Re: Re: Не включю комп аля иди гуляй

26 августа, 2009 в 10:02 дп #25374

Participant

Темы:2
Сообщений:17

☆

Здравствуйте, Валерий. Нечего бывает.
Да, запускал. Но лог удалил потом.
Вот сделал сейчас еще раз проверку.

ComboFix 09-08-25.04 — Artem0305 26.08.2009 12:53.2.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1033.18.2046.1426 [GMT 3:00]
Running from: c:documents and settingsArtem0305DesktopComboFix.exe
Command switches used :: c:documents and settingsArtem0305DesktopWindowsXP-KB310994-SP2-Pro-BootDisk-ENU(2).exe
AV: avast! antivirus 4.8.1351 [VPS 090825-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
PEV Error: CacheFolder

((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))
.

2009-08-25 18:11 . 2009-08-25 18:12

dc-h—w- c:windowsie8
2009-08-25 18:11 . 2009-08-25 18:14

d—h—w- c:windowsmsdownld.tmp
2009-08-25 17:45 . 2009-08-25 17:45

d

w- c:documents and settingsArtem0305SecurityScans
2009-08-25 10:42 . 2009-03-09 12:27 453456 —-a-w- c:windowssystem32d3dx10_41.dll
2009-08-25 10:42 . 2009-03-09 12:27 1846632 —-a-w- c:windowssystem32D3DCompiler_41.dll
2009-08-25 10:42 . 2009-03-16 11:18 69448 —-a-w- c:windowssystem32XAPOFX1_3.dll
2009-08-25 10:42 . 2009-03-16 11:18 517448 —-a-w- c:windowssystem32XAudio2_4.dll
2009-08-25 10:42 . 2009-03-16 11:18 235352 —-a-w- c:windowssystem32xactengine3_4.dll
2009-08-25 10:42 . 2009-03-09 12:27 4178264 —-a-w- c:windowssystem32D3DX9_41.dll
2009-08-25 10:42 . 2009-03-16 11:18 22360 —-a-w- c:windowssystem32X3DAudio1_6.dll
2009-08-24 14:17 . 2009-08-24 14:17

d

w- c:documents and settingsArtem0305DoctorWeb
2009-08-24 13:44 . 2009-08-24 13:44

d

w- c:documents and settingsAll UsersApplication DataOffice Genuine Advantage
2009-08-23 19:29 . 2009-08-24 12:55

d

w- c:program filesSafeSurf
2009-08-22 18:15 . 2009-08-22 18:14 411368 —-a-w- c:windowssystem32deploytk.dll
2009-08-22 18:14 . 2009-08-22 18:14 152576 —-a-w- c:documents and settingsArtem0305Application DataSunJavajre1.6.0_15lzma.dll
2009-08-22 17:21 . 2009-08-22 17:21

d

w- c:program filesNVIDIA Corporation
2009-08-22 17:21 . 2009-08-22 17:21

d

w- c:documents and settingsAll UsersApplication DataNVIDIA Corporation
2009-08-21 20:00 . 2009-08-25 19:55

d

w- c:program filestrend micro
2009-08-21 20:00 . 2009-08-21 20:00

d

w- C:rsit
2009-08-21 19:26 . 2009-08-21 19:26

d

w- c:documents and settingsArtem0305Application DataUniblue
2009-08-21 19:26 . 2009-07-01 07:41 2568240 -c—-w- c:documents and settingsAll UsersApplication Data~0Uniblue RegistryBooster.exe
2009-08-21 19:25 . 2009-08-21 19:42

dc-h—w- c:documents and settingsAll UsersApplication Data~0
2009-08-21 18:26 . 2009-08-21 19:29

d

w- c:documents and settingsArtem0305Application DataAuslogics
2009-08-21 18:25 . 2009-08-21 18:25

d

w- c:program filesAuslogics
2009-08-20 13:30 . 2009-08-25 13:04

d

w- C:Мусор
2009-08-18 11:23 . 2000-05-17 06:52 187392 —-a-w- c:windowssystem32JPGUtils.dll
2009-08-18 11:23 . 2009-08-21 19:43

d

w- c:program filesCommon FilesStardock
2009-08-18 11:23 . 2009-08-18 11:23

d

w- c:program filesWinCustomize
2009-08-17 20:29 . 2009-08-17 20:29

d

w- c:documents and settingsAll UsersApplication DataYandex
2009-08-17 15:45 . 2009-08-18 11:28

d

w- c:program filesStardock
2009-08-17 15:45 . 2008-04-26 13:14 42672

w- c:windowssystem32wbsys.dll
2009-08-17 00:04 . 2009-08-17 00:04 2173472 —-a-w- c:windowssystem32nvcplui.exe
2009-08-17 00:04 . 2009-08-17 00:04 81920 —-a-w- c:windowssystem32nvwddi.dll
2009-08-17 00:03 . 2009-08-17 00:03 3170304 —-a-w- c:windowssystem32nvwss.dll
2009-08-17 00:03 . 2009-08-17 00:03 4026368 —-a-w- c:windowssystem32nvvitvs.dll
2009-08-17 00:03 . 2009-08-17 00:03 188416 —-a-w- c:windowssystem32nvmccss.dll
2009-08-17 00:03 . 2009-08-17 00:03 1286144 —-a-w- c:windowssystem32nvmobls.dll
2009-08-17 00:03 . 2009-08-17 00:03 3547136 —-a-w- c:windowssystem32nvgames.dll
2009-08-17 00:03 . 2009-08-17 00:03 4923392 —-a-w- c:windowssystem32nvdisps.dll
2009-08-17 00:03 . 2009-08-17 00:03 86016 —-a-w- c:windowssystem32nvmctray.dll
2009-08-17 00:03 . 2009-08-17 00:03 168004 —-a-w- c:windowssystem32nvsvc32.exe
2009-08-17 00:03 . 2009-08-17 00:03 143360 —-a-w- c:windowssystem32nvcolor.exe
2009-08-17 00:03 . 2009-08-17 00:03 13877248 —-a-w- c:windowssystem32nvcpl.dll
2009-08-17 00:02 . 2009-08-17 00:02 229376 —-a-w- c:windowssystem32nvmccs.dll
2009-08-14 15:04 . 2009-08-14 15:04

d

w- c:windowssystem32XPSViewer
2009-08-14 15:04 . 2009-08-14 15:04

d

w- c:program filesReference Assemblies
2009-08-13 18:10 . 2009-08-13 18:10

d

w- c:program filesBorland
2009-08-13 18:10 . 1998-11-12 13:49 47104 —-a-w- c:program files_ISREG32.DLL
2009-08-13 18:10 . 2009-08-13 18:10

d

w- c:program filesCommon FilesBorland Shared
2009-08-13 18:10 . 1998-10-01 12:22 299520 —-a-w- c:windowsuninst.exe
2009-08-13 18:10 . 2009-08-13 18:10

d

w- c:documents and settingsArtem0305WINDOWS
2009-08-12 18:45 . 2009-08-12 18:45

d

w- c:documents and settingsArtem0305Application Datawmmail
2009-08-12 10:46 . 2009-07-10 13:27 1315328 -c—-w- c:windowssystem32dllcachemsoe.dll
2009-08-10 16:32 . 2005-08-30 12:19 1052672 —-a-w- c:documents and settingsArtem0305Application DataMacromediaDreamweaver 8ConfigurationFlash PlayerFlashPlayerW.dll
2009-08-10 16:30 . 2009-08-25 13:37

d

w- c:program filesMacromedia
2009-08-10 16:30 . 2009-08-25 13:37

d

w- c:program filesCommon FilesMacromedia
2009-08-10 15:38 . 2007-09-05 04:02 545 —-a-w- c:windowsUC.PIF
2009-08-10 15:38 . 2007-09-05 04:02 545 —-a-w- c:windowsRAR.PIF
2009-08-10 15:38 . 2007-09-05 04:02 545 —-a-w- c:windowsPKZIP.PIF
2009-08-10 15:38 . 2007-09-05 04:02 545 —-a-w- c:windowsPKUNZIP.PIF
2009-08-10 15:38 . 2007-09-05 04:02 545 —-a-w- c:windowsNOCLOSE.PIF
2009-08-10 15:38 . 2007-09-05 04:02 545 —-a-w- c:windowsLHA.PIF
2009-08-10 15:38 . 2007-09-05 04:02 545 —-a-w- c:windowsARJ.PIF
2009-08-10 11:00 . 2009-08-10 11:00

d

w- c:program filesiPod
2009-08-10 11:00 . 2009-08-10 11:00

d

w- c:program filesiTunes
2009-08-10 10:56 . 2009-08-10 10:56 75040 —-a-w- c:documents and settingsAll UsersApplication DataApple ComputerInstaller CacheiTunes 8.2.1.6SetupAdmin.exe
2009-08-10 09:32 . 2009-08-10 09:32 33280 —-a-w- c:documents and settingsArtem0305pr3xy.exe
2009-08-08 15:13 . 2009-08-08 15:13

d

w- c:documents and settingsArtem0305Application Dataru.rambler.Communicator.13CE42EE296FC74C5214B9FD66640D35FA8DCE65.1
2009-08-08 13:41 . 2009-08-08 13:41 5867704 —-a-w- c:documents and settingsArtem0305Application DataMail.RuAgentmagentsetup.exe
2009-08-08 13:41 . 2009-08-08 13:41 679936 —-a-w- c:documents and settingsArtem0305Application DataMail.RuAgentMradllYLUSBTEL.dll
2009-08-08 13:41 . 2009-08-08 13:41 86712 —-a-w- c:documents and settingsArtem0305Application DataMail.RuAgentMradllmratag.dll
2009-08-08 13:41 . 2009-08-08 13:41 67768 —-a-w- c:documents and settingsArtem0305Application DataMail.RuAgentMradllnewmrasearch.dll
2009-08-08 13:41 . 2009-08-08 13:41 49152 —-a-w- c:documents and settingsArtem0305Application DataMail.RuAgentMradllMousePhone.dll
2009-08-08 13:41 . 2009-08-08 13:41 125112 —-a-w- c:documents and settingsArtem0305Application DataMail.RuAgentMradllmramenu.dll
2009-08-08 13:41 . 2009-08-08 13:41 7975608 —-a-w- c:documents and settingsArtem0305Application DataMail.RuAgentmagent.exe
2009-08-08 13:41 . 2009-08-08 13:41

d

w- c:documents and settingsArtem0305Application DataMra
2009-08-08 13:41 . 2009-08-08 13:41

d

w- c:documents and settingsArtem0305Application DataMail.Ru
2009-08-08 13:41 . 2009-08-08 13:41

d

w- c:program filesMail.Ru
2009-08-07 16:27 . 2009-08-20 11:52

d

w- c:documents and settingsArtem0305Local SettingsApplication DataYESv4
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c—-w- c:windowssystem32dllcachemswebdvd.dll
2009-08-04 19:32 . 2009-08-04 19:32

d

w- c:documents and settingsArtem0305Local SettingsApplication Dataalbumi.lv (Unibind)
2009-08-04 17:20 . 2009-08-04 17:20

d-sh—w- c:documents and settingsArtem0305IECompatCache
2009-08-04 14:38 . 2009-08-23 14:13

d

w- c:documents and settingsArtem0305Application DataWinamp
2009-08-04 14:32 . 2009-08-04 14:33

d

w- c:program filesCCleaner
2009-08-03 17:36 . 2009-08-03 19:30

d

w- c:documents and settingsArtem0305Application DataITTerritory
2009-08-03 16:26 . 2009-08-03 16:26

d

w- c:program filesITTerritory

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 09:51 . 2008-05-19 16:11

d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2009-08-26 09:37 . 2008-05-19 15:28

d

w- c:documents and settingsArtem0305Application DatauTorrent
2009-08-26 08:36 . 2009-05-19 13:32

d

w- c:documents and settingsArtem0305Application DataWebMoney
2009-08-25 11:03 . 2008-05-19 15:16

d

w- c:documents and settingsArtem0305Application DataSkype
2009-08-22 18:14 . 2008-05-23 13:44

d

w- c:program filesJava
2009-08-22 17:21 . 2009-01-19 18:20

d

w- c:program filesCommon FilesWise Installation Wizard
2009-08-21 19:30 . 2009-04-14 16:58

d

w- c:documents and settingsArtem0305Application DataMedia Player Classic
2009-08-20 15:03 . 2009-01-16 17:13 22328 —-a-w- c:windowssystem32driversPnkBstrK.sys
2009-08-20 15:03 . 2009-01-16 17:12 103736 —-a-w- c:windowssystem32PnkBstrB.exe
2009-08-19 15:48 . 2008-05-20 11:00 66872 —-a-w- c:windowssystem32PnkBstrA.exe
2009-08-19 13:33 . 2008-05-14 22:17

d—h—w- c:program filesInstallShield Installation Information
2009-08-19 13:25 . 2008-05-20 11:00 22328 —-a-w- c:documents and settingsArtem0305Application DataPnkBstrK.sys
2009-08-19 13:25 . 2008-05-20 11:00 22328 —-a-w- c:documents and settingsArtem0305Application DataPnkBstrK.sys
2009-08-18 14:37 . 2008-05-14 22:27 697616 —-a-w- c:documents and settingsArtem0305Local SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-08-18 14:22 . 2009-04-03 18:48

d

w- c:program filesBonjour
2009-08-18 14:21 . 2008-12-05 18:00

d

w- c:documents and settingsArtem0305Application DataYandex
2009-08-18 11:24 . 2004-08-03 21:56 3929600 —-a-w- c:windowssystem32logonuiX.exe
2009-08-18 06:33 . 2009-04-22 12:16

d

w- c:documents and settingsArtem0305Application DataFileZilla
2009-08-17 16:10 . 2009-03-20 12:59 1279456 —-a-w- c:windowssystem32aswBoot.exe
2009-08-17 16:06 . 2009-03-20 12:59 93392 —-a-w- c:windowssystem32driversaswmon.sys
2009-08-17 16:06 . 2009-03-20 12:59 94160 —-a-w- c:windowssystem32driversaswmon2.sys
2009-08-17 16:05 . 2009-03-20 12:59 114768 —-a-w- c:windowssystem32driversaswSP.sys
2009-08-17 16:05 . 2009-03-20 12:59 20560 —-a-w- c:windowssystem32driversaswFsBlk.sys
2009-08-17 16:04 . 2009-03-20 12:59 51376 —-a-w- c:windowssystem32driversaswTdi.sys
2009-08-17 16:04 . 2009-03-20 12:59 23152 —-a-w- c:windowssystem32driversaswRdr.sys
2009-08-17 16:03 . 2009-03-20 12:59 26944 —-a-w- c:windowssystem32driversaavmker4.sys
2009-08-17 16:02 . 2009-03-20 12:59 97480 —-a-w- c:windowssystem32AvastSS.scr
2009-08-16 21:57 . 2009-04-30 19:02 1706528 —-a-w- c:windowssystem32nvcuvenc.dll
2009-08-16 21:57 . 2009-04-30 19:02 1597690 —-a-w- c:windowssystem32nvdata.bin
2009-08-16 21:57 . 2009-02-09 11:18 2189856 —-a-w- c:windowssystem32nvcuvid.dll
2009-08-16 21:57 . 2008-05-14 22:22 485920 —-a-w- c:windowssystem32nvudisp.exe
2009-08-16 21:57 . 2008-01-08 17:53 868352 —-a-w- c:windowssystem32nvapi.dll
2009-08-16 21:57 . 2008-01-08 17:53 7729568 —-a-w- c:windowssystem32driversnv4_mini.sys
2009-08-16 21:57 . 2008-01-08 17:53 5845760 —-a-w- c:windowssystem32nv4_disp.dll
2009-08-16 21:57 . 2008-01-08 17:53 2002944 —-a-w- c:windowssystem32nvcuda.dll
2009-08-16 21:57 . 2008-01-08 17:53 155648 —-a-w- c:windowssystem32nvcodins.dll
2009-08-16 21:57 . 2008-01-08 17:53 155648 —-a-w- c:windowssystem32nvcod.dll
2009-08-16 21:57 . 2008-01-08 17:53 10457088 —-a-w- c:windowssystem32nvoglnt.dll
2009-08-13 18:10 . 2009-08-13 18:10 7599 —-a-w- c:program filesDeIsL1.isu
2009-08-13 18:10 . 2009-08-13 18:10 516 —-a-w- c:program files_DEISREG.ISR
2009-08-11 09:35 . 2008-05-14 22:22 485920 —-a-w- c:windowssystem32NVUNINST.EXE
2009-08-08 17:45 . 2008-05-25 16:17

d

w- c:program filesRevConnect
2009-08-07 18:47 . 2009-04-22 04:17

d

w- c:program filesNotepad++
2009-08-07 18:47 . 2009-03-06 18:18

d

w- c:documents and settingsArtem0305Application DataNero
2009-08-07 18:47 . 2008-05-19 15:55

d

w- c:documents and settingsArtem0305Application DataTeamViewer
2009-08-07 18:47 . 2009-04-23 17:32

d

w- c:documents and settingsArtem0305Application DataHideIP
2009-08-07 18:47 . 2008-09-09 11:56

d

w- c:documents and settingsAll UsersApplication DataWLInstaller
2009-08-05 09:01 . 2004-08-03 21:56 204800 —-a-w- c:windowssystem32mswebdvd.dll
2009-08-04 14:40 . 2008-05-15 17:52

d

w- c:program filesWinamp
2009-08-03 12:15 . 2009-03-15 16:49 10 —-a-w- c:windowspopcinfo.dat
2009-07-24 09:48 . 2008-11-04 19:46

d

w- c:documents and settingsAll UsersApplication DataAlawarWrapper
2009-07-17 19:01 . 2004-08-03 21:56 58880 —-a-w- c:windowssystem32atl.dll
2009-07-12 10:09 . 2009-07-12 10:09

d

w- c:documents and settingsAll UsersApplication DataAgnitum
2009-07-12 09:21 . 2004-08-03 21:56 233472 —-a-w- c:windowssystem32wmpdxm.dll
2009-07-03 17:09 . 2004-08-03 21:56 915456 —-a-w- c:windowssystem32wininet.dll
2009-06-16 14:36 . 2004-08-03 21:56 119808 —-a-w- c:windowssystem32t2embed.dll
2009-06-16 14:36 . 2003-03-31 12:00 81920 —-a-w- c:windowssystem32fontsub.dll
2009-06-12 12:31 . 2004-08-03 21:56 80896 —-a-w- c:windowssystem32tlntsess.exe
2009-06-12 12:31 . 2004-08-03 21:56 76288 —-a-w- c:windowssystem32telnet.exe
2009-06-10 14:13 . 2004-08-03 21:56 84992 —-a-w- c:windowssystem32avifil32.dll
2009-06-10 06:19 . 2008-05-14 22:04 2066432 —-a-w- c:windowssystem32mstscax.dll
2009-06-10 06:14 . 2004-08-03 21:56 132096 —-a-w- c:windowssystem32wkssvc.dll
2009-06-05 16:59 . 2009-06-05 16:59 290816 —-a-w- c:documents and settingsArtem0305Application DataSystemRequirementsLabSRLProxy_nvd_4.dll
2009-06-05 16:59 . 2009-06-05 16:59 290816 —-a-w- c:documents and settingsArtem0305Application DataSystemRequirementsLabSRLProxy_nvd_3.dll
2009-06-05 16:59 . 2009-06-05 16:59 290816 —-a-w- c:documents and settingsArtem0305Application DataSystemRequirementsLabSRLProxy_nvd_2.dll
2009-06-05 16:59 . 2009-06-05 16:59 290816 —-a-w- c:documents and settingsArtem0305Application DataSystemRequirementsLabSRLProxy_nvd_1.dll
2009-06-05 08:42 . 2009-05-16 12:37 2060288 —-a-w- c:windowssystem32usbaaplrc.dll
2009-06-05 08:42 . 2008-12-03 20:05 39424 —-a-w- c:windowssystem32driversusbaapl.sys
2009-06-03 19:09 . 2004-08-03 21:56 1291264 —-a-w- c:windowssystem32quartz.dll
.

Sigcheck

[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:windows$hf_mig$KB941644SP2QFEtcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:windows$hf_mig$KB951748SP3QFEtcpip.sys
[7] 2008-04-13 21:50 361344 93EA8D04EC73A85DB02EB8805988F733 c:windowsServicePackFilesi386tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:windowssystem32dllcachetcpip.sys
[-] 2009-05-14 14:59 361600 167DB2344226BD05C8748633AF7AB241 c:windowssystem32driverstcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«avast!»=»c:progra~1ALWILS~1Avast4ashDisp.exe» [2009-08-17 81000]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2008-10-01 209376]
«jsafesurf»=»c:program filesSafeSurfsafesurf.exe» [2009-08-22 165888]
«MSConfig»=»c:windowspchealthhelpctrBinariesMSCONFIG.EXE» [2008-04-14 169984]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-14 15360]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
«UIHost»=»c:windowssystem32logonuiX.exe»

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyWBSrv]
2008-09-17 05:05 210168 —-a-w- c:program filesStardockObject DesktopWindowBlindsWbSrv.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
«AppInit_DLLs»=c:windowssystem32wbsys.dll

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk]
path=c:documents and settingsAll UsersStart MenuProgramsStartupSnagIt 8.lnk
backup=c:windowspssSnagIt 8.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^Artem0305^Start Menu^Programs^Startup^Create virtual drive for Denwer.lnk]

[HKLM~startupfolderC:^Documents and Settings^Artem0305^Start Menu^Programs^Startup^NOD32 Control Center.lnk]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
«AntiVirusOverride»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\uTorrent\uTorrent.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\WINDOWS\system32\PnkBstrA.exe»=
«c:\WINDOWS\system32\PnkBstrB.exe»=
«c:\WINDOWS\system32\dxdiag.exe»=
«c:\Program Files\RevConnect\DCPlusPlus.exe»=
«e:\Aplications\ICQ\ICQ6.5\ICQ.exe»=
«c:\Program Files\WebMoney\WebMoney.exe»=
«c:\Program Files\Bonjour\mDNSResponder.exe»=
«c:\Program Files\Mozilla Firefox\firefox.exe»=
«c:\Program Files\iTunes\iTunes.exe»=
«c:\Program Files\ITTerritory\Dragons\DWarC2.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\Documents and Settings\Artem0305\My Documents\Загрузки\VipIpClnt.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«3389:TCP»= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [20.03.2009 15:59 114768]
R1 BIOS;BIOS;c:windowssystem32driversBIOS.sys [15.05.2008 1:15 13696]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [20.03.2009 15:59 20560]
R3 FStarForce;FStarForce;c:windowssystem32driversFStarForce.sys [19.01.2009 21:01 7680]
R3 MouseCap;MouseCapture Driver;c:windowssystem32driversMouseCap.sys [08.08.2005 14:44 6640]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:windowssystem32driversAmps2prt.sys [09.05.2006 19:27 13824]
S3 npggsvc;nProtect GameGuard Service;c:windowssystem32GameMon.des -service —> c:windowssystem32GameMon.des -service [?]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the ‘Scheduled Tasks’ folder

2009-08-24 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 10:34]

2009-08-26 c:windowsTasksUser_Feed_Synchronization-{0C7B3E41-E059-406A-9DBF-C2DD79B2C774}.job
— c:windowssystem32msfeedssync.exe [2007-08-13 01:31]
.
.

Supplementary Scan

.
uStart Page = hxxp://www.google.ru/
uInternet Settings,ProxyServer = socks=127.0.0.1:7070
uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
IE: E&xport to Microsoft Office Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать при помощи Download Master
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74}
LSP: c:windowssystem32DRWEBSP.DLL
FF — ProfilePath — c:documents and settingsArtem0305Application DataMozillaFirefoxProfilesiqjskpvv.default
FF — prefs.js: browser.startup.homepage — hxxp://www.google.ru/

—- FIREFOX POLICIES —-
c:program filesMozilla Firefoxgreprefsall.js — pref(«media.enforce_same_site_origin», false);
c:program filesMozilla Firefoxgreprefsall.js — pref(«media.cache_size», 51200);
c:program filesMozilla Firefoxgreprefsall.js — pref(«media.ogg.enabled», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«media.wave.enabled», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«media.autoplay.enabled», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«browser.urlbar.autocomplete.enabled», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«capability.policy.mailnews.*.wholeText», «noAccess»);
c:program filesMozilla Firefoxgreprefsall.js — pref(«dom.storage.default_quota», 5120);
c:program filesMozilla Firefoxgreprefsall.js — pref(«content.sink.event_probe_rate», 3);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.http.prompt-temp-redirect», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«layout.css.dpi», -1);
c:program filesMozilla Firefoxgreprefsall.js — pref(«layout.css.devPixelsPerPx», -1);
c:program filesMozilla Firefoxgreprefsall.js — pref(«gestures.enable_single_finger_input», true);
c:program filesMozilla Firefoxgreprefsall.js — pref(«dom.max_chrome_script_run_time», 0);
c:program filesMozilla Firefoxgreprefsall.js — pref(«network.tcp.sendbuffer», 131072);
c:program filesMozilla Firefoxgreprefsall.js — pref(«geo.enabled», true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js — pref(«security.remember_cert_checkbox_default_setting», true);
c:program filesMozilla Firefoxdefaultspreffirefox-branding.js — pref(«browser.search.param.yahoo-fr», «moz35»);
c:program filesMozilla Firefoxdefaultspreffirefox-branding.js — pref(«browser.search.param.yahoo-fr-cjkt», «moz35»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«extensions.blocklist.level», 2);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.urlbar.restrict.typed», «~»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.urlbar.default.behavior», 0);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.clearOnShutdown.history», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.clearOnShutdown.formdata», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.clearOnShutdown.passwords», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.clearOnShutdown.downloads», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.clearOnShutdown.cookies», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.clearOnShutdown.cache», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.clearOnShutdown.sessions», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.clearOnShutdown.offlineApps», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.clearOnShutdown.siteSettings», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.cpd.history», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.cpd.formdata», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.cpd.passwords», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.cpd.downloads», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.cpd.cookies», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.cpd.cache», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.cpd.sessions», true);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.cpd.offlineApps», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.cpd.siteSettings», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«privacy.sanitize.migrateFx3Prefs», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.ssl_override_behavior», 2);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«security.alternate_certificate_error_page», «certerror»);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.privatebrowsing.autostart», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«browser.privatebrowsing.dont_prompt_on_enter», false);
c:program filesMozilla Firefoxdefaultspreffirefox.js — pref(«geo.wifi.uri», «https://www.google.com/loc/json»);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-26 12:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINESystemControlSet001Servicesnpggsvc]
«ImagePath»=»c:windowssystem32GameMon.des -service»
.

LOCKED REGISTRY KEYS

[HKEY_USERSS-1-5-21-343818398-1844823847-725345543-1003SoftwareMicrosoftSystemCertificatesAddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERSS-1-5-21-343818398-1844823847-725345543-1003SoftwareSecuROMLicense information*]
«datasecu»=hex:64,3a,af,b7,55,9e,5a,38,5b,3a,7b,01,28,6f,e7,5c,46,5b,30,07,4d,
36,87,69,a7,78,8b,41,2a,2e,c7,95,38,49,d5,5d,0f,c5,6d,dc,89,7f,ff,be,17,6d,
«rkeysecu»=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@=»FlashBroker»
«LocalizedString»=»@c:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe,-101»

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}Elevation]
«Enabled»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}LocalServer32]
@=»c:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe»

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@=»IFlashBroker3″

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}ProxyStubClsid32]
@=»{00020424-0000-0000-C000-000000000046}»

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}TypeLib]
@=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
«Version»=»1.0»
.

DLLs Loaded Under Running Processes

— — — — — — — > ‘winlogon.exe'(808)
c:program filesStardockObject DesktopWindowBlindswbsrv.dll

— — — — — — — > ‘lsass.exe'(936)
c:windowssystem32DRWEBSP.DLL

— — — — — — — > ‘explorer.exe'(996)
c:windowssystem32WININET.dll
c:windowssystem32ieframe.dll
c:program filesCommon FilesAdobeAcrobatActiveXPDFShell.dll
c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8caMSVCR80.dll
c:program filesStardockObject DesktopWindowBlindstray.dll
c:windowssystem32webcheck.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Completion time: 2009-08-26 12:56
ComboFix-quarantined-files.txt 2009-08-26 09:56
ComboFix2.txt 2009-08-25 11:18

Pre-Run: 88 100 904 960 bytes free
Post-Run: 88 089 915 392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU(2).exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional» /noexecute=optin /fastdetect

365 — E O F — 2009-08-24 15:20

Нажимаю на кнопку (на сист. блоке), появляется сначала надпись о моей видеокарте, и оперативной памяти. (Это на 2 сек.) И далее чёрный экран. Как он проходит, минуты 2-4. Продолжается загрузка компьютера. (Окно приветствия и т.д.).
Жду дальнейших действий.

Re: Re: Не включю комп аля иди гуляй

Добро пожаловать

Поиск

Важные инструкции

Как удалить вирус с телефона Андроид (Инструкция)

Рекламный вирус в Планировщике заданий

Нет доступа в интернет после удаления вируса — Как восстановить

Как сбросить настройки Firefox (Инструкция)

Как восстановить зашифрованные файлы (Инструкция)

СПАЙВАРЕ РУ

Нужна помощь?

Ссылки