[far70]

dвсе исто на компе, я поняла, что вирус сидел на моем сайте, я почистила, теперь все работает отлично.
спасибо.

[far70]

Вот результат

ComboFix 09-01-19.01 — RuDiLi 2009-01-19 22:25:21.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1049.18.255.150 [GMT 3:00]
Running from: c:documents and settingsRuDiLiРабочий столComboFix.exe
AV: Антивирус Касперского *On-access scanning disabled* (Updated)
FW: Антивирус Касперского *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
—- Previous Run

---

.
c:program filesINSTALL.LOG
c:windowssystem32driversatmapi.sys
c:windowssystem32wincreate.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.

2009-01-19 19:06 . 2009-01-19 19:06

d—-c— c:program filesBillP Studios
2009-01-19 19:06 . 2009-01-19 19:06 d—-c— c:documents and settingsRuDiLiApplication DataWinPatrol
2009-01-19 18:26 . 2009-01-19 18:26 d—-c— C:rsit
2009-01-19 18:26 . 2009-01-19 20:28 d—-c— c:program filestrend micro
2009-01-19 17:09 . 2009-01-19 17:09 d—-c— C:_OTMoveIt
2009-01-19 14:45 . 2009-01-19 14:45 d—-c— c:program filesMalwarebytes’ Anti-Malware
2009-01-19 14:45 . 2009-01-19 14:45 d—-c— c:documents and settingsRuDiLiApplication DataMalwarebytes
2009-01-19 14:45 . 2009-01-19 14:45 d—-c— c:documents and settingsAll UsersApplication DataMalwarebytes
2009-01-19 14:45 . 2009-01-14 16:11 38,496 —a—c— c:windowssystem32driversmbamswissarmy.sys
2009-01-19 14:45 . 2009-01-14 16:11 15,504 —a—c— c:windowssystem32driversmbam.sys
2009-01-19 13:41 . 2009-01-19 13:41 54,156 —ah-c— c:windowsQTFont.qfn
2009-01-19 13:41 . 2009-01-19 13:41 1,409 —a—c— c:windowsQTFont.for
2009-01-13 16:53 . 2004-08-18 15:00 28,288 —a—c— c:windowssystem32dllcachexjis.nls
2009-01-13 16:51 . 2004-08-18 15:00 1,875,968 —a—c— c:windowssystem32dllcachemsir3jp.lex
2009-01-13 16:50 . 2004-08-18 15:00 13,463,552 —a—c— c:windowssystem32dllcachehwxjpn.dll
2009-01-13 16:49 . 2004-08-18 15:00 1,677,824 —a—c— c:windowssystem32dllcachechsbrkr.dll
2009-01-13 16:48 . 2004-08-18 15:00 2,134,528 —a—c— c:windowssystem32dllcachesmtpsnap.dll
2009-01-13 16:47 . 2004-05-13 00:39 876,653 —a—c— c:windowssystem32dllcachefp4awel.dll
2009-01-13 16:45 . 2009-01-13 16:45 488 -rah-c— c:windowssystem32logonui.exe.manifest
2009-01-13 16:44 . 2009-01-13 16:44 749 -rah-c— c:windowsWindowsShell.Manifest
2009-01-13 16:44 . 2009-01-13 16:44 749 -rah-c— c:windowssystem32wuaucpl.cpl.manifest
2009-01-13 16:44 . 2009-01-13 16:44 749 -rah-c— c:windowssystem32sapi.cpl.manifest
2009-01-13 16:44 . 2009-01-13 16:44 749 -rah-c— c:windowssystem32nwc.cpl.manifest
2009-01-13 16:44 . 2009-01-13 16:44 749 -rah-c— c:windowssystem32ncpa.cpl.manifest
2008-12-24 22:23 . 2004-08-18 15:00 1,086,058 -ra—c— c:windowsSET2C.tmp
2008-12-24 22:23 . 2004-08-18 15:00 1,014,193 -ra—c— c:windowsSET29.tmp
2008-12-24 22:23 . 2004-08-18 15:00 14,043 -ra—c— c:windowsSET3B.tmp
2008-12-24 08:09 . 2008-12-28 14:17 329 —a—c— c:documents and settingsRuDiLivasdrvwin.exe
2008-12-21 15:49 . 2008-12-21 15:49 394 —a—c— c:windowsODBC.INI
2008-12-21 15:44 . 2008-12-21 15:44 d—h-c— c:windowsShellNew
2008-12-19 08:24 . 2008-12-19 08:24 446,097 —a—c— C:gismeteotraysetup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-19 19:30 37,022,752 -csha-w c:windowssystem32driversfidbox.dat
2009-01-19 19:23

---

dc—-w c:documents and settingsAll UsersApplication DataKaspersky Lab
2009-01-19 19:18 692,512 -csha-w c:windowssystem32driversfidbox2.dat
2009-01-19 17:30 69,668 -csha-w c:windowssystem32driversfidbox2.idx
2009-01-19 17:30 502,736 -csha-w c:windowssystem32driversfidbox.idx
2009-01-19 16:00

---

dc—-w c:program filesMetatrader — FXstart
2009-01-16 05:12

---

dc—a-w c:documents and settingsAll UsersApplication DataTEMP
2009-01-16 05:11

---

dc—-w c:documents and settingsRuDiLiApplication DataWebMoney
2009-01-16 05:07

---

dc—-w c:program filesYahoo!
2009-01-16 05:06

---

dc—-w c:program filesGoogle
2009-01-12 12:01

---

dc—-w c:program filesRinkost — MetaTrader 4
2008-12-17 05:01

---

dc—-w c:documents and settingsRuDiLiApplication DataMra
2008-12-15 18:26

---

dc—-w c:documents and settingsRuDiLiApplication DatauTorrent
2008-12-03 20:02

---

dc—-w c:program filesTF Trader
2008-12-03 08:42

---

dc—-w c:program filesFX-Invest MetaTrader 4
2008-12-02 06:22

---

dc—-w c:program filesuTorrent
2008-12-01 20:59

---

dc—-w c:documents and settingsRuDiLiApplication DataWebcammax
2008-12-01 20:10

---

dc—-w c:documents and settingsRuDiLiApplication DataoovooToolbar
2008-12-01 20:06

---

dc—-w c:documents and settingsRuDiLiApplication DataooVoo Details
2008-12-01 20:03

---

dc—-w c:program filesooVoo
2008-12-01 20:02

---

dc-h—w c:program filesInstallShield Installation Information
2008-12-01 20:02

---

dc—-w c:program filesoovooToolbar
2008-12-01 15:39

---

dc—-w c:documents and settingsAll UsersApplication DataYahoo!
2008-12-01 12:39 5,764,912 -c—a-w C:rinkostmt4.exe
2008-11-30 17:58

---

dc—-w c:program filesBitComet
2008-11-30 10:52 5,170,248 -c—a-w C:bitcomet_setup.exe
2008-11-25 13:43

---

dc—-w c:program filesiPForex Trader 4
2008-11-24 18:30

---

dc—-w c:program filesCamfrog
2008-11-23 19:53

---

dc—-w c:documents and settingsRuDiLiApplication DataYahoo!
2008-11-23 18:41 8,482,048 -c—a-w C:camfrog.exe
2008-11-23 18:33

---

dc—-w c:documents and settingsRuDiLiApplication DataCamfrog
2008-11-20 12:36

---

dc—-w c:documents and settingsRuDiLiApplication DataSmart Panel
2008-11-14 12:39 1,700 -c—a-w c:program filesinstall.sss
2008-11-14 12:38 871,399 -c—a-w c:program filesUninstall.exe
2008-11-14 12:37 6,409,696 -c—a-w C:wm2.exe
2008-11-13 18:49 306,432 -c—a-w c:windowssystem32TuneUpDefragService.exe
2008-11-13 06:59 346 -c—a-w c:documents and settingsRuDiLiwindrv.exe
2008-11-03 17:43 2,986,462 -c—a-w C:TEJER LA MODA-37.zip
2008-11-03 08:28 1,589,639 -c—a-w C:stduviewer.exe
2008-11-02 17:08 594,688 -c—a-w C:SetupPremiumRap.exe
2008-10-30 14:36 3,495,400 -c—a-w c:program filesWMClient.dll
2008-10-19 19:37 5,047,800 -c—a-w C:magentsetup.exe
2008-06-26 13:35 984,528 -c—a-w c:program filesDefaultKSP.dll
2008-03-19 16:48 521,704 -c—a-w c:program filesWebMoney.exe
2007-12-12 17:02 3,159 -c—a-w c:program fileswebmoney.exe.manifest
2007-10-24 11:23 939,472 -c—a-w c:program filesEnum.dll
2007-10-23 14:34 140,808 -c—a-w c:program filesbexth.dll
2007-10-23 14:32 79,384 -c—a-w c:program filesWMDispatcher.exe
2007-07-20 11:53 145 -c—a-w c:program filesregwmd.bat
2007-02-07 10:56 1,645,320 -c—a-w c:program filesgdiplus.dll
2005-10-27 14:33 292,616 -c—a-w c:program filesKeeperID.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{A057A204-BACC-4D26-8087-36EE87E26986}]
2008-07-29 22:56 1987544 —a—c— c:progra~1OOVOOT~1OOVOOT~1.DLL

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{A057A204-BACC-4D26-8087-36EE87E26986}»= «c:progra~1OOVOOT~1OOVOOT~1.DLL» [2008-07-29 1987544]

[HKEY_CLASSES_ROOTclsid{a057a204-bacc-4d26-8087-36ee87e26986}]
[HKEY_CLASSES_ROOToovooToolbar.OOVOOTOOLBAR]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«Punto Switcher»=»c:program filesPunto Switcherpunto.exe» [2008-09-11 726824]
«WinPatrol Russian v.2″=»c:program filesBillP StudiosWinPatrolWinPatrolEx.exe» [2007-08-06 525624]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«GismeteoTray»=»c:gismeteotraygismeteotray.exe» [2008-12-19 721408]
«MAgent»=»c:program filesMail.RuAgentMAgent.exe» [2008-12-10 4428472]
«WinPatrol»=»c:program filesBillP StudiosWinPatrolWinPatrol.exe» [2007-08-06 292152]
«WinPatrol Russian v.2″=»c:program filesBillP StudiosWinPatrolWinPatrolEx.exe» [2007-08-06 525624]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-18 15360]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«VIDC.X264″= x264vfw.dll
«VIDC.3iv2″= 3ivxVfWCodec.dll
«VIDC.VP31″= vp31vfw.dll
«msacm.l3fhg»= mp3fhg.acm

[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Gamma Loader.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаAdobe Gamma Loader.lnk
backup=c:windowspssAdobe Gamma Loader.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Microsoft Office.lnk]
path=c:documents and settingsAll UsersГлавное менюПрограммыАвтозагрузкаMicrosoft Office.lnk
backup=c:windowspssMicrosoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEPSON Stylus CX3500 Series]
—a—c— 2004-03-04 06:00 98304 c:windowssystem32spooldriversw32x863E_FATI9BP.EXE

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMAgent]
—a—c— 2008-12-10 09:36 4428472 c:program filesMail.RuAgentmagent.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
—a—c— 2001-07-09 10:50 155648 c:windowssystem32NeroCheck.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregOM2_Monitor]
—a—c— 2007-09-04 13:52 54576 c:program filesOLYMPUSOLYMPUS Master 2FirstStart.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
—a—c— 2006-09-01 14:57 282624 c:program filesQuickTimeqttask.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«UpdatesDisableNotify»=dword:00000001
«AntiVirusOverride»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«18066:TCP»= 18066:TCP:BitComet 18066 TCP
«18066:UDP»= 18066:UDP:BitComet 18066 UDP
«443:TCP»= 443:TCP:*:Disabled:ooVoo TCP порт443
«443:UDP»= 443:UDP:*:Disabled:ooVoo UDP порт443
«37674:TCP»= 37674:TCP:*:Disabled:ooVoo TCP порт37674
«37674:UDP»= 37674:UDP:*:Disabled:ooVoo UDP порт37674
«37675:UDP»= 37675:UDP:*:Disabled:ooVoo UDP порт37675

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:windowssystem32driversklim5.sys [2007-04-04 24344]
S3 Pergpsmg;Pergpsmg; [x]
.
Contents of the ‘Scheduled Tasks’ folder

2009-01-16 c:windowsTasks1-Click Maintenance.job
— c:program filesTuneUp Utilities 2008OneClick.exe []

2008-12-28 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2006-08-29 14:21]
.
— — — — ORPHANS REMOVED — — — —

MSConfigStartUp-Google Update — c:documents and settingsRuDiLiLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe
MSConfigStartUp-swg — c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
MSConfigStartUp-Yupdate! — c:program filesCommon FilesYandexYupdateyupdate.exe

.

---

Supplementary Scan

---

.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} — c:program filesMail.RuAgentmagent.exe
Trusted Zone: banking.webmoney.ru
TCP: {E8A0D546-675D-4D40-A625-43E0F9BCCA6E} = 85.233.82.86,217.198.10.2
DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} — hxxps://w3s.webmoney.ru/WMAcceptor.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 22:29:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘winlogon.exe'(832)
c:program filesKaspersky LabKaspersky Internet Security 7.0miscr3.dll
c:windowssystem32klogon.dll

— — — — — — — > ‘lsass.exe'(888)
c:program filesKaspersky LabKaspersky Internet Security 7.0dnsq.dll
c:program filesKaspersky LabKaspersky Internet Security 7.0miscr3.dll
.
Completion time: 2009-01-19 22:32:19
ComboFix-quarantined-files.txt 2009-01-19 19:32:16

Pre-Run: 20,295,344,128 байт свободно
Post-Run: 20,294,672,384 байт свободно

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
211

[Автор]

Сообщения