[решено] Проверьте пожалуйста логи.

Kaban-keb · Конфигурация компьютера

ComboFix.txt 2/2:

Код:


**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-24 13:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\d:\program files\CyberLink\PowerDVD9\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\.Default\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows Vista Start.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\AppGPFault\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows Vista Critical Stop.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\CCSelect\25@0*7~]
@=""

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\Close\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\CriticalBatteryAlarm\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows Vista Critical Stop.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\DeviceConnect\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows Vista Hardware Insert.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows Vista Hardware Remove.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\DeviceFail\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows Vista Critical Stop.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\InternetAlert\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows Vista Feed Discovered.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows Vista Battery Critical.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\MailBeep\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\Resources\\Themes\\SDF-Vista10\\Sounds\\New Messages.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\Maximize\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows Vista Minimize.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\MenuCommand\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\Resources\\Themes\\SDF-Vista10\\Sounds\\Menu Command.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\MenuPopup\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\Minimize\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows Vista Restore.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\Open\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\PrintComplete\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\Resources\\Themes\\SDF-Vista10\\Sounds\\Print Complete.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\RestoreDown\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\RestoreUp\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\ShowBand\25@0*7~]
@=""

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\SystemAsterisk\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=""

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\SystemExclamation\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows Vista Ringin.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\SystemExit\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows Vista Shutdown.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\SystemHand\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows Vista Critical Stop.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\SystemNotification\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows Information Bar.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\SystemQuestion\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows Vista Exclamation.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\SystemStart\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows Vista Startup.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\SystemStartMenu\25@0*7~]
@=expand:"%SystemRoot%\\Resources\\Themes\\SDF-Vista10\\Sounds\\Grab.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\WindowsLogoff\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\Resources\\Themes\\SDF-Vista10\\Sounds\\System Log Off.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\.Default\WindowsLogon\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\Resources\\Themes\\SDF-Vista10\\Sounds\\System Log In.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\Explorer\ActivatingDocument\25@0*7~]
@=""

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\Explorer\BlockedPopup\25@0*7~]
@="Windows Pop-up Blocked.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows Vista Recycle.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\Explorer\FeedDiscovered\25@0*7~]
@="Windows Feed Discovered.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\Explorer\MoveMenuItem\25@0*7~]
@=""

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\Explorer\Navigating\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@=expand:"%SystemRoot%\\media\\Windows Navigation Start.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\Explorer\SearchProviderDiscovered\25@0*7~]
@=""

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\Explorer\SecurityBand\25@0*7~]
@="Windows Information Bar.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_ContactOnline\25@0*7~]
@="d:\\Program Files\\Messenger\\online.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewAlert\25@0*7~]
@="d:\\Program Files\\Messenger\\newalert.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\25@0*7~]
@="d:\\Program Files\\Messenger\\newemail.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage\25@0*7~]
@="d:\\Program Files\\Messenger\\type.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\PictureIt\PiDeleteObject\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows Vista Recycle.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\PictureIt\PiMiscue\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows Vista Feed Discovered.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Apps\PictureIt\PiTaskButton\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Windows Vista Start.wav"

[HKEY_USERS\S-1-5-21-1801674531-73586283-682003330-500\AppEvents\Schemes\Names\25@0*7~]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="Звер"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1200)
d:\windows\system32\Ati2evxx.dll
d:\windows\system32\cscui.dll
d:\windows\system32\COMRes.dll
.
Completion time: 2010-05-24  13:27:57
ComboFix-quarantined-files.txt  2010-05-24 09:27
ComboFix2.txt  2010-05-23 18:04

Pre-Run: 10*882*023*424 байт свободно
Post-Run: 10*856*603*648 байт свободно

- - End Of File - - 675ECAB817C12E41D4D68AF32F72AF5E