:\program files\Common Files\Corel 2009-11-13 07:46 . 2009-11-13 07:46 -------- d-----w- c:\program files\Corel 2009-11-13 07:40 . 2009-11-13 07:36 -------- d-----w- c:\documents and settings\Admin\Application Data\DAEMON Tools Lite 2009-11-13 07:39 . 2009-11-13 07:39 -------- d-----w- c:\documents and settings\Admin\Application Data\DAEMON Tools Pro 2009-11-13 07:39 . 2009-11-13 07:39 -------- d-----w- c:\documents and settings\Admin\Application Data\DAEMON Tools 2009-11-13 07:38 . 2009-11-13 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-11-13 07:38 . 2009-11-13 07:01 -------- d-----w- c:\program files\Daemon Tools Lite 2009-11-13 07:38 . 2009-11-13 06:46 -------- d-----w- c:\documents and settings\Admin\Application Data\Yandex 2009-11-13 07:38 . 2009-11-13 07:38 -------- d-----w- c:\program files\Yandex 2009-11-13 07:34 . 2009-11-13 06:55 -------- d-----w- c:\program files\TCWL 2009-11-13 07:30 . 2009-11-13 07:30 -------- d---a-w- c:\program files\AVZ 2009-11-13 07:29 . 2009-11-13 07:29 603904 ----a-w- c:\windows\system32\TUProgSt.exe 2009-11-13 07:29 . 2009-11-13 07:29 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-11-13 07:29 . 2009-11-13 07:29 -------- d-----w- c:\documents and settings\Admin\Application Data\TuneUp Software 2009-11-13 07:29 . 2009-11-13 07:29 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-11-13 07:29 . 2009-11-13 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-11-13 07:29 . 2009-11-13 07:29 -------- d-----w- c:\program files\Skype 2009-11-13 07:29 . 2009-11-13 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-11-13 07:28 . 2009-11-13 07:28 -------- d---a-w- c:\program files\FoxitReader 2009-11-13 07:28 . 2009-11-13 07:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-11-13 07:28 . 2009-11-13 07:28 -------- d-----w- c:\program files\Classic Menu for Office 2009-11-13 07:28 . 2009-11-13 07:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-11-13 07:16 . 2009-11-13 07:16 -------- d-----w- c:\program files\Microsoft Works 2009-11-13 07:15 . 2009-11-13 07:15 -------- d-----w- c:\program files\Microsoft.NET 2009-11-13 07:13 . 2009-11-13 07:13 -------- d-----w- c:\documents and settings\Admin\Application Data\NetSpeakerphone 2009-11-13 07:13 . 2008-04-15 12:00 84082 ----a-w- c:\windows\system32\perfc019.dat 2009-11-13 07:13 . 2008-04-15 12:00 484362 ----a-w- c:\windows\system32\perfh019.dat 2009-11-13 07:07 . 2009-11-13 07:07 -------- d-----w- c:\program files\AIMP2 2009-11-13 07:07 . 2009-11-13 07:07 -------- d-----w- c:\program files\Voxware Audio decoder 2009-11-13 07:07 . 2009-11-13 07:06 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-11-13 07:06 . 2009-11-13 07:04 -------- d---a-w- c:\program files\PhotoshopCS4 2009-11-13 07:02 . 2009-11-13 07:02 -------- d-----w- c:\program files\Common Files\EZB Systems 2009-11-13 07:02 . 2009-11-13 07:02 -------- d-----w- c:\program files\UltraISO 2009-11-13 07:01 . 2009-11-13 07:01 -------- d---a-w- c:\program files\Common Files\Nero 2009-11-13 07:01 . 2009-11-13 07:01 -------- d-----w- c:\program files\Nero 2009-11-13 07:00 . 2009-11-13 07:00 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys 2009-11-13 07:00 . 2009-11-13 07:00 540000 ----a-w- c:\windows\system32\drivers\timntr.sys 2009-11-13 07:00 . 2009-11-13 07:00 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys 2009-11-13 07:00 . 2009-11-13 07:00 134272 ----a-w- c:\windows\system32\drivers\snman380.sys 2009-11-13 06:59 . 2009-11-13 06:59 -------- d-----w- c:\program files\Common Files\Acronis 2009-11-13 06:59 . 2009-11-13 06:59 -------- d-----w- c:\program files\Acronis 2009-11-13 06:50 . 2009-11-13 06:50 47616 ----a-w- c:\windows\system32\drivers\ZFMSYS.sys 2009-11-13 06:50 . 2009-11-13 06:49 -------- d-----w- c:\program files\Zillya Antivirus 2009-11-13 06:49 . 2009-11-13 06:49 -------- d-----w- c:\documents and settings\Admin\Application Data\Zillya Antivirus 2009-11-13 06:49 . 2009-11-13 06:48 -------- d-----w- c:\program files\EPSON 2009-11-13 06:49 . 2009-11-13 06:49 -------- d-----w- c:\program files\Common Files\EPSON 2009-11-13 06:40 . 2009-11-13 06:40 65800 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-11-13 06:39 . 2009-11-13 06:39 -------- d-----w- c:\program files\MSBuild 2009-11-13 06:39 . 2009-11-13 06:39 -------- d-----w- c:\program files\Reference Assemblies 2009-11-13 06:32 . 2009-11-13 06:32 -------- d-----w- c:\program files\microsoft frontpage 2009-11-13 06:31 . 2009-11-13 06:30 -------- d-----w- c:\program files\SystemProgs 2009-11-13 06:31 . 2009-11-13 06:31 -------- d-----w- c:\program files\TaskBaric 2009-11-13 06:31 . 2009-11-13 06:31 -------- d---a-w- c:\program files\Paint.NET 2009-11-13 06:31 . 2009-11-13 06:31 -------- d-----w- c:\program files\VistaDriveIcon 2009-11-13 06:31 . 2009-11-13 06:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-11-13 06:31 . 2009-11-13 06:31 -------- d-----w- c:\program files\Total Com 2009-11-13 06:31 . 2009-11-13 06:31 -------- d-----w- c:\program files\Neo Utilities 2009-11-13 06:24 . 2009-11-13 06:24 22564 ----a-w- c:\windows\system32\emptyregdb.dat 2009-11-13 06:24 . 2009-11-13 06:23 -------- d-----w- c:\program files\Windows Media Connect 2 2009-09-23 08:56 . 2009-11-13 06:48 64000 ----a-w- c:\windows\system32\ECBTEG.DLL . ------- Sigcheck ------- [-] 2008-12-13 . EC936BB945F789C0B4DAE06397334430 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2009-04-30 . F44B444A2FAB211D2D9676FC924DB61A . 653312 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2009-06-06 . 6ADCC4C752E8409A683D3C415D3B70B9 . 2330368 . . [5.1.2600.5755] . . c:\windows\system32\ntoskrnl.exe [-] 2008-11-19 . 7648BE418C5E61680DAB375567542481 . 650752 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2009-04-30 . 831710A866483D4BE0ACAFDB85EDC9D0 . 970752 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll [-] 2009-04-30 . B27A8C30A9B7BBD0B409ACA96BCFFA23 . 1926144 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2009-05-05 . 2BCEA1CEDE531253B3D6CC1A57A560DE . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll [-] 2009-04-30 . E880528ACB65C5E05EE7CF83B08464EA . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2009-04-30 . 7AB8BB160C1EC59E14C709216BE53A34 . 2207360 . . [5.1.2600.5755] . . c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2009-07-24 5586208] [HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}] [HKEY_CLASSES_ROOT\Yandex.Toolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}] [HKEY_CLASSES_ROOT\Yandex.Toolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2009-07-24 5586208] [HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}] [HKEY_CLASSES_ROOT\Yandex.Toolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}] [HKEY_CLASSES_ROOT\Yandex.Toolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UberIcon"="c:\program files\SystemProgs\UberIcon\UberIconManager.exe" [2007-08-17 159744] "VistaIcon"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2008-03-23 132096] "Zillya Antivirus"="c:\program files\Zillya Antivirus\zillya.exe" [2009-08-27 3486968] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PuntoSwitcher"="c:\program files\SystemProgs\PuntoSwitcher\punto.exe" [2009-05-09 830248] "TaskSwitchXP"="c:\program files\SystemProgs\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976] "VisualTaskTips"="c:\program files\SystemProgs\VisualTaskTips\VisualTaskTips.exe" [2008-06-23 65536] "UberIcon"="c:\program files\SystemProgs\UberIcon\UberIconManager.exe" [2007-08-17 159744] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-12-17 4390712] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-12-18 962160] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-12-18 165144] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2007-04-16 577536] "VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-14 53248] "VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2007-04-25 176128] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-04-30 37376] "VistaIcon"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2008-03-23 132096] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IE8_01"="shell32" [X] "ZZZZ2_FirstLogonSetting"="advpack.dll" - c:\windows\system32\advpack.dll [2009-04-30 128512] "IE8_02"="advpack.dll" - c:\windows\system32\advpack.dll [2009-04-30 128512] c:\documents and settings\Admin\ѓ«*ў*®Ґ ¬Ґ*о\Џа®Ја*¬¬л\Ђўв®§*Јаг§Є*\ Net Speakerphone.lnk - c:\program files\Net Speakerphone 4\NetSph.exe [2009-11-13 926720] c:\documents and settings\All Users\ѓ«*ў*®Ґ ¬Ґ*о\Џа®Ја*¬¬л\Ђўв®§*Јаг§Є*\ EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2009-11-13 135680] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoThumbnailCache"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoThumbnailCache"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "UpdatesOverride"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [13.11.2009 10:00 134272] R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [13.11.2009 10:00 971552] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [13.11.2009 12:12 21144] R0 zfmsys;zfmsys;c:\windows\system32\drivers\ZFMSYS.sys [13.11.2009 9:50 47616] R1 anftdird.sys;anftdird.sys;c:\windows\system32\drivers\anftdird.sys [13.11.2009 9:50 8448] R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.11.2009 9:57 15872] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [13.11.2009 10:29 603904] R2 ZillyaService;Zillya Core Service;c:\program files\Zillya Antivirus\avservice.exe [13.11.2009 9:50 124152] --- Other Services/Drivers In Memory --- *NewlyCreated* - MBR *NewlyCreated* - PROCEXP113 *NewlyCreated* - SECDRV *NewlyCreated* - SRSERVICE *Deregistered* - mbr *Deregistered* - PROCEXP113 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-11-13 c:\windows\Tasks\Быстрое решение проблем.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36] . . ------- Supplementary Scan ------- . uStart Page = hxxp://lonerd.dreamprogs.net mStart Page = hxxp://lonerd.dreamprogs.net TCP: {95E8E990-DCFD-4C40-9B3F-4CDE843E4C94} = 82.207.69.34 FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\ FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("startup.homepage_welcome_url","about:blank"); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.startup.page", 3); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("extensions.piclens.ShowWelcomeOnUpdate", "false"); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("extensions.lastAppVersion", "3.0"); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("extensions.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.safebrowsing.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.safebrowsing.malware.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("extensions.update.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("xpinstall.whitelist.required", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("security.warn_entering_secure", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("security.warn_entering_weak", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("security.warn_leaving_secure", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("security.warn_submit_insecure", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("security.warn_viewing_mixed", false); . - - - - ORPHANS REMOVED - - - - Toolbar-ITBar7Position - (no file) HKCU-Run-VisualTaskTips - c:\program files\System Progs\VisualTaskTips\VisualTaskTips.exe HKU-Default-Run-VisualTaskTips - c:\program files\System Progs\VisualTaskTips\VisualTaskTips.exe HKU-Default-Run-UberIcon - c:\program files\System Progs\UberIcon\UberIcon Manager.exe AddRemove-CDClose - c:\windows\system32\ShellExt\CDClosedel.bat AddRemove-HashTab - c:\windows\system32\ShellExt\htdel32.bat ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-13 11:55 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys xfilt.sys atapi.sys spqn.sys hal.dll >>UNKNOWN [0x843CD938]<< kernel: MBR read successfully user & kernel MBR OK Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net atapi.sys @ 0x0 0x0 bytes \Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF731CB40 atapi.sys \Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF731CB40 atapi.sys \Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF731CB40 atapi.sys \Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF731CB40 atapi.sys \Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF731CB40 atapi.sys \Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF731CB40 atapi.sys \Driver\atapi IRP hooks detected ! ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(852) c:\windows\system32\SETUPAPI.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(924) c:\windows\system32\SETUPAPI.dll . Completion time: 2009-11-13 11:57 ComboFix-quarantined-files.txt 2009-11-13 08:57 Pre-Run: 1*064*591*360 байт свободно Post-Run: 1*064*165*376 байт свободно - - End Of File - - 6201C57E18264B1D3C6B7D8A1A81B4E2 |
|
| Время: 22:59. |
Время: 22:59.
© OSzone.net 2001-