Re: Re: Invader riskware explorer.exe

30 мая, 2009 в 8:10 пп #24131

Participant

Темы:1
Сообщений:8

☆

Здравствуйте, спасибо за отклик. Прикладываю лог выполненных действий:

ComboFix 09-05-30.03 — Администратор 30.05.2009 23:39.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2047.1310 [GMT 4:00]
Running from: c:documents and settingsАдминистраторРабочий столComboFix.exe
Command switches used :: c:documents and settingsАдминистраторРабочий столCFScript
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:docume~1АДМИНИ~1LOCALS~1Tempswt-gdip-win32-3448.dll
c:docume~1АДМИНИ~1LOCALS~1Tempswt-win32-3448.dll
c:documents and settingsАдминистраторLocal SettingsTempswt-gdip-win32-3448.dll
c:documents and settingsАдминистраторLocal SettingsTempswt-win32-3448.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

Legacy_ALSYSIO

Service_ALSysIO

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-30 )))))))))))))))))))))))))))))))
.

2009-05-30 05:39 . 2009-05-30 18:37

w c:program filesTrojan Remover
2009-05-30 05:39 . 2009-05-30 05:39

w c:documents and settingsAll UsersApplication DataSimply Super Software
2009-05-29 18:14 . 2009-05-29 18:14

w c:documents and settingsLocalServiceРабочий стол
2009-05-29 18:01 . 2009-05-30 18:39

w c:program filesLavasoft
2009-05-29 18:01 . 2009-05-30 18:38

w c:documents and settingsAll UsersApplication DataLavasoft
2009-05-28 17:07 . 2009-05-28 17:07

w c:program filesPivim Multibar
2009-05-26 20:10 . 2009-05-30 19:48 195248 —-a-w c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2009-05-26 20:09 . 2009-05-26 20:09

w c:documents and settingsAll UsersApplication DataOffice Genuine Advantage
2009-05-26 19:37 . 2009-05-26 19:37

w C:f4329c6b5c8e70f6a49245de07
2009-05-26 19:37 . 2009-05-26 19:59

w c:windowsSxsCaPendDel
2009-05-26 19:26 . 2009-02-06 10:10 227840

w c:windowssystem32dllcachewmiprvse.exe
2009-05-26 19:26 . 2009-03-06 14:23 284672

w c:windowssystem32dllcachepdh.dll
2009-05-26 19:26 . 2009-02-09 11:26 2190848

w c:windowssystem32dllcachentoskrnl.exe
2009-05-26 19:26 . 2009-02-09 11:25 111104

w c:windowssystem32dllcacheservices.exe
2009-05-26 19:26 . 2009-02-09 10:54 731136

w c:windowssystem32dllcachelsasrv.dll
2009-05-26 19:26 . 2009-02-09 10:54 687616

w c:windowssystem32dllcacheadvapi32.dll
2009-05-26 19:26 . 2009-02-09 10:54 401408

w c:windowssystem32dllcacherpcss.dll
2009-05-26 19:26 . 2009-02-09 10:54 718848

w c:windowssystem32dllcachentdll.dll
2009-05-26 19:26 . 2009-02-09 10:54 473600

w c:windowssystem32dllcachefastprox.dll
2009-05-26 19:26 . 2009-02-09 10:54 453120

w c:windowssystem32dllcachewmiprvsd.dll
2009-05-26 19:26 . 2009-02-09 11:26 2025984

w c:windowssystem32dllcachentkrpamp.exe
2009-05-26 19:26 . 2009-02-09 11:25 2147328

w c:windowssystem32dllcachentkrnlmp.exe
2009-05-26 19:25 . 2008-04-21 21:15 218624

w c:windowssystem32dllcachewordpad.exe
2009-05-26 19:24 . 2008-12-11 10:57 333952

w c:windowssystem32dllcachesrv.sys
2009-05-26 19:23 . 2008-10-24 11:21 455296

w c:windowssystem32dllcachemrxsmb.sys
2009-05-26 19:23 . 2008-09-04 17:17 1106944

w c:windowssystem32dllcachemsxml3.dll
2009-05-26 19:23 . 2008-10-15 16:37 337408

w c:windowssystem32dllcachenetapi32.dll
2009-05-26 19:23 . 2008-05-01 14:37 331776

w c:windowssystem32dllcachemsadce.dll
2009-05-26 19:21 . 2008-04-11 19:06 691712

w c:windowssystem32dllcacheinetcomm.dll
2009-05-26 19:20 . 2008-06-14 17:35 272512

w c:windowssystem32dllcachebthport.sys
2009-05-26 19:20 . 2008-05-08 14:02 203136

w c:windowssystem32dllcachermcast.sys
2009-05-26 06:53 . 2009-05-26 06:53

w c:documents and settingsАдминистраторApplication DataExplorer
2009-05-26 06:47 . 2008-04-14 16:10 19504 —-a-w c:windowssystem32java32w.dll
2009-05-25 07:50 . 2009-05-25 07:50

d-sh—w c:windowssystem32configsystemprofileIETldCache
2009-05-16 18:40 . 2009-05-16 18:40 0 —-a-w c:windowsnsreg.dat
2009-05-16 18:40 . 2009-05-16 18:40

w c:documents and settingsАдминистраторLocal SettingsApplication DataMozilla
2009-05-10 06:10 . 2007-10-09 10:41 313856 —-a-w c:windowssystem32driversADIHdAud.sys
2009-05-10 06:10 . 2007-06-19 09:07 103424 —-a-w c:windowssystem32driversaeaudio.sys
2009-05-10 06:10 . 2007-03-27 06:36 28160 —-a-w c:windowssystem32PostProc.dll
2009-05-10 06:10 . 2006-03-17 14:18 392960 —-a-w c:windowssystem32driverssenfilt.sys
2009-05-10 06:10 . 2001-09-19 09:47 765952 —-a-w c:windowssystemcrlds3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-30 19:58 . 2007-09-30 10:32

w c:documents and settingsАдминистраторApplication DataAzureus
2009-05-30 19:51 . 2008-05-24 11:40 1731104 —sha-w c:windowssystem32driversfidbox2.dat
2009-05-30 19:49 . 2008-05-24 11:40 64872224 —sha-w c:windowssystem32driversfidbox.dat
2009-05-30 19:49 . 2007-10-06 21:58

w c:program filesSpeedFan
2009-05-30 19:49 . 2007-09-30 05:59 16 —-a-w c:windowssystem32magicpvt.dat
2009-05-30 19:49 . 2008-12-18 18:14 32 —-a-w c:windowssystem32driver.dat
2009-05-30 19:48 . 2008-05-24 11:40 869732 —sha-w c:windowssystem32driversfidbox.idx
2009-05-30 19:48 . 2008-05-24 11:40 163244 —sha-w c:windowssystem32driversfidbox2.idx
2009-05-30 14:34 . 2007-10-09 17:04

w c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-05-30 14:31 . 2004-08-03 15:14 361600 —-a-w c:windowssystem32driverstcpip.sys
2009-05-30 06:16 . 2009-03-22 17:38

d—a-w c:documents and settingsAll UsersApplication DataTemp
2009-05-29 17:41 . 2007-10-06 10:46

w c:program filesICQToolbar
2009-05-27 03:02 . 2001-10-20 09:00 85140 —-a-w c:windowssystem32perfc019.dat
2009-05-27 03:02 . 2001-10-20 09:00 487750 —-a-w c:windowssystem32perfh019.dat
2009-05-26 20:09 . 2007-09-30 05:25 70792 —-a-w c:documents and settingsАдминистраторLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-05-23 05:10 . 2008-02-06 18:17

w c:documents and settingsАдминистраторApplication DataSkype
2009-05-23 05:03 . 2008-02-06 18:19

w c:documents and settingsАдминистраторApplication DataskypePM
2009-05-20 14:25 . 2008-05-24 11:41 94643 —-a-w c:windowssystem32driversklick.dat
2009-05-20 14:25 . 2008-05-24 11:41 105395 —-a-w c:windowssystem32driversklin.dat
2009-05-10 06:18 . 2007-09-30 06:21

w c:program filesAnalog Devices
2009-05-09 17:20 . 2009-03-22 17:44

w c:documents and settingsАдминистраторApplication DataCyberLink
2009-04-25 05:11 . 2009-04-25 05:11

w c:program filesCommon FilesPCSuite
2009-04-25 05:11 . 2008-11-16 11:51

w c:program filesCommon FilesNokia
2009-04-25 05:11 . 2007-12-22 20:33

w c:program filesNokia
2009-04-25 05:05 . 2009-04-25 05:05

w c:program filesPC Connectivity Solution
2009-04-25 05:00 . 2009-04-25 05:00 8192 —-a-w c:documents and settingsAll UsersApplication DataInstallations{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}InstallerCommonCustomActionsUninstCCD.exe
2009-04-25 05:00 . 2009-04-25 05:00 61440 —-a-w c:documents and settingsAll UsersApplication DataInstallations{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}InstallerCommonCustomActionsUninstPCSFEMsi.exe
2009-04-25 05:00 . 2009-04-25 05:00 10240 —-a-w c:documents and settingsAll UsersApplication DataInstallations{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}InstallerCommonCustomActionsUninstPCS.exe
2009-04-25 05:00 . 2007-12-22 20:32

w c:documents and settingsAll UsersApplication DataInstallations
2009-04-25 04:59 . 2009-04-25 05:02 34472008 —-a-w c:documents and settingsAll UsersApplication DataInstallations{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}Nokia_PC_Suite_7_1_26_0_rus.exe
2009-04-17 16:52 . 2009-04-17 16:52 850351 —-a-w c:windowsFreelander 2 — Slide Show.scr
2009-04-17 16:52 . 2009-04-17 16:52 65536 —-a-w c:windowsNCLAUNCH.EXe
2009-04-17 16:52 . 2009-04-17 16:52 45056 —-a-w c:windowsNCUNINST.EXe
2009-04-11 04:59 . 2007-09-30 10:24

w c:program filesAzureus
2009-03-22 17:37 . 2009-03-22 17:39 29480 —-a-w c:windowssystem32msxml3a.dll
2009-03-22 17:37 . 2009-03-22 17:38 53319 —-a-w c:documents and settingsAll UsersApplication DataTemp{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}PostBuild.exe
2009-03-22 05:16 . 2009-01-20 18:35 10684866 —-a-w c:documents and settingsАдминистраторApplication DataAzureuspluginsazumpmplayer.exe
2009-03-21 07:18 . 2009-03-21 07:18 56 —ha-w c:windowssystem32ezsidmv.dat
2009-03-08 01:34 . 2004-08-17 08:04 914944 —-a-w c:windowssystem32wininet.dll
2009-03-08 01:34 . 2004-08-17 08:04 43008 —-a-w c:windowssystem32licmgr10.dll
2009-03-08 01:33 . 2004-08-17 08:04 18944 —-a-w c:windowssystem32corpol.dll
2009-03-08 01:33 . 2004-08-17 08:04 420352 —-a-w c:windowssystem32vbscript.dll
2009-03-08 01:32 . 2004-08-17 08:04 72704 —-a-w c:windowssystem32admparse.dll
2009-03-08 01:32 . 2004-08-17 08:04 71680 —-a-w c:windowssystem32iesetup.dll
2009-03-08 01:31 . 2004-08-17 08:04 34816 —-a-w c:windowssystem32imgutil.dll
2009-03-08 01:31 . 2004-08-17 08:02 48128 —-a-w c:windowssystem32mshtmler.dll
2009-03-08 01:31 . 2004-08-17 08:04 45568 —-a-w c:windowssystem32mshta.exe
2009-03-08 01:22 . 2001-10-20 09:00 156160 —-a-w c:windowssystem32msls31.dll
2009-03-06 14:23 . 2004-08-17 08:04 284672 —-a-w c:windowssystem32pdh.dll
.

Sigcheck

[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:windows$hf_mig$KB917953SP2QFEtcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:windows$hf_mig$KB941644SP2QFEtcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:windows$hf_mig$KB951748SP3QFEtcpip.sys
[-] 2008-05-18 19:20 360064 482AB7F9CD41702E8F856C11CFEFB02D c:windows$NtServicePackUninstall$tcpip.sys
[7] 2004-08-03 15:14 359040 9F4B36614A0FC234525BA224957DE55C c:windows$NtUninstallKB917953$tcpip.sys
[-] 2008-01-22 17:51 359808 DE891AD282E856ACFD40990094A63B6F c:windows$NtUninstallKB941644$tcpip.sys
[-] 2009-03-22 18:51 361344 030DC4D48CC2B894FEE2F390D8E66AD5 c:windows$NtUninstallKB951748$tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:windowsServicePackFilesi386TCPIP.SYS
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:windowsSoftwareDistributionDownload8811f08beda44a8d3c249b9d00773202sp3gdrtcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:windowsSoftwareDistributionDownload8811f08beda44a8d3c249b9d00773202sp3qfetcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:windowssystem32dllcachetcpip.sys
[-] 2009-05-30 14:31 361600 A29E1209F925A0E9B330E11DA5FC7BAB c:windowssystem32driverstcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-05-28_17.32.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 04:05 . 2008-07-29 04:05 62976 c:windowsWinSxSx86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03mfc90rus.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 46080 c:windowsWinSxSx86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03mfc90kor.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 46592 c:windowsWinSxSx86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03mfc90jpn.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 64512 c:windowsWinSxSx86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03mfc90ita.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 66048 c:windowsWinSxSx86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03mfc90fra.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 65024 c:windowsWinSxSx86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03mfc90esp.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 65024 c:windowsWinSxSx86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03mfc90esn.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 56832 c:windowsWinSxSx86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03mfc90enu.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 66560 c:windowsWinSxSx86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03mfc90deu.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 39936 c:windowsWinSxSx86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03mfc90cht.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 38912 c:windowsWinSxSx86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03mfc90chs.dll
+ 2008-07-29 02:07 . 2008-07-29 02:07 59904 c:windowsWinSxSx86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943mfcm90u.dll
+ 2008-07-29 02:07 . 2008-07-29 02:07 59904 c:windowsWinSxSx86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943mfcm90.dll
+ 2008-07-29 02:07 . 2008-07-29 02:07 80896 c:windowsWinSxSx86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24mfcm90ud.dll
+ 2008-07-29 02:07 . 2008-07-29 02:07 80896 c:windowsWinSxSx86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24mfcm90d.dll
+ 2007-10-09 17:09 . 2009-05-30 05:28 32768 c:windowssystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5index.dat
— 2007-10-09 17:09 . 2009-05-28 08:02 32768 c:windowssystem32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5index.dat
+ 2007-10-09 17:09 . 2009-05-30 05:28 32768 c:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
— 2007-10-09 17:09 . 2009-05-28 08:02 32768 c:windowssystem32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
— 2007-10-09 17:09 . 2009-05-28 08:02 16384 c:windowssystem32configsystemprofileCookiesindex.dat
+ 2007-10-09 17:09 . 2009-05-30 05:28 16384 c:windowssystem32configsystemprofileCookiesindex.dat
+ 2008-07-29 04:05 . 2008-07-29 04:05 875520 c:windowsWinSxSx86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71fmsvcp90d.dll
+ 2008-07-28 23:54 . 2008-07-28 23:54 312832 c:windowsWinSxSx86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71fmsvcm90d.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 655872 c:windowsWinSxSx86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963emsvcr90.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 572928 c:windowsWinSxSx86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963emsvcp90.dll
+ 2008-07-28 23:54 . 2008-07-28 23:54 225280 c:windowsWinSxSx86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963emsvcm90.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 161784 c:windowsWinSxSx86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2atl90.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 3783672 c:windowsWinSxSx86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943mfc90u.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 3768312 c:windowsWinSxSx86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943mfc90.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 5982720 c:windowsWinSxSx86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24mfc90ud.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 5937144 c:windowsWinSxSx86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24mfc90d.dll
+ 2008-07-29 04:05 . 2008-07-29 04:05 1180672 c:windowsWinSxSx86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71fmsvcr90d.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 15:40 333192 —-a-w c:program filesAskBarDisbarbinaskBar.dll

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32ctfmon.exe» [2008-04-14 15360]
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=»c:program filesCommon FilesNeroLibNMBgMonitor.exe» [2007-08-03 202024]
«H/PC Connection Agent»=»c:program filesMicrosoft ActiveSyncwcescomm.exe» [2006-11-13 1289000]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2008-09-17 68856]
«AlcoholAutomount»=»c:program filesAlcohol SoftAlcohol 120axcmd.exe» [2008-03-20 217544]
«RGSC»=»c:program filesRockstar GamesRockstar Games Social ClubRGSCLauncher.exe» [2008-12-20 306088]
«NCLaunch»=»c:windowsNCLAUNCH.EXe» [2009-04-17 65536]
«PC Suite Tray»=»c:program filesNokiaNokia PC Suite 7PCSuite.exe» [2009-03-20 1312256]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«CnxDslTaskBar»=»c:program filesConexantAccessRunner ADSLCnxDslTb.exe» [2003-10-29 462848]
«NvCplDaemon»=»c:windowssystem32NvCpl.dll» [2008-10-07 13574144]
«MagicRotation»=»c:program filesMagicRotationMagicPvt.exe» [2005-11-21 1089536]
«JMB36X IDE Setup»=»c:windowsRaidToolxInsIDE.exe» [2007-03-20 36864]
«36X Raid Configurer»=»c:windowssystem32xRaidSetup.exe» [2007-03-21 1953792]
«Ai Nap»=»c:program filesASUSAi SuiteAiNapAiNap.exe» [2007-04-09 1423360]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2008-11-22 136600]
«MagicKey»=»c:progra~1MEDIAK~1MagicKey.exe» [2007-01-09 167936]
«NeroFilterCheck»=»c:program filesCommon FilesNeroLibNeroCheck.exe» [2007-03-01 153136]
«Adobe Reader Speed Launcher»=»c:program filesAdobeReader 8.0ReaderReader_sl.exe» [2007-05-10 40048]
«Symantec PIF AlertEng»=»c:program filesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe» [2007-03-12 517768]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2008-03-28 413696]
«iTunesHelper»=»c:program filesiTunesiTunesHelper.exe» [2008-03-30 267048]
«NvMediaCenter»=»c:windowssystem32NvMcTray.dll» [2008-10-07 86016]
«RemoteControl9″=»c:program filesCyberLinkPowerDVD9PDVD9Serv.exe» [2009-02-16 87336]
«PDVD9LanguageShortcut»=»c:program filesCyberLinkPowerDVD9LanguageLanguage.exe» [2008-10-13 50472]
«BDRegion»=»c:program filesCyberlinkShared Filesbrs.exe» [2009-02-28 75048]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2007-10-09 1036288]
«nwiz»=»nwiz.exe» — c:windowssystem32nwiz.exe [2008-10-07 1630208]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]

c:documents and settingsЂ¤¬ЁЁбва в®аѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
SpeedFan.lnk — c:program filesSpeedFanspeedfan.exe [2007-9-17 2902528]

c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
ASUS WiFi-AP Solo.lnk — c:program filesASUS WiFi-AP SoloRtWLan.exe [2008-6-11 987136]
Azureus Vuze.lnk — c:program filesAzureusAzureus.exe [2007-9-30 199616]
Color Calibration.lnk — c:program filesSECMagicTune3.6GammaTray.exe [2007-9-30 36864]
MagicTune 3.6.lnk — c:program filesSECMagicTune3.6MagicTuneTray.exe [2007-9-30 45056]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
«DisableMonitoring»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Azureus\Azureus.exe»=
«c:\Program Files\Messenger\msmsgs.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe»=
«c:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«c:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe»=
«c:program filesMicrosoft ActiveSyncrapimgr.exe»= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
«c:program filesMicrosoft ActiveSyncwcescomm.exe»= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
«c:program filesMicrosoft ActiveSyncWCESMgr.exe»= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\iTunes\iTunes.exe»=
«c:\Program Files\GSC World Publishing\С.Т.А.Л.К.Е.Р. — Чистое Небо\bin\xrEngine.exe»=
«c:\Program Files\GSC World Publishing\С.Т.А.Л.К.Е.Р. — Чистое Небо\bin\dedicated\xrEngine.exe»=
«c:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe»=
«c:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe»=
«c:\Program Files\Activision\Call of Duty — World at War\CoDWaW.exe»=
«c:\Program Files\Activision\Call of Duty — World at War\CoDWaWmp.exe»=
«c:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe»=
«c:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe»=
«c:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe»=
«c:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe»=
«c:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe»=
«c:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«26675:TCP»= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
«»=

R1 appdrv01;Application Driver (01);c:windowssystem32driversappdrv01.sys [06.09.2008 1:47 2915944]
R1 magicpvt;magicpvt;c:windowssystem32driversmagicpvt.sys [30.09.2007 9:59 9728]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/03/22 20:42];c:program filesCyberLinkPowerDVD9000.fcl [28.02.2009 20:40 87536]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:program filesABBYY FineReader 9.0NetworkLicenseServer.exe [02.11.2007 19:58 566560]
R2 ASKService;ASKService;c:program filesAskBarDisbarbinAskService.exe [23.03.2009 21:09 464264]
R2 ASKUpgrade;ASKUpgrade;c:program filesAskBarDisbarbinASKUpgrade.exe [23.03.2009 21:09 234888]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:windowssystem32driversCnxEtP.sys [30.09.2007 8:37 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:windowssystem32driversCnxEtU.sys [30.09.2007 8:37 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:windowssystem32driversCnxTgN.sys [30.09.2007 8:37 108675]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [13.12.2007 13:28 24592]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:windowssystem32driversRTL8187.sys [11.06.2008 21:01 176128]
R3 SjyPkt;SjyPkt;c:windowssystem32driversSjyPkt.sys [11.06.2008 21:01 13532]
S2 Планировщик автоматического запуска LiveUpdate;Планировщик автоматического запуска LiveUpdate; [x]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:windowsSystem32appdrvrem01.exe svc —> c:windowsSystem32appdrvrem01.exe svc [?]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
«c:windowssystem32rundll32.exe» «c:windowssystem32iedkcs32.dll»,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder

2009-05-27 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2007-08-29 13:57]

2009-05-30 c:windowsTasksUser_Feed_Synchronization-{EF8C4079-FA2B-4F41-9309-B856A348FB7B}.job
— c:windowssystem32msfeedssync.exe [2006-10-17 01:31]
.
.

Supplementary Scan

.
uStart Page = about:blank
uInternet Settings,ProxyServer = 152.3.138.2:3127
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~3Office12EXCEL.EXE/3000
TCP: {CDA567A6-D702-49EF-90B2-8D2A3329AE96} = 195.34.32.116 212.188.4.10
FF — ProfilePath — c:documents and settingsАдминистраторApplication DataMozillaFirefoxProfilestp9xiy2w.default
FF — component: c:program filesNokiaNokia PC Suite 7bkmrksynccomponentsBkMrkExt.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-30 23:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_USERSS-1-5-21-583907252-515967899-839522115-500SoftwareMicrosoftInternet ExplorerUser Preferences]
@Denied: (2) (Administrator)
«88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977″=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,ba,35,2d,b9,53,6c,46,b1,cd,f4,
«2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81″=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,ba,35,2d,b9,53,6c,46,b1,cd,f4,
.

DLLs Loaded Under Running Processes

— — — — — — — > ‘winlogon.exe'(1424)
c:program filesKaspersky LabKaspersky Anti-Virus 7.0miscr3.dll
c:windowssystem32klogon.dll

— — — — — — — > ‘lsass.exe'(1480)
c:program filesKaspersky LabKaspersky Anti-Virus 7.0dnsq.dll
c:program filesKaspersky LabKaspersky Anti-Virus 7.0miscr3.dll
c:program filesKaspersky LabKaspersky Anti-Virus 7.0fssync.dll

— — — — — — — > ‘explorer.exe'(5628)
c:program filesKaspersky LabKaspersky Anti-Virus 7.0miscr3.dll
c:program filesKaspersky LabKaspersky Anti-Virus 7.0fssync.dll
c:program filesKaspersky LabKaspersky Anti-Virus 7.0scrchpg.dll
c:windowssystem32msi.dll
c:windowssystem32ieframe.dll
c:windowssystem32WPDShServiceObj.dll
c:program filesNokiaNokia PC Suite 7PhoneBrowser.dll
c:program filesNokiaNokia PC Suite 7NGSCM.DLL
c:program filesNokiaNokia PC Suite 7LangPhoneBrowser_rus.nlr
c:program filesNokiaNokia PC Suite 7ResourcePhoneBrowser_Nokia.ngr
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.

Other Running Processes

.
c:windowssystem32WgaTray.exe
c:program filesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
c:windowssystem32rundll32.exe
c:program filesKaspersky LabKaspersky Anti-Virus 7.0avp.exe
c:program filesBonjourmDNSResponder.exe
c:progra~1MICROS~2rapimgr.exe
c:program filesJavajre6binjqs.exe
c:windowssystem32nvsvc32.exe
c:windowssystem32PnkBstrA.exe
c:program filesCommon FilesNeroLibNMIndexingService.exe
c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe
c:program filesiPodbiniPodService.exe
c:program filesPC Connectivity SolutionServiceLayer.exe
c:windowssystem32wbemwmiapsrv.exe
c:windowssystem32wscntfy.exe
c:program filesPC Connectivity SolutionTransportsNclUSBSrv.exe
c:program filesPC Connectivity SolutionTransportsNclRSSrv.exe
c:windowsMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2009-05-30 0:03 — machine was rebooted
ComboFix-quarantined-files.txt 2009-05-30 20:03
ComboFix2.txt 2009-05-28 17:34

Pre-Run: 73 173 553 152 байт свободно
Post-Run: 73 193 652 224 байт свободно

355

Re: Re: Invader riskware explorer.exe

Добро пожаловать

Поиск

Важные инструкции

Нет доступа в интернет после удаления вируса — Как восстановить

Как запустить компьютер в безопасном режиме (Safe Mode)

Убрать рекламу в браузере (Chrome, Firefox, Opera, Yandex)

Как удалить рекламный вирус в браузере (Chrome, Opera, Firefox, Internet Explorer, Edge)

Удалить всплывающие окна, рекламу, уведомления в Chrome

СПАЙВАРЕ РУ

Нужна помощь?

Ссылки