[thyrex]

reddenya, выполните правила

Сделайте лог полного сканирования MBAM

Скачайте ComboFix здесь, здесь или здесь и сохраните на рабочий стол.

1. Внимание! Обязательно закройте все браузеры, временно выключите антивирус, firewall и другое защитное программное обеспечение. Не запускайте других программ во время работы Combofix. Combofix может отключить интернет через некоторое время после запуска, не переподключайте интернет пока Combofix не завершит работу. Если интернет не появился после окончания работы Combofix, перезагрузите компьютер. Во время работы Combofix не нажимайте кнопки мыши, это может стать причиной зависания Combofix.
2. Запустите combofix.exe, когда процесс завершится, C:\ComboFix.txt прикрепите к сообщению.
Примечание: в случае, если ComboFix не запускается, переименуйте combofix.exe в combo-fix.exe

[reddenya]

Лог ComboFix

читать дальше »

ComboFix 09-11-13.04 - Admin 13.11.2009 11:50.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.447.124 [GMT 3:00]
Running from: c:\documents and settings\Admin\Рабочий стол\ComboFix.exe
AV: Zillya! Антивірус *On-access scanning disabled* (Updated) {A0BEC30E-D001-49e9-9DF2-06577681054C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
D:\install.exe

----- BITS: Possible infected sites -----

hxxp://soft.export.yandex.ru
hxxp://download.yandex.ru
.
((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 08:52 . 2009-11-13 07:13 -------- d-----w- c:\program files\Net Speakerphone 4
2009-11-13 08:46 . 2009-11-13 06:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Zillya Antivirus
2009-11-13 08:26 . 2009-11-13 08:26 167376 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\FlashGot.exe
2009-11-13 08:21 . 2009-11-13 06:27 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-13 08:09 . 2009-11-13 08:08 512 ----a-w- c:\windows\system32\WTCY9853.dat
2009-11-13 08:05 . 2009-11-13 08:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-13 08:05 . 2009-11-13 08:05 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-13 08:00 . 2009-11-13 06:46 69896 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-13 08:00 . 2009-11-13 07:59 -------- d-----w- c:\documents and settings\Admin\Application Data\Corel
2009-11-13 07:52 . 2009-11-13 07:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2009-11-13 07:48 . 2009-11-13 07:48 -------- d-----w- c:\program files\Common Files\Corel
2009-11-13 07:46 . 2009-11-13 07:46 -------- d-----w- c:\program files\Corel
2009-11-13 07:40 . 2009-11-13 07:36 -------- d-----w- c:\documents and settings\Admin\Application Data\DAEMON Tools Lite
2009-11-13 07:39 . 2009-11-13 07:39 -------- d-----w- c:\documents and settings\Admin\Application Data\DAEMON Tools Pro
2009-11-13 07:39 . 2009-11-13 07:39 -------- d-----w- c:\documents and settings\Admin\Application Data\DAEMON Tools
2009-11-13 07:38 . 2009-11-13 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-11-13 07:38 . 2009-11-13 07:01 -------- d-----w- c:\program files\Daemon Tools Lite
2009-11-13 07:38 . 2009-11-13 06:46 -------- d-----w- c:\documents and settings\Admin\Application Data\Yandex
2009-11-13 07:38 . 2009-11-13 07:38 -------- d-----w- c:\program files\Yandex
2009-11-13 07:34 . 2009-11-13 06:55 -------- d-----w- c:\program files\TCWL
2009-11-13 07:30 . 2009-11-13 07:30 -------- d---a-w- c:\program files\AVZ
2009-11-13 07:29 . 2009-11-13 07:29 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-11-13 07:29 . 2009-11-13 07:29 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-11-13 07:29 . 2009-11-13 07:29 -------- d-----w- c:\documents and settings\Admin\Application Data\TuneUp Software
2009-11-13 07:29 . 2009-11-13 07:29 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-11-13 07:29 . 2009-11-13 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-11-13 07:29 . 2009-11-13 07:29 -------- d-----w- c:\program files\Skype
2009-11-13 07:29 . 2009-11-13 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-11-13 07:28 . 2009-11-13 07:28 -------- d---a-w- c:\program files\FoxitReader
2009-11-13 07:28 . 2009-11-13 07:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-13 07:28 . 2009-11-13 07:28 -------- d-----w- c:\program files\Classic Menu for Office
2009-11-13 07:28 . 2009-11-13 07:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-13 07:16 . 2009-11-13 07:16 -------- d-----w- c:\program files\Microsoft Works
2009-11-13 07:15 . 2009-11-13 07:15 -------- d-----w- c:\program files\Microsoft.NET
2009-11-13 07:13 . 2009-11-13 07:13 -------- d-----w- c:\documents and settings\Admin\Application Data\NetSpeakerphone
2009-11-13 07:13 . 2008-04-15 12:00 84082 ----a-w- c:\windows\system32\perfc019.dat
2009-11-13 07:13 . 2008-04-15 12:00 484362 ----a-w- c:\windows\system32\perfh019.dat
2009-11-13 07:07 . 2009-11-13 07:07 -------- d-----w- c:\program files\AIMP2
2009-11-13 07:07 . 2009-11-13 07:07 -------- d-----w- c:\program files\Voxware Audio decoder
2009-11-13 07:07 . 2009-11-13 07:06 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-13 07:06 . 2009-11-13 07:04 -------- d---a-w- c:\program files\PhotoshopCS4
2009-11-13 07:02 . 2009-11-13 07:02 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-11-13 07:02 . 2009-11-13 07:02 -------- d-----w- c:\program files\UltraISO
2009-11-13 07:01 . 2009-11-13 07:01 -------- d---a-w- c:\program files\Common Files\Nero
2009-11-13 07:01 . 2009-11-13 07:01 -------- d-----w- c:\program files\Nero
2009-11-13 07:00 . 2009-11-13 07:00 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
2009-11-13 07:00 . 2009-11-13 07:00 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-11-13 07:00 . 2009-11-13 07:00 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-11-13 07:00 . 2009-11-13 07:00 134272 ----a-w- c:\windows\system32\drivers\snman380.sys
2009-11-13 06:59 . 2009-11-13 06:59 -------- d-----w- c:\program files\Common Files\Acronis
2009-11-13 06:59 . 2009-11-13 06:59 -------- d-----w- c:\program files\Acronis
2009-11-13 06:50 . 2009-11-13 06:50 47616 ----a-w- c:\windows\system32\drivers\ZFMSYS.sys
2009-11-13 06:50 . 2009-11-13 06:49 -------- d-----w- c:\program files\Zillya Antivirus
2009-11-13 06:49 . 2009-11-13 06:49 -------- d-----w- c:\documents and settings\Admin\Application Data\Zillya Antivirus
2009-11-13 06:49 . 2009-11-13 06:48 -------- d-----w- c:\program files\EPSON
2009-11-13 06:49 . 2009-11-13 06:49 -------- d-----w- c:\program files\Common Files\EPSON
2009-11-13 06:40 . 2009-11-13 06:40 65800 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-13 06:39 . 2009-11-13 06:39 -------- d-----w- c:\program files\MSBuild
2009-11-13 06:39 . 2009-11-13 06:39 -------- d-----w- c:\program files\Reference Assemblies
2009-11-13 06:32 . 2009-11-13 06:32 -------- d-----w- c:\program files\microsoft frontpage
2009-11-13 06:31 . 2009-11-13 06:30 -------- d-----w- c:\program files\SystemProgs
2009-11-13 06:31 . 2009-11-13 06:31 -------- d-----w- c:\program files\TaskBaric
2009-11-13 06:31 . 2009-11-13 06:31 -------- d---a-w- c:\program files\Paint.NET
2009-11-13 06:31 . 2009-11-13 06:31 -------- d-----w- c:\program files\VistaDriveIcon
2009-11-13 06:31 . 2009-11-13 06:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-13 06:31 . 2009-11-13 06:31 -------- d-----w- c:\program files\Total Com
2009-11-13 06:31 . 2009-11-13 06:31 -------- d-----w- c:\program files\Neo Utilities
2009-11-13 06:24 . 2009-11-13 06:24 22564 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-13 06:24 . 2009-11-13 06:23 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-23 08:56 . 2009-11-13 06:48 64000 ----a-w- c:\windows\system32\ECBTEG.DLL
.

------- Sigcheck -------

[-] 2008-12-13 . EC936BB945F789C0B4DAE06397334430 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-04-30 . F44B444A2FAB211D2D9676FC924DB61A . 653312 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2009-06-06 . 6ADCC4C752E8409A683D3C415D3B70B9 . 2330368 . . [5.1.2600.5755] . . c:\windows\system32\ntoskrnl.exe

[-] 2008-11-19 . 7648BE418C5E61680DAB375567542481 . 650752 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2009-04-30 . 831710A866483D4BE0ACAFDB85EDC9D0 . 970752 . . [8.00.6001.18702] . . c:\windows\system32\wininet.dll

[-] 2009-04-30 . B27A8C30A9B7BBD0B409ACA96BCFFA23 . 1926144 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2009-05-05 . 2BCEA1CEDE531253B3D6CC1A57A560DE . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2009-04-30 . E880528ACB65C5E05EE7CF83B08464EA . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2009-04-30 . 7AB8BB160C1EC59E14C709216BE53A34 . 2207360 . . [5.1.2600.5755] . . c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2009-07-24 5586208]

[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "c:\program files\Yandex\YandexBarIE\yndbar.dll" [2009-07-24 5586208]

[HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="c:\program files\SystemProgs\UberIcon\UberIconManager.exe" [2007-08-17 159744]
"VistaIcon"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2008-03-23 132096]
"Zillya Antivirus"="c:\program files\Zillya Antivirus\zillya.exe" [2009-08-27 3486968]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PuntoSwitcher"="c:\program files\SystemProgs\PuntoSwitcher\punto.exe" [2009-05-09 830248]
"TaskSwitchXP"="c:\program files\SystemProgs\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]
"VisualTaskTips"="c:\program files\SystemProgs\VisualTaskTips\VisualTaskTips.exe" [2008-06-23 65536]
"UberIcon"="c:\program files\SystemProgs\UberIcon\UberIconManager.exe" [2007-08-17 159744]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-12-17 4390712]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-12-18 962160]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-12-18 165144]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2007-04-16 577536]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-14 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2007-04-25 176128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-04-30 37376]
"VistaIcon"="c:\program files\VistaDriveIcon\VistaDrv.exe" [2008-03-23 132096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IE8_01"="shell32" [X]
"ZZZZ2_FirstLogonSetting"="advpack.dll" - c:\windows\system32\advpack.dll [2009-04-30 128512]
"IE8_02"="advpack.dll" - c:\windows\system32\advpack.dll [2009-04-30 128512]

c:\documents and settings\Admin\ѓ«*ў*®Ґ ¬Ґ*о\Џа®Ја*¬¬л\Ђўв®§*Јаг§Є*\
Net Speakerphone.lnk - c:\program files\Net Speakerphone 4\NetSph.exe [2009-11-13 926720]

c:\documents and settings\All Users\ѓ«*ў*®Ґ ¬Ґ*о\Џа®Ја*¬¬л\Ђўв®§*Јаг§Є*\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2009-11-13 135680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"UpdatesOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [13.11.2009 10:00 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [13.11.2009 10:00 971552]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [13.11.2009 12:12 21144]
R0 zfmsys;zfmsys;c:\windows\system32\drivers\ZFMSYS.sys [13.11.2009 9:50 47616]
R1 anftdird.sys;anftdird.sys;c:\windows\system32\drivers\anftdird.sys [13.11.2009 9:50 8448]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.11.2009 9:57 15872]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [13.11.2009 10:29 603904]
R2 ZillyaService;Zillya Core Service;c:\program files\Zillya Antivirus\avservice.exe [13.11.2009 9:50 124152]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*NewlyCreated* - SECDRV
*NewlyCreated* - SRSERVICE
*Deregistered* - mbr
*Deregistered* - PROCEXP113

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-11-13 c:\windows\Tasks\Быстрое решение проблем.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lonerd.dreamprogs.net
mStart Page = hxxp://lonerd.dreamprogs.net
TCP: {95E8E990-DCFD-4C40-9B3F-4CDE843E4C94} = 82.207.69.34
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("startup.homepage_welcome_url","about:blank");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.startup.page", 3);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("extensions.piclens.ShowWelcomeOnUpdate", "false");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("extensions.lastAppVersion", "3.0");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("extensions.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.safebrowsing.malware.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("extensions.update.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("xpinstall.whitelist.required", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("security.warn_entering_secure", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("security.warn_entering_weak", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("security.warn_leaving_secure", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("security.warn_submit_insecure", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("security.warn_viewing_mixed", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-ITBar7Position - (no file)
HKCU-Run-VisualTaskTips - c:\program files\System Progs\VisualTaskTips\VisualTaskTips.exe
HKU-Default-Run-VisualTaskTips - c:\program files\System Progs\VisualTaskTips\VisualTaskTips.exe
HKU-Default-Run-UberIcon - c:\program files\System Progs\UberIcon\UberIcon Manager.exe
AddRemove-CDClose - c:\windows\system32\ShellExt\CDClosedel.bat
AddRemove-HashTab - c:\windows\system32\ShellExt\htdel32.bat



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-13 11:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys xfilt.sys atapi.sys spqn.sys hal.dll >>UNKNOWN [0x843CD938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF731CB40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF731CB40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF731CB40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF731CB40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF731CB40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF731CB40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(924)
c:\windows\system32\SETUPAPI.dll
.
Completion time: 2009-11-13 11:57
ComboFix-quarantined-files.txt 2009-11-13 08:57

Pre-Run: 1*064*591*360 байт свободно
Post-Run: 1*064*165*376 байт свободно

- - End Of File - - 6201C57E18264B1D3C6B7D8A1A81B4E2

[thyrex]

А это для кого было???

Цитата thyrex:

reddenya, выполните правила Сделайте лог полного сканирования MBAM »