здравствуйте! обращаюсь к вам из старой темы, т.к. здесь все логи.
После очистки компьютера программой combofix все стало работать отлично (лог combofix выше).
Но вчера авира начала выдавать кучу предупреждений и при сканировании нашла 6 файлов (2 из них кейгены к прогам). очистка авирой ничего не дала. Также просканировала прогой iobit security 360, та нашла кучу кукиз трекеров и все удалила. Но к сожалению предупреждения о вирусах так и появлялись. Я не знаю, то ли это что-то новое, то-ли после перыдущей очистки остались какие-то вредоносные файлы.
Сегодня снова скачала combofix и провела чистку с ее помощью. вроде все тихо. Вот выкладываю последний лог. Посмотрите пожалуйста, нужны ли какие-то дополнительные меры по лечению?… Спасибо!
ComboFix 10-05-25.02 — Sve 05/26/2010 8:49.2.2 — x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.359 [GMT 3:00]
Running from: c:documents and settingsSveDesktopComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:docume~1SveLOCALS~1Tempsvchost.exe
c:windowsRbidya.exe
c:windowsTasks{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job.
((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 )))))))))))))))))))))))))))))))
.2010-05-26 05:27 . 2010-05-25 12:02 75264 —-a-w- c:windowssystem32f36decbb.exe
2010-05-25 21:13 . 2010-05-25 12:02 75264 —-a-w- c:windowssystem32Spoolprtprocsw32x86M7g31a.dll
2010-05-25 12:02 . 2010-05-25 12:02 75264 —-a-w- c:windowssystem32Spoolprtprocsw32x86IQG55.dll
2010-05-25 12:02 . 2010-05-25 12:02 75264 —-a-w- c:windowssystem325dce9825.exe
2010-05-24 10:19 . 2010-05-24 10:19
d
w- c:documents and settingsAll UsersApplication DataParetoLogic
2010-05-24 10:19 . 2010-05-24 10:19
d
w- c:program filesCommon FilesParetoLogic
2010-05-24 10:19 . 2010-05-24 10:19
d
w- c:documents and settingsAll UsersApplication DataFileCure
2010-05-24 10:19 . 2010-05-24 10:19
d
w- c:program filesParetoLogic
2010-05-23 17:34 . 2010-05-24 21:14
d
w- c:documents and settingsopenLocal SettingsApplication Dataradikal
2010-05-23 16:23 . 2010-05-23 16:23
d
w- c:documents and settingsopenLocal SettingsApplication DataApple Computer
2010-05-23 10:49 . 2010-05-23 10:49 146920 —-a-w- c:documents and settingsopenLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-05-22 11:54 . 2010-05-24 21:03
d
w- c:documents and settingsopenApplication DataskypePM
2010-05-22 11:51 . 2010-05-24 21:30
d
w- c:documents and settingsopenApplication DataSkype
2010-05-22 09:26 . 2010-05-22 09:26
d
w- c:documents and settingsopenLocal SettingsApplication DataGoogle
2010-05-21 17:31 . 2010-05-21 17:31
d
w- c:documents and settingsopenLocal SettingsApplication DataMozilla
2010-05-21 17:23 . 2010-05-24 10:13
d
w- c:documents and settingsopenApplication DataApple Computer
2010-05-21 17:22 . 2010-05-21 17:22
d-sh—w- c:documents and settingsopenIETldCache
2010-05-21 17:22 . 2010-05-21 17:22
d
w- c:documents and settingsopenApplication DataPC Suite
2010-05-09 17:38 . 2010-05-09 17:40
d
w- c:program filesiTunes
2010-05-09 17:27 . 2010-05-09 17:27
d
w- c:program filesBonjour
2010-05-09 17:24 . 2010-05-09 17:24 73000 —-a-w- c:documents and settingsAll UsersApplication DataApple ComputerInstaller CacheiTunes 9.1.1.12SetupAdmin.exe
2010-05-09 17:22 . 2010-05-09 17:23
d
w- c:program filesSafari
2010-05-09 17:21 . 2010-05-09 17:21 79144 —-a-w- c:documents and settingsAll UsersApplication DataApple ComputerInstaller CacheSafari 5.31.22.7SetupAdmin.exe
2010-05-06 08:39 . 2010-05-25 21:09
d
w- c:documents and settingsSveApplication DataSkype
2010-05-06 08:39 . 2010-05-06 08:39
d
w- c:program filesCommon FilesSkype
2010-05-06 08:39 . 2010-05-06 08:39
d
r- c:program filesSkype
2010-05-04 06:26 . 2010-05-04 06:26 4286 —-a-r- c:documents and settingsSveApplication DataMicrosoftInstaller{CBBA6597-973E-4C9E-93D7-C58C46FC0F8B}_6FEFF9B68218417F98F549.exe
2010-05-04 06:26 . 2010-05-04 06:26 1150 —-a-r- c:documents and settingsSveApplication DataMicrosoftInstaller{CBBA6597-973E-4C9E-93D7-C58C46FC0F8B}_E6A480C17EDF4297B06E7F.exe
2010-05-04 06:26 . 2010-05-04 06:26 10134 —-a-r- c:documents and settingsSveApplication DataMicrosoftInstaller{CBBA6597-973E-4C9E-93D7-C58C46FC0F8B}_3A9865F08BEDE34A367EC2.exe
2010-04-30 17:48 . 2010-04-30 17:48
d
w- c:program filesCombined Community Codec Pack.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-25 21:08 . 2009-06-03 09:28
d
w- c:documents and settingsSveApplication DataskypePM
2010-05-23 10:35 . 2009-09-20 20:48
d
w- c:documents and settingsSveApplication DatauTorrent
2010-05-22 09:08 . 2009-09-20 20:47
d
w- c:program filesuTorrent
2010-05-22 08:54 . 2010-03-06 23:38 309 —-a-w- c:documents and settingsSveApplication DataCCleanupcompind.bat
2010-05-11 16:20 . 2009-06-04 16:15 146920 -c—a-w- c:documents and settingsSveLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-05-11 16:09 . 2008-10-15 23:46
d
w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2010-05-11 15:59 . 2010-04-21 20:14
d
w- c:program filesPinnacle
2010-05-11 15:48 . 2010-04-21 20:08
d
w- c:documents and settingsAll UsersApplication DataPinnacle
2010-05-10 15:19 . 2009-12-18 07:44 75276 -c—-w- c:windowssystem32mlfcache.dat
2010-05-10 15:19 . 2009-12-17 18:06
d
w- c:documents and settingsSveApplication DataApple Computer
2010-05-09 17:39 . 2010-02-28 21:34
d
w- c:program filesiPod
2010-05-06 08:39 . 2009-06-03 09:27
d
w- c:documents and settingsAll UsersApplication DataSkype
2010-04-25 15:14 . 2010-04-21 23:04 50064 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2010-04-24 11:32 . 2010-04-24 11:31 664
w- c:windowssystem32d3d9caps.dat
2010-04-23 10:47 . 2010-04-23 10:46
d
w- c:documents and settingsAll UsersApplication Data{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-23 10:45 . 2010-04-23 10:44
d
w- c:program filesQuickTime
2010-04-23 10:44 . 2009-12-17 18:02
d
w- c:documents and settingsAll UsersApplication DataApple Computer
2010-04-23 10:44 . 2010-04-23 10:44
d
w- c:program filesApple Software Update
2010-04-23 08:56 . 2010-03-08 20:04 56816
w- c:windowssystem32driversavgntflt.sys
2010-04-22 20:16 . 2010-04-22 19:52
d
w- c:documents and settingsAll UsersApplication DataSmartSound Software Inc
2010-04-22 20:14 . 2008-10-15 22:58
d—h—w- c:program filesInstallShield Installation Information
2010-04-22 20:13 . 2008-10-15 22:58
d
w- c:program filesCommon FilesInstallShield
2010-04-22 20:04 . 2010-04-22 20:04 29926 —-a-r- c:documents and settingsSveApplication DataMicrosoftInstaller{CEF37035-C1BB-4174-8175-1E878435F61A}ARPPRODUCTICON.exe
2010-04-22 20:04 . 2010-04-22 20:04 29926 —-a-r- c:documents and settingsSveApplication DataMicrosoftInstaller{690D1794-6D7C-4A55-8371-17BAC69C66CE}ARPPRODUCTICON.exe
2010-04-22 19:52 . 2010-04-22 19:52
d
w- c:program filesSmartSound Software
2010-04-22 19:51 . 2010-04-22 19:51
d
w- c:documents and settingsAll UsersApplication DataQuickTime
2010-04-22 19:50 . 2010-04-22 19:49
d
w- c:program filesDivX
2010-04-22 19:49 . 2010-04-22 19:49
d
w- c:program filesAvid
2010-04-21 21:59 . 2010-04-21 21:59
d
w- c:documents and settingsSveApplication DataSony Creative Software
2010-04-21 20:41 . 2010-04-21 20:41
d
w- c:program filesCommon FilesPinnacle
2010-04-21 20:40 . 2010-04-21 20:40
d
w- c:documents and settingsAll UsersApplication DataPinnacle Studio Ultimate Collection
2010-04-21 19:17 . 2009-07-24 03:40
d
w- c:documents and settingsSveApplication DataSony
2010-04-21 19:05 . 2010-04-21 19:05
d
w- c:documents and settingsAll UsersApplication DataSony
2010-04-21 17:25 . 2010-04-21 17:25
d
w- c:documents and settingsAll UsersApplication DataPhotodex
2010-04-19 17:21 . 2009-07-24 03:42
d
w- c:program filesVSTplugins
2010-04-08 10:20 . 2010-04-08 10:20 91424
w- c:windowssystem32dnssd.dll
2010-04-08 10:20 . 2010-04-08 10:20 107808
w- c:windowssystem32dns-sd.exe
2010-04-04 19:50 . 2009-07-16 16:49
d
w- c:program filesICQ6.5
2010-03-28 20:53 . 2010-03-28 20:53
d
w- c:program filestrend micro
2010-03-28 16:37 . 2010-03-28 16:37 10 —-a-w- c:windowspopcinfo.dat
2010-03-20 21:47 . 2008-10-15 21:59 218624
w- c:windowssystem32uxtheme.dll
2010-03-12 12:20 . 2010-03-14 08:13 280440 —-a-w- c:documents and settingsSveApplication DataQipGuardsqlite3.dll
2010-03-12 12:20 . 2010-03-14 08:13 184272 —-a-w- c:documents and settingsSveApplication DataQipGuardQipGuard.exe
2010-03-12 12:20 . 2010-03-14 08:12 127440 —-a-w- c:documents and settingsSveApplication DataMozillaFirefoxProfiles3oniyzmm.defaultextensions{32a1fd71-835e-4b11-8e54-886fda0b4c89}componentsqippipe.dll
2010-03-12 12:20 . 2010-03-14 08:13 20944 —-a-w- c:documents and settingsSveApplication DataQipGuardchrome.dll
2010-03-10 06:15 . 2008-10-15 21:59 420352
w- c:windowssystem32vbscript.dll
2010-02-25 06:24 . 2008-10-15 21:59 916480
w- c:windowssystem32wininet.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2009-06-03 39408]
«PC Suite Tray»=»c:program filesNokiaNokia PC Suite 7PCSuite.exe» [2009-06-25 1414144][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«IgfxTray»=»c:windowssystem32igfxtray.exe» [2007-12-19 135168]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2007-12-19 159744]
«Persistence»=»c:windowssystem32igfxpers.exe» [2007-12-19 131072]
«RTHDCPL»=»RTHDCPL.EXE» [2008-05-08 16862208]
«MGSysCtrl»=»c:program filesSystem Control ManagerMGSysCtrl.exe» [2008-07-29 684032]
«ITSecMng»=»c:program filesTOSHIBABluetooth Toshiba StackItSecMng.exe» [2007-09-28 75136]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2008-10-25 31072]
«AdobeCS4ServiceManager»=»c:program filesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe» [2008-08-14 611712]
«IObit Security 360″=»c:program filesIObitIObit Security 360IS360tray.exe» [2009-12-24 1280272]
«avgnt»=»c:program filesAviraAntiVir Desktopavgnt.exe» [2009-03-02 209153]
«QuickTime Task»=»c:program filesQuickTimeQTTask.exe» [2010-03-17 421888]
«PinnacleDriverCheck»=»c:windowssystem32\PSDrvCheck.exe» [2004-03-10 406016]
«iTunesHelper»=»c:program filesiTunesiTunesHelper.exe» [2010-04-28 142120]c:documents and settingsAll UsersStart MenuProgramsStartup
Bluetooth Manager.lnk — c:program filesToshibaBluetooth Toshiba StackTosBtMng.exe [2008-2-22 2938184][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@=»Driver»[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001
«FirewallOverride»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)
«DisableNotifications»= 1 (0x1)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=
«c:\Program Files\uTorrent\utorrent.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\iTunes\iTunes.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\WINDOWS\system32\spoolsv.exe»=[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«5353:TCP»= 5353:TCP:Adobe CSI CS4R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:program filesAviraAntiVir Desktopsched.exe [3/8/2010 11:04 PM 108289]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:windowssystem32driversRTS5121.sys [10/16/2008 2:00 AM 156160]
S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [3/7/2010 6:56 PM 133104]
S2 IS360service;IS360service;c:program filesIObitIObit Security 360is360srv.exe [3/8/2010 3:38 PM 311568]
S2 Micro Star SCM;Micro Star SCM;c:program filesSystem Control ManagerMSIService.exe [10/16/2008 2:12 AM 159744]
S2 MSWU-5dce9825;MSWU-5dce9825;c:windowssystem325dce9825.exe [5/25/2010 3:02 PM 75264]
S2 MSWU-f36decbb;MSWU-f36decbb;c:windowssystem32f36decbb.exe [5/26/2010 8:27 AM 75264]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:windowssystem32driversnmwcdnsu.sys [7/12/2009 7:01 AM 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:windowssystem32driversnmwcdnsuc.sys [7/12/2009 7:01 AM 8320]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:windowssystem32driversrt2860.sys [10/16/2008 4:40 AM 625792]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [7/1/2009 8:59 PM 691696]
.
Contents of the ‘Scheduled Tasks’ folder2010-05-24 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2009-10-22 08:50]2010-05-24 c:windowsTasksFileCure Default.job
— c:program filesParetoLogicFileCureFileCure.exe [2010-03-28 19:47]2010-05-26 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2010-03-07 15:56]2010-05-25 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2010-03-07 15:56]2010-05-25 c:windowsTasksParetoLogic Update Version3.job
— c:program filesCommon FilesParetoLogicUUS3Pareto_Update3.exe [2009-08-04 18:19]2010-05-26 c:windowsTasksUser_Feed_Synchronization-{0C0802E1-F828-45F9-9F7A-3E0597A78443}.job
— c:windowssystem32msfeedssync.exe [2009-03-08 02:31]
.
.
Supplementary Scan
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = ;*.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Add to Google Photos Screensa&ver — c:windowssystem32GPhotos.scr/200
IE: E&xport to Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
FF — ProfilePath — c:documents and settingsSveApplication DataMozillaFirefoxProfiles3oniyzmm.default
FF — prefs.js: browser.search.selectedEngine — Google
FF — prefs.js: browser.startup.homepage — hxxp://ru.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:ru:official
FF — prefs.js: keyword.URL — hxxp://search.qip.ru/search?from=FF&query=
FF — component: c:documents and settingsSveApplication DataMozillaFirefoxProfiles3oniyzmm.defaultextensions{32a1fd71-835e-4b11-8e54-886fda0b4c89}componentsqippipe.dll
FF — component: c:documents and settingsSveApplication DataMozillaFirefoxProfiles3oniyzmm.defaultextensions{a298ed31-d405-40e2-880f-b7511948e582}componentsFFExternalAlert.dll
FF — component: c:documents and settingsSveApplication DataMozillaFirefoxProfiles3oniyzmm.defaultextensions{a298ed31-d405-40e2-880f-b7511948e582}componentsRadioWMPCore.dll
FF — plugin: c:program filesGooglePicasa3npPicasa3.dll
FF — plugin: c:program filesGoogleUpdate1.2.183.23npGoogleOneClick8.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension—- FIREFOX POLICIES —-
c:program filesMozilla Firefoxgreprefsall.js — pref(«ui.use_native_colors», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.auth.force-generic-ntlm», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«svg.smil.enabled», false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.renego_unrestricted_hosts», «»);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.treat_unsafe_negotiation_as_broken», false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.ssl.require_safe_negotiation», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description», «chrome://browser/locale/browser.properties»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«plugins.update.notifyUser», false);
.
— — — — ORPHANS REMOVED — — — —HKCU-Run-DAEMON Tools Lite — c:program filesDAEMON Tools Litedaemon.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-26 08:55
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2010-05-26 08:58:01
ComboFix-quarantined-files.txt 2010-05-26 05:57
ComboFix2.txt 2010-04-23 08:36Pre-Run: 21,998,682,112 bytes free
Post-Run: 22,659,956,736 bytes free— — End Of File — — C923153B45963528DF687BB70789F805
