Созданные ответы форума
-
Сообщения
-
ZoneAlarm Pro выдаёт примерно каждые 2 секунды по сообщению типа «packet sent from 89.180.48.152 to «мой ip» was blocked» . чем интенсивнее эти сообщения тем сильнее лагает интернет…
ComboFix 10-06-15.02 — Emilien 15.06.2010 22:48:04.1.2 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2047.1666 [GMT 4:00]
Running from: E:ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.d:documents and settingsEmilienApplication DataMicrosoftInternet ExplorerqiPSearchbar.dll
.
((((((((((((((((((((((((( Files Created from 2010-05-15 to 2010-06-15 )))))))))))))))))))))))))))))))
.2010-06-09 12:38 . 2010-06-09 12:38
d-sh—w- d:windowssystem32configsystemprofileIETldCache
2010-06-09 12:31 . 2008-04-14 17:40 294912 -c—-w- d:windowssystem32dllcachedlimport.exe
2010-06-09 11:32 . 2010-06-12 22:35
d
w- d:documents and settingsEmilienApplication DataDownload Master
2010-06-09 11:32 . 2007-12-18 10:56 1412608 —-a-w- d:documents and settingsEmilienApplication DataDownload Mastertempskin.dll
2010-06-09 11:29 . 2010-06-09 12:14
d
w- d:program filesDownload Master
2010-06-09 11:09 . 2010-06-09 11:16
d
w- d:documents and settingsEmilienSecurityScans
2010-06-09 11:09 . 2010-06-09 11:09
d
w- d:program filesMicrosoft Baseline Security Analyzer 2
2010-06-09 10:35 . 2009-08-06 15:24 44768 —-a-w- d:windowssystem32wups2.dll
2010-06-09 09:44 . 2006-02-02 14:57 1211904 —-a-w- d:windowssystem32Incinerator.dll
2010-06-09 09:44 . 2005-10-24 13:07 41472 —-a-w- d:windowssystem32iolobtdfg.exe
2010-06-09 09:44 . 2005-09-12 16:20 25264 —-a-w- d:windowssystem32smrgdf.exe
2010-06-09 09:44 . 2010-06-09 09:44
d
w- d:program filesiolo
2010-06-08 21:41 . 2010-06-08 21:41
d
w- d:documents and settingsEmilienLocal SettingsApplication DataGHISLER
2010-06-08 20:45 . 2010-06-14 20:48
d
w- d:program filesAnti Trojan Elite
2010-06-08 20:14 . 2008-04-13 20:15 26368 -c—a-w- d:windowssystem32dllcacheusbstor.sys
2010-06-08 19:57 . 2010-06-08 19:57
d-sh—w- d:documents and settingsEmilienIECompatCache
2010-06-08 10:24 . 2010-06-08 10:24
d
w- d:documents and settingsEmilienApplication DataDivX
2010-06-08 10:24 . 2010-06-08 10:24
d
w- d:documents and settingsEmilienApplication DataMedia Player Classic
2010-06-08 09:50 . 2010-06-08 09:50
d
w- d:program filesuTorrent
2010-06-08 09:50 . 2010-06-14 22:11
d
w- d:documents and settingsEmilienApplication DatauTorrent
2010-06-08 09:41 . 2008-04-14 17:40 54272 -c—a-w- d:windowssystem32dllcachevfwwdm32.dll
2010-06-08 09:41 . 2008-04-14 17:40 54272 —-a-w- d:windowssystem32vfwwdm32.dll
2010-06-08 09:36 . 2010-06-08 09:36
d
w- d:program filesCCleaner
2010-06-08 09:18 . 2005-02-01 15:30 16176
w- d:windowssystem32driversNVXBAR.SYS
2010-06-08 09:18 . 2005-02-01 15:30 141246
w- d:windowssystem32driversNVCAP.SYS
2010-06-08 09:16 . 2004-09-07 07:41 5120 —-a-w- d:windowssystem32driversAsInsHelp64.sys
2010-06-08 09:16 . 2004-03-10 10:31 3328 —-a-w- d:windowssystem32driversAsInsHelp32.sys
2010-06-08 09:12 . 2007-04-23 00:15 118520
w- d:windowssystem32pxinsi64.exe
2010-06-08 09:12 . 2007-04-23 00:15 116472
w- d:windowssystem32pxcpyi64.exe
2010-06-08 09:12 . 2010-06-08 09:12
d
w- d:program filesDivX
2010-06-08 09:11 . 2009-12-12 14:15 178176 —-a-w- d:windowssystem32unrar.dll
2010-06-08 09:11 . 2009-05-29 21:37 205824 —-a-w- d:windowssystem32xvidvfw.dll
2010-06-08 09:11 . 2009-05-29 21:31 881664 —-a-w- d:windowssystem32xvidcore.dll
2010-06-08 09:11 . 2006-04-02 12:47 630784 —-a-w- d:windowssystem32vp7vfw.dll
2010-06-08 09:11 . 2004-05-18 18:16 39936 —-a-w- d:windowssystem32huffyuv.dll
2010-06-08 09:11 . 2004-01-25 16:18 217088 —-a-w- d:windowssystem32yv12vfw.dll
2010-06-08 09:11 . 2010-02-02 18:00 85504 —-a-w- d:windowssystem32ff_vfw.dll
2010-06-08 09:10 . 2010-06-08 09:11
d
w- d:program filesK-Lite Codec Pack
2010-06-07 22:17 . 2010-06-12 22:40
d
w- d:documents and settingsEmilienApplication DataWebMoney
2010-06-07 22:13 . 2010-06-07 22:13
d
w- d:program filesWebMoney Agent
2010-06-07 22:13 . 2010-06-12 22:40
d—a-w- d:documents and settingsAll UsersApplication DataTEMP
2010-06-07 22:12 . 2010-06-12 22:38
d
w- d:program filesWebMoney.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-15 19:00 . 2010-06-07 18:27
d
w- d:documents and settingsAll UsersApplication DataKaspersky Lab
2010-06-15 18:38 . 2010-06-07 18:11 4212 —ha-w- d:windowssystem32zllictbl.dat
2010-06-15 18:36 . 2010-06-07 19:24 8326329 —-a-w- d:windowsInternet LogstvDebug.Zip
2010-06-14 21:57 . 2010-06-14 21:57
d
w- d:program filestrend micro
2010-06-13 08:20 . 2010-06-13 08:20
d
w- d:program filesUnlocker
2010-06-1******3 . 2010-06-1******3 11264 —-a-w- d:windowssystem32driversuzezotg5.sys
2010-06-09 13:05 . 2010-06-09 13:05
d
w- d:program filesAlcohol Soft
2010-06-09 13:00 . 2010-06-09 13:00 721904 —-a-w- d:windowssystem32driverssptd.sys
2010-06-09 12:44 . 2010-06-07 18:12 69232 —-a-w- d:documents and settingsEmilienLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-06-09 12:35 . 2010-06-07 17:53 86327 —-a-w- d:windowspchealthhelpctrOfflineCacheindex.dat
2010-06-09 04:33 . 2010-06-07 19:32
d
w- d:program filesPokerStars
2010-06-08 09:37 . 2010-06-07 18:13
d
w- d:program filesASUS
2010-06-08 09:18 . 2010-06-07 18:10
d—h—w- d:program filesInstallShield Installation Information
2010-06-07 21:20 . 2010-06-07 20:36
d
w- d:program filesCommon FilesNero
2010-06-07 20:57 . 2010-06-07 20:37
d
w- d:program filesNero
2010-06-07 20:55 . 2010-06-07 20:55
d
w- d:program filesWindows Sidebar
2010-06-07 20:47 . 2010-06-07 20:36
d
w- d:documents and settingsAll UsersApplication DataNero
2010-06-07 20:17 . 2010-06-07 20:01
d
w- d:documents and settingsEmilienApplication DataWinamp
2010-06-07 20:01 . 2010-06-07 20:01
d
w- d:program filesWinamp
2010-06-07 18:53 . 2010-06-07 18:53 932368 —-a-w- d:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataKasFltPluginsprofiles-1-6.dll
2010-06-07 18:53 . 2010-06-07 18:53 678416 —-a-w- d:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataKasFltPluginscontent_interpreter-1-1.dll
2010-06-07 18:53 . 2010-06-07 18:53 604688 —-a-w- d:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataKasFltPluginsgsg-3-9.dll
2010-06-07 18:53 . 2010-06-07 18:53 1096208 —-a-w- d:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataKasFltPluginsfiltration-4-6.dll
2010-06-07 18:53 . 2010-06-07 18:53 522768 —-a-w- d:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataKasFltPluginsdatabase-1-5.dll
2010-06-07 18:51 . 2010-06-07 18:42
d
w- d:documents and settingsAll UsersApplication DataMicrosoft Help
2010-06-07 18:51 . 2010-06-07 18:51 80400 —-a-w- d:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataUpdaterTemporary FilesrollbackpatchAutoPatcheskav9exec9.0.0.736fssync.dll
2010-06-07 18:51 . 2010-06-07 18:28 97549 —-a-w- d:windowssystem32driversklick.dat
2010-06-07 18:51 . 2010-06-07 18:28 113933 —-a-w- d:windowssystem32driversklin.dat
2010-06-07 18:51 . 2010-06-07 18:51 80400 —-a-w- d:documents and settingsAll UsersApplication DataKaspersky LabAVP9DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav9exec9.0.0.736fssync.dll
2010-06-07 18:47 . 2010-06-07 18:45
d
w- d:program filesMicrosoft Works
2010-06-07 18:45 . 2010-06-07 18:45
d
w- d:program filesMSBuild
2010-06-07 18:32 . 2010-06-07 18:11
d
w- d:program filesCheckPoint
2010-06-07 18:27 . 2010-06-07 18:27
d
w- d:program filesKaspersky Lab
2010-06-07 18:26 . 2010-06-07 18:26
d
w- d:documents and settingsAll UsersApplication DataZA_PreservedFiles
2010-06-07 18:24 . 2010-06-07 18:24
d
w- d:documents and settingsAll UsersApplication DataKaspersky Lab Setup Files
2010-06-07 18:23 . 2010-06-07 18:23
d
w- d:program filesQIP
2010-06-07 18:21 . 2008-04-15 12:00 49350 —-a-w- d:windowssystem32perfc019.dat
2010-06-07 18:21 . 2008-04-15 12:00 346144 —-a-w- d:windowssystem32perfh019.dat
2010-06-07 18:18 . 2010-06-07 18:18
d
w- d:program filesTerayon
2010-06-07 18:13 . 2010-06-07 18:10
d
w- d:program filesCommon FilesInstallShield
2010-06-07 18:11 . 2010-06-07 18:11
d
w- d:documents and settingsEmilienApplication DataCheckPoint
2010-06-07 18:10 . 2010-06-07 18:10
d
w- d:program filesZone Labs
2010-06-07 18:10 . 2010-06-07 18:10
d
w- d:program filesAnalog Devices
2010-06-07 18:09 . 2010-06-07 18:09
d
w- d:program filesDIFX
2010-06-07 18:08 . 2010-06-07 18:08
d
w- d:program filesEssNetTools
2010-06-07 17:54 . 2010-06-07 17:54
d
w- d:program filesmicrosoft frontpage
2010-06-07 17:51 . 2010-06-07 17:51 22564 —-a-w- d:windowssystem32emptyregdb.dat
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«SMSystemAnalyzer»=»d:program filesioloSystem Mechanic Professional 6SMSystemAnalyzer.exe» [2006-02-02 578048]
«Download Master»=»d:program filesDownload Masterdmaster.exe» [2009-08-05 3777536]
«AlcoholAutomount»=»d:program filesAlcohol SoftAlcohol 120axcmd.exe» [2009-04-24 203928]
«AlSrvN»=»d:program filesAlcohol SoftAlcohol 120PluginsHelperAlSrvN.exe» [2009-04-17 53248][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«NvCplDaemon»=»d:windowssystem32NvCpl.dll» [2009-02-18 13680640]
«nwiz»=»nwiz.exe» [2009-02-18 1657376]
«NvMediaCenter»=»d:windowssystem32NvMcTray.dll» [2009-02-18 86016]
«SoundMAXPnP»=»d:program filesAnalog DevicesCoresmax4pnp.exe» [2006-09-26 872448]
«AVP»=»d:program filesKaspersky LabKaspersky Internet Security 2010avp.exe» [2009-10-20 340456]
«ZoneAlarm Client»=»d:program filesZone LabsZoneAlarmzlclient.exe» [2009-10-16 1037192]
«wmagent.exe»=»d:program filesWebMoney Agentwmagent.exe» [2009-10-19 210400]
«Anti Trojan Elite»=»d:program filesAnti Trojan EliteTJEnder.exe» [2010-06-08 4076544]
«UnlockerAssistant»=»d:program filesUnlockerUnlockerAssistant.exe» [2006-09-07 15872][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»d:windowssystem32CTFMON.EXE» [2008-04-15 15360][HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]
«DisableMonitoring»=dword:00000001[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringZoneLabsFirewall]
«DisableMonitoring»=dword:00000001[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«d:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«d:\Program Files\uTorrent\uTorrent.exe»=R0 klbg;Kaspersky Lab Boot Guard Driver;d:windowssystem32driversklbg.sys [14.10.2009 20:18 36880]
R0 sptd;sptd;d:windowssystem32driverssptd.sys [09.06.2010 17:00 721904]
R1 uzezotg5;AVZ-RK Kernel Driver;d:windowssystem32driversuzezotg5.sys [13.06.2010 2:23 11264]
R2 ATE_PROCMON;ATE_PROCMON;d:program filesAnti Trojan EliteATEPMON.sys [09.06.2010 0:46 9216]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:windowssystem32driversklim5.sys [14.09.2009 13:42 32272]
S3 klmouflt;Kaspersky Lab KLMOUFLT;d:windowssystem32driversklmouflt.sys [02.10.2009 18:39 19472]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yandex.ru/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Экспорт в Microsoft Excel — d:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Добавить в Анти-Баннер — d:program filesKaspersky LabKaspersky Internet Security 2010ie_banner_deny.htm
IE: Закачать ВСЕ при помощи Download Master — d:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — d:program filesDownload Masterdmie.htm
IE: Передать на удаленную закачку DM — d:program filesDownload Masterremdown.htm
.
.
File Associations
.
JSEFile=NOTEPAD.EXE %1
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-15 23:00
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
**************************************************************************
.
Other Running Processes
.
d:program filesCommon FilesNeroNero BackItUp 4NBService.exe
d:windowssystem32nvsvc32.exe
d:windowssystem32wscntfy.exe
d:windowssystem32RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2010-06-15 23:03:33 — machine was rebooted
ComboFix-quarantined-files.txt 2010-06-15 19:03Pre-Run: 18 449 948 672 байт свободно
Post-Run: 20 322 250 752 байт свободноCurrent=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
— — End Of File — — 107082BE8ECAD15485D1E63DD9FC984B
