Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Combofix - prosba o sprawdzenie loga
04 Lip 2008, 13:20
Witam, mialem maly problem z amvo - prosze o sprawdzenie loga i pomoc. Mam przenosny twardy dysk podpiety do kompa. Ruski system 
Dziekuje i pozdrawiam!
rusoholik
________________________________________
________________________________________
ComboFix 08-07-02.5 - admin 2008-07-04 11:34:16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1251.1.1049.18.783 [GMT 4:00]
Running from: C:\Documents and Settings\admin\Рабочий стол\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 )))))))))))))))))))))))))))))))
.
2008-07-04 11:29 . 2008-07-04 11:29 13 --a------ C:\WINDOWS\reset5.dt3
2008-07-04 11:29 . 2008-07-04 11:29 13 --a------ C:\WINDOWS\reset5.dt1
2008-07-03 22:56 . 2008-07-03 22:56 <DIR> d-------- C:\Documents and Settings\admin\Application Data\AdobeUM
2008-07-03 22:56 . 2008-07-03 23:05 105,380 --a------ C:\WINDOWS\ATMREG.ATM
2008-07-03 22:46 . 2008-07-03 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-03 22:44 . 2008-07-03 22:44 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-03 22:43 . 2008-07-03 22:43 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-03 22:43 . 2004-08-17 04:40 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-07-03 22:39 . 2008-07-03 23:03 <DIR> d-------- C:\PSFONTS
2008-07-03 22:39 . 2008-07-03 22:39 <DIR> d-------- C:\Program Files\Adobe Type Manager
2008-07-03 22:39 . 2000-05-24 15:20 15,360 --a------ C:\WINDOWS\system32\ATMsrvc.exe
2008-07-03 22:38 . 2008-07-03 22:38 <DIR> d-------- C:\Documents and Settings\admin\WINDOWS
2008-07-03 22:38 . 2000-05-24 15:02 299,520 --a------ C:\WINDOWS\uninst.exe
2008-07-03 22:35 . 2008-07-03 22:35 <DIR> d-------- C:\Program Files\Phase One
2008-07-03 22:35 . 2008-07-03 22:35 457,216 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-07-03 22:35 . 2008-07-03 22:35 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2008-07-03 22:35 . 2005-10-27 15:27 23,168 --a------ C:\WINDOWS\system32\drivers\p1c1394.sys
2008-07-03 22:35 . 2008-07-03 22:35 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll
2008-07-03 22:35 . 2008-07-03 01:36 5,709 --a------ C:\WINDOWS\system32\config.hsp
2008-07-03 22:35 . 2008-07-03 22:35 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-07-03 22:35 . 2008-07-03 22:36 24 --ah----- C:\WINDOWS\hpcfgjmp.zpi
2008-07-03 22:35 . 2008-07-03 22:35 19 --ah----- C:\WINDOWS\system32\ezirioMeD4
2008-07-03 22:23 . 2008-07-03 22:52 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-03 22:22 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-03 21:56 . 2008-07-03 21:56 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-03 18:10 . 2008-07-03 19:38 <DIR> d-------- C:\Documents and Settings\admin\Phone Browser
2008-07-03 18:10 . 2008-07-03 18:10 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Nokia Multimedia Player
2008-07-03 17:23 . 2008-07-03 21:53 <DIR> d-------- C:\Program Files\ESET
2008-07-03 17:21 . 2008-07-03 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-07-03 17:21 . 2008-07-03 17:21 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Nokia
2008-07-03 17:20 . 2008-07-03 17:20 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-07-03 17:20 . 2008-07-03 17:20 <DIR> d-------- C:\Program Files\DIFX
2008-07-03 17:20 . 2008-07-03 17:20 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-07-03 17:20 . 2008-07-03 17:20 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-07-03 17:20 . 2008-07-03 19:38 <DIR> d-------- C:\Documents and Settings\admin\Application Data\PC Suite
2008-07-03 17:20 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-07-03 17:20 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-07-03 17:20 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-07-03 17:19 . 2008-07-03 17:21 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-03 17:19 . 2008-07-03 17:20 <DIR> d-------- C:\Program Files\Nokia
2008-07-03 17:19 . 2008-07-03 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-07-03 17:19 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-07-03 17:19 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-07-03 17:19 . 2007-02-22 11:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-07-03 17:11 . 2008-07-03 17:11 <DIR> d-------- C:\Program Files\Sygate
2008-07-03 17:11 . 2008-07-03 17:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-03 16:56 . 2008-07-03 16:56 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-07-03 16:54 . 2008-07-03 22:35 <DIR> d-------- C:\WINDOWS\LastGood
2008-07-03 16:54 . 2008-07-03 16:54 <DIR> d-------- C:\Program Files\ati
2008-07-03 16:54 . 2008-06-02 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-07-03 10:08 . 2002-08-29 01:32 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-03 02:40 . 2008-07-03 10:09 292 --a------ C:\WINDOWS\system\cmicnfg.ini
2008-07-03 02:36 . 2008-07-03 02:36 16 --a------ C:\WINDOWS\wininit.ini
2008-07-03 02:31 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-07-03 02:29 . 2008-07-03 22:39 <DIR> dr------- C:\Program Files
2008-07-03 02:28 . 2008-07-03 22:53 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-07-03 02:28 . 2008-07-03 01:33 <DIR> d--h----- C:\Documents and Settings\Default User\Шаблоны
2008-07-03 02:28 . 2008-07-03 02:28 <DIR> d-------- C:\Documents and Settings\Default User\Рабочий стол
2008-07-03 02:28 . 2008-07-03 02:28 <DIR> d-------- C:\Documents and Settings\Default User\Мои документы
2008-07-03 02:28 . 2008-07-03 02:28 <DIR> dr------- C:\Documents and Settings\Default User\Главное меню
2008-07-03 02:28 . 2008-07-03 02:28 <DIR> d-------- C:\Documents and Settings\Default User\Избранное
2008-07-03 02:28 . 2008-07-03 02:28 <DIR> d--h----- C:\Documents and Settings\All Users\Шаблоны
2008-07-03 02:28 . 2008-07-03 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Рабочий стол
2008-07-03 02:28 . 2008-07-03 17:34 <DIR> dr------- C:\Documents and Settings\All Users\Главное меню
2008-07-03 02:28 . 2008-07-03 02:28 <DIR> d-------- C:\Documents and Settings\All Users\Избранное
2008-07-03 02:28 . 2008-07-03 01:34 <DIR> dr------- C:\Documents and Settings\All Users\Документы
2008-07-03 02:26 . 2008-07-03 02:26 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-07-03 02:26 . 2008-07-03 22:40 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-07-03 02:26 . 2008-07-03 22:39 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-07-03 02:26 . 2005-03-04 07:10 74,496 --a------ C:\WINDOWS\system32\drivers\Rtlnicxp.sys
2008-07-03 02:25 . 2008-07-03 02:25 <DIR> d-------- C:\Program Files\Intel
2008-07-03 02:24 . 2000-03-29 18:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-07-03 02:24 . 2008-07-03 02:24 3,541 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-07-03 02:03 . 2008-07-03 02:03 8,192 --a------ C:\WINDOWS\system32\resetwpa.reg
2008-07-03 02:03 . 2008-07-03 02:03 370 --a------ C:\WINDOWS\system32\reset5.dat
2008-07-03 02:02 . 2008-07-03 01:33 <DIR> d--h----- C:\Documents and Settings\Администратор\Шаблоны
2008-07-03 02:02 . 2008-07-03 01:33 <DIR> d--h----- C:\Documents and Settings\Администратор\Шаблоны
2008-07-03 02:02 . 2008-07-03 02:28 <DIR> d-------- C:\Documents and Settings\Администратор\Рабочий стол
2008-07-03 02:02 . 2008-07-03 02:28 <DIR> d-------- C:\Documents and Settings\Администратор\Рабочий стол
2008-07-03 02:02 . 2008-07-03 02:28 <DIR> d-------- C:\Documents and Settings\Администратор\Мои документы
2008-07-03 02:02 . 2008-07-03 02:28 <DIR> d-------- C:\Documents and Settings\Администратор\Мои документы
2008-07-03 02:02 . 2008-07-03 02:28 <DIR> dr------- C:\Documents and Settings\Администратор\Главное меню
2008-07-03 02:02 . 2008-07-03 02:28 <DIR> dr------- C:\Documents and Settings\Администратор\Главное меню
2008-07-03 02:02 . 2008-07-03 02:28 <DIR> d-------- C:\Documents and Settings\Администратор\Избранное
2008-07-03 02:02 . 2008-07-03 02:28 <DIR> d-------- C:\Documents and Settings\Администратор\Избранное
2008-07-03 02:02 . 2008-07-03 02:02 <DIR> d-------- C:\Documents and Settings\Администратор
2008-07-03 02:00 . 2008-07-03 02:00 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 21:45 155,995 ----a-w C:\WINDOWS\java\Packages\BF7J7HZ1.ZIP
2008-07-02 21:37 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-03 06:20 3,100,160 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-06-03 03:11 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:33 48,128 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-06-03 02:28 23,040 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-06-03 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-06-03 02:27 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-06-03 02:22 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-24 11:32 13312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"Phase One Media Reader"="C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe" [2008-01-31 14:08 229376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-24 11:32 13312]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
C:\Documents and Settings\All Users\ѓ« ў®Ґ ¬Ґо\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-03 22:23:57 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\reset5]
2002-09-10 00:30 17408 C:\WINDOWS\system32\reset5.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 02:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
R2 P1C1394;Phase One 1394 Camera Driver;C:\WINDOWS\System32\Drivers\p1c1394.sys [2005-10-27 15:27]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 11:35:08
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\reset5.dll
.
Completion time: 2008-07-04 11:36:18
ComboFix-quarantined-files.txt 2008-07-04 07:35:55
ComboFix2.txt 2008-07-03 17:37:25
6 папок 14,057,115,648 байт свободно
8 папок 14,049,615,872 байт свободно
168
Dziekuje i pozdrawiam!
rusoholik
________________________________________
________________________________________
ComboFix 08-07-02.5 - admin 2008-07-04 11:34:16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1251.1.1049.18.783 [GMT 4:00]
Running from: C:\Documents and Settings\admin\Рабочий стол\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 )))))))))))))))))))))))))))))))
.
2008-07-04 11:29 . 2008-07-04 11:29 13 --a------ C:\WINDOWS\reset5.dt3
2008-07-04 11:29 . 2008-07-04 11:29 13 --a------ C:\WINDOWS\reset5.dt1
2008-07-03 22:56 . 2008-07-03 22:56 <DIR> d-------- C:\Documents and Settings\admin\Application Data\AdobeUM
2008-07-03 22:56 . 2008-07-03 23:05 105,380 --a------ C:\WINDOWS\ATMREG.ATM
2008-07-03 22:46 . 2008-07-03 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-03 22:44 . 2008-07-03 22:44 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-03 22:43 . 2008-07-03 22:43 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-03 22:43 . 2004-08-17 04:40 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-07-03 22:39 . 2008-07-03 23:03 <DIR> d-------- C:\PSFONTS
2008-07-03 22:39 . 2008-07-03 22:39 <DIR> d-------- C:\Program Files\Adobe Type Manager
2008-07-03 22:39 . 2000-05-24 15:20 15,360 --a------ C:\WINDOWS\system32\ATMsrvc.exe
2008-07-03 22:38 . 2008-07-03 22:38 <DIR> d-------- C:\Documents and Settings\admin\WINDOWS
2008-07-03 22:38 . 2000-05-24 15:02 299,520 --a------ C:\WINDOWS\uninst.exe
2008-07-03 22:35 . 2008-07-03 22:35 <DIR> d-------- C:\Program Files\Phase One
2008-07-03 22:35 . 2008-07-03 22:35 457,216 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-07-03 22:35 . 2008-07-03 22:35 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2008-07-03 22:35 . 2005-10-27 15:27 23,168 --a------ C:\WINDOWS\system32\drivers\p1c1394.sys
2008-07-03 22:35 . 2008-07-03 22:35 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll
2008-07-03 22:35 . 2008-07-03 01:36 5,709 --a------ C:\WINDOWS\system32\config.hsp
2008-07-03 22:35 . 2008-07-03 22:35 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-07-03 22:35 . 2008-07-03 22:36 24 --ah----- C:\WINDOWS\hpcfgjmp.zpi
2008-07-03 22:35 . 2008-07-03 22:35 19 --ah----- C:\WINDOWS\system32\ezirioMeD4
2008-07-03 22:23 . 2008-07-03 22:52 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-03 22:22 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-03 21:56 . 2008-07-03 21:56 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-03 18:10 . 2008-07-03 19:38 <DIR> d-------- C:\Documents and Settings\admin\Phone Browser
2008-07-03 18:10 . 2008-07-03 18:10 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Nokia Multimedia Player
2008-07-03 17:23 . 2008-07-03 21:53 <DIR> d-------- C:\Program Files\ESET
2008-07-03 17:21 . 2008-07-03 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-07-03 17:21 . 2008-07-03 17:21 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Nokia
2008-07-03 17:20 . 2008-07-03 17:20 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-07-03 17:20 . 2008-07-03 17:20 <DIR> d-------- C:\Program Files\DIFX
2008-07-03 17:20 . 2008-07-03 17:20 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-07-03 17:20 . 2008-07-03 17:20 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-07-03 17:20 . 2008-07-03 19:38 <DIR> d-------- C:\Documents and Settings\admin\Application Data\PC Suite
2008-07-03 17:20 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-07-03 17:20 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-07-03 17:20 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-07-03 17:19 . 2008-07-03 17:21 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-03 17:19 . 2008-07-03 17:20 <DIR> d-------- C:\Program Files\Nokia
2008-07-03 17:19 . 2008-07-03 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-07-03 17:19 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-07-03 17:19 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-07-03 17:19 . 2007-02-22 11:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-07-03 17:11 . 2008-07-03 17:11 <DIR> d-------- C:\Program Files\Sygate
2008-07-03 17:11 . 2008-07-03 17:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-03 16:56 . 2008-07-03 16:56 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-07-03 16:54 . 2008-07-03 22:35 <DIR> d-------- C:\WINDOWS\LastGood
2008-07-03 16:54 . 2008-07-03 16:54 <DIR> d-------- C:\Program Files\ati
2008-07-03 16:54 . 2008-06-02 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-07-03 10:08 . 2002-08-29 01:32 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-03 02:40 . 2008-07-03 10:09 292 --a------ C:\WINDOWS\system\cmicnfg.ini
2008-07-03 02:36 . 2008-07-03 02:36 16 --a------ C:\WINDOWS\wininit.ini
2008-07-03 02:31 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-07-03 02:29 . 2008-07-03 22:39 <DIR> dr------- C:\Program Files
2008-07-03 02:28 . 2008-07-03 22:53 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-07-03 02:28 . 2008-07-03 01:33 <DIR> d--h----- C:\Documents and Settings\Default User\Шаблоны
2008-07-03 02:28 . 2008-07-03 02:28 <DIR> d-------- C:\Documents and Settings\Default User\Рабочий стол
2008-07-03 02:28 . 2008-07-03 02:28 <DIR> d-------- C:\Documents and Settings\Default User\Мои документы
2008-07-03 02:28 . 2008-07-03 02:28 <DIR> dr------- C:\Documents and Settings\Default User\Главное меню
2008-07-03 02:28 . 2008-07-03 02:28 <DIR> d-------- C:\Documents and Settings\Default User\Избранное
2008-07-03 02:28 . 2008-07-03 02:28 <DIR> d--h----- C:\Documents and Settings\All Users\Шаблоны
2008-07-03 02:28 . 2008-07-03 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Рабочий стол
2008-07-03 02:28 . 2008-07-03 17:34 <DIR> dr------- C:\Documents and Settings\All Users\Главное меню
2008-07-03 02:28 . 2008-07-03 02:28 <DIR> d-------- C:\Documents and Settings\All Users\Избранное
2008-07-03 02:28 . 2008-07-03 01:34 <DIR> dr------- C:\Documents and Settings\All Users\Документы
2008-07-03 02:26 . 2008-07-03 02:26 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-07-03 02:26 . 2008-07-03 22:40 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-07-03 02:26 . 2008-07-03 22:39 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-07-03 02:26 . 2005-03-04 07:10 74,496 --a------ C:\WINDOWS\system32\drivers\Rtlnicxp.sys
2008-07-03 02:25 . 2008-07-03 02:25 <DIR> d-------- C:\Program Files\Intel
2008-07-03 02:24 . 2000-03-29 18:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-07-03 02:24 . 2008-07-03 02:24 3,541 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-07-03 02:03 . 2008-07-03 02:03 8,192 --a------ C:\WINDOWS\system32\resetwpa.reg
2008-07-03 02:03 . 2008-07-03 02:03 370 --a------ C:\WINDOWS\system32\reset5.dat
2008-07-03 02:02 . 2008-07-03 01:33 <DIR> d--h----- C:\Documents and Settings\Администратор\Шаблоны
2008-07-03 02:02 . 2008-07-03 01:33 <DIR> d--h----- C:\Documents and Settings\Администратор\Шаблоны
2008-07-03 02:02 . 2008-07-03 02:28 <DIR> d-------- C:\Documents and Settings\Администратор\Рабочий стол
2008-07-03 02:02 . 2008-07-03 02:28 <DIR> d-------- C:\Documents and Settings\Администратор\Рабочий стол
2008-07-03 02:02 . 2008-07-03 02:28 <DIR> d-------- C:\Documents and Settings\Администратор\Мои документы
2008-07-03 02:02 . 2008-07-03 02:28 <DIR> d-------- C:\Documents and Settings\Администратор\Мои документы
2008-07-03 02:02 . 2008-07-03 02:28 <DIR> dr------- C:\Documents and Settings\Администратор\Главное меню
2008-07-03 02:02 . 2008-07-03 02:28 <DIR> dr------- C:\Documents and Settings\Администратор\Главное меню
2008-07-03 02:02 . 2008-07-03 02:28 <DIR> d-------- C:\Documents and Settings\Администратор\Избранное
2008-07-03 02:02 . 2008-07-03 02:28 <DIR> d-------- C:\Documents and Settings\Администратор\Избранное
2008-07-03 02:02 . 2008-07-03 02:02 <DIR> d-------- C:\Documents and Settings\Администратор
2008-07-03 02:00 . 2008-07-03 02:00 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 21:45 155,995 ----a-w C:\WINDOWS\java\Packages\BF7J7HZ1.ZIP
2008-07-02 21:37 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-03 06:20 3,100,160 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-06-03 03:11 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:33 48,128 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-06-03 02:28 23,040 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-06-03 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-06-03 02:27 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-06-03 02:22 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-24 11:32 13312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"Phase One Media Reader"="C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe" [2008-01-31 14:08 229376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-24 11:32 13312]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
C:\Documents and Settings\All Users\ѓ« ў®Ґ ¬Ґо\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-03 22:23:57 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\reset5]
2002-09-10 00:30 17408 C:\WINDOWS\system32\reset5.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Главное меню^Программы^Автозагрузка^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 02:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
R2 P1C1394;Phase One 1394 Camera Driver;C:\WINDOWS\System32\Drivers\p1c1394.sys [2005-10-27 15:27]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 11:35:08
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\reset5.dll
.
Completion time: 2008-07-04 11:36:18
ComboFix-quarantined-files.txt 2008-07-04 07:35:55
ComboFix2.txt 2008-07-03 17:37:25
6 папок 14,057,115,648 байт свободно
8 папок 14,049,615,872 байт свободно
168
05 Lip 2008, 07:30
Log wyglada na czysty
usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.
Przeczyść komputer Ccleanerem
Wykonaj optymalizację autostartu
Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum
lub
Dr.WEB CureIt!
usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.
Przeczyść komputer Ccleanerem
Wykonaj optymalizację autostartu
Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum
lub
Dr.WEB CureIt!