Skocz do zawartości

  2. Przeglądanie profilu: Posty: Natalkaaaa

Natalkaaaa

Rejestracja: 13 sty 2008
OFFLINE Ostatnio: 13 01 2008 19:35
-----

Moje posty

W temacie: Logi - Wyłączanie się pulpitu

13 01 2008 - 19:35

wykonalam i, to jest nowy log:
Running from: C:\Documents and Settings\Natalka\Moje dokumenty\programy\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED Dołączona grafika
.

((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-13 11:46 . 2008-01-13 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-01-13 11:45 . 2008-01-13 11:45 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-13 11:45 . 2008-01-13 11:45 <DIR> d-------- C:\Documents and Settings\Natalka\Dane aplikacji\PC Tools
2008-01-13 11:45 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-13 11:45 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-13 11:45 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-13 11:45 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-13 11:45 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-13 11:07 . 2008-01-13 11:07 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-13 11:07 . 2008-01-13 11:16 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-13 11:07 . 2008-01-13 11:16 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-13 11:07 . 2008-01-13 11:16 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-13 10:39 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 12:42 . 2008-01-05 12:42 <DIR> d-------- C:\Program Files\BearShare

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-16 17:13 41,416 ----a-w C:\Documents and Settings\Natalka\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-12-06 07:48 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-06 07:48 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-06 07:48 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-06 07:48 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-25 17:32 --------- d-----w C:\Program Files\langmaster
2007-11-25 17:32 --------- d-----w C:\Documents and Settings\Natalka\Dane aplikacji\LANGMasterEiA
2007-11-24 11:03 --------- d-----w C:\Documents and Settings\Natalka\Dane aplikacji\Symantec
2007-11-24 11:00 --------- d-----w C:\Program Files\Windows Sidebar
2007-11-24 10:58 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:29 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:29 723,968 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:26 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:44 8,488,960 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-07-02 18:56 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-29 16:41 88 --sh--r C:\WINDOWS\system32\4D70820A56.sys
2007-07-02 18:56 56 --sh--r C:\WINDOWS\system32\560A82704D.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 04:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-11-24 11:59 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}
{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 04:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 16:57 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-06-08 15:22 23336488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-20 15:05 729177]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 06:07 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 05:53 714608]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24 1065800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 16:14]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 06:07]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 20:00]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-12-17 07:02:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-07 19:46:26 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Natalka.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exef/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 18:45:28
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

W temacie: Logi - Wyłączanie się pulpitu

13 01 2008 - 13:44

Pokaż loga z combofix


Running from: C:\Documents and Settings\Natalka\Moje dokumenty\programy\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED Dołączona grafika
.

((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-13 12:52 . 2008-01-13 12:52 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-01-13 11:46 . 2008-01-13 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-01-13 11:45 . 2008-01-13 11:45 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-13 11:45 . 2008-01-13 11:45 <DIR> d-------- C:\Documents and Settings\Natalka\Dane aplikacji\PC Tools
2008-01-13 11:45 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-13 11:45 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-13 11:45 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-13 11:45 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-13 11:45 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-13 11:07 . 2008-01-13 11:07 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-13 11:07 . 2008-01-13 11:16 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-13 11:07 . 2008-01-13 11:16 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-13 11:07 . 2008-01-13 11:16 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-13 10:39 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 12:42 . 2008-01-05 12:42 <DIR> d-------- C:\Program Files\BearShare

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-16 17:13 41,416 ----a-w C:\Documents and Settings\Natalka\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-12-06 07:48 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-06 07:48 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-06 07:48 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-06 07:48 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-25 17:32 --------- d-----w C:\Program Files\langmaster
2007-11-25 17:32 --------- d-----w C:\Documents and Settings\Natalka\Dane aplikacji\LANGMasterEiA
2007-11-24 11:03 --------- d-----w C:\Documents and Settings\Natalka\Dane aplikacji\Symantec
2007-11-24 11:00 --------- d-----w C:\Program Files\Windows Sidebar
2007-11-24 10:58 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:29 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:29 723,968 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:26 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:44 8,488,960 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-07-02 18:56 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-29 16:41 88 --sh--r C:\WINDOWS\system32\4D70820A56.sys
2007-07-02 18:56 56 --sh--r C:\WINDOWS\system32\560A82704D.sys
.

((((((((((((((((((((((((((((( snapshot@2007-12-17_20.33.34,93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-24 07:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
+ 2007-03-29 08:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll
+ 2006-10-05 15:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll
+ 2005-06-03 13:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll
+ 2003-08-01 10:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
+ 2005-05-20 12:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll
+ 2007-11-12 08:46:18 26,112 ----a-w C:\WINDOWS\system32\ActiveScan\JID.dll
+ 2006-02-16 17:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll
+ 2005-10-25 17:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll
+ 2007-11-26 10:10:36 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\NanoWrapper.dll
+ 2004-05-04 14:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll
+ 2006-07-14 12:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe
+ 2006-04-10 09:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll
+ 2006-02-14 12:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll
+ 2006-02-16 17:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll
+ 2006-10-05 15:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll
+ 2007-06-04 10:31:52 57,344 ----a-w C:\WINDOWS\system32\ActiveScan\pavsddl.dll
+ 2006-06-30 13:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
+ 2004-02-04 13:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll
+ 2007-10-30 09:04:14 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\Prescan.dll
+ 2006-08-01 12:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll
+ 2007-11-21 09:00:06 376,832 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
+ 2007-10-31 12:05:06 32,768 ----a-w C:\WINDOWS\system32\ActiveScan\PSKAHKPRESCAN.dll
+ 2006-08-17 10:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll
+ 2006-09-04 10:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll
+ 2006-08-18 07:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll
+ 2007-03-26 13:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll
+ 2006-08-09 09:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll
+ 2006-07-19 09:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll
+ 2006-01-20 15:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll
+ 2006-05-17 08:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
+ 2006-08-16 09:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll
+ 2006-06-30 13:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll
+ 2006-08-17 13:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll
+ 2006-08-08 12:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll
+ 2006-08-18 07:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll
+ 2006-08-18 07:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll
+ 2007-10-18 08:30:16 105,472 ----a-w C:\WINDOWS\system32\ActiveScan\psnahk.dll
+ 2007-11-23 13:29:08 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\psndsk.dll
+ 2007-10-18 08:30:38 42,496 ----a-w C:\WINDOWS\system32\ActiveScan\psnflg.dll
+ 2007-10-30 10:19:22 98,304 ----a-w C:\WINDOWS\system32\ActiveScan\psnglknt.dll
+ 2007-08-22 07:52:00 20,272 ----a-w C:\WINDOWS\system32\ActiveScan\psnhsh.dll
+ 2007-11-12 14:49:34 11,776 ----a-w C:\WINDOWS\system32\ActiveScan\psnjidsign.dll
+ 2007-08-22 07:52:04 76,080 ----a-w C:\WINDOWS\system32\ActiveScan\psnkrnl.dll
+ 2007-08-22 07:52:06 21,296 ----a-w C:\WINDOWS\system32\ActiveScan\psnmem.dll
+ 2007-10-04 14:26:28 28,672 ----a-w C:\WINDOWS\system32\ActiveScan\PsnPen.dll
+ 2007-10-23 10:40:10 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\psntuc.dll
+ 2007-05-24 10:27:36 27,136 ----a-w C:\WINDOWS\system32\ActiveScan\PSNXprs.dll
+ 2007-04-18 16:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll
+ 2007-01-22 13:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll
+ 2007-06-08 08:44:36 8,576 ----a-w C:\WINDOWS\system32\ActiveScan\RKPavProc.sys
+ 2007-06-05 09:56:40 44,928 ----a-w C:\WINDOWS\system32\ActiveScan\sdthook.sys
+ 1997-09-18 05:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll
+ 2006-02-28 16:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
+ 2007-09-17 08:14:08 126,976 ----a-w C:\WINDOWS\system32\ActiveScan\Tucan.dll
+ 2006-08-02 11:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:56 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2007-07-12 00:22:00 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-24 21:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-07-12 00:22:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-24 21:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-07-12 01:22:38 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-24 22:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2007-12-02 23:00:06 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-07-11 13:41:54 63,350 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-13 10:48:22 63,350 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-07-11 13:41:54 80,352 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2008-01-13 10:48:22 80,352 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2007-07-11 13:41:54 402,740 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-13 10:48:22 402,740 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-07-11 13:41:54 459,756 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-01-13 10:48:22 459,756 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-01-13 10:28:48 41,184 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
- 2007-12-13 20:26:52 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 07:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2003-03-25 17:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 04:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-11-24 11:59 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}
{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 04:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"MSMSGS"="rem C:\Program Files\Messenger\msmsgs.exe" [ ]
"updateMgr"="rem c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 16:57 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-06-08 15:22 23336488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="rem C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-20 15:05 729177]
"IMJPMIG8.1"="rem C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [ ]
"MSPY2002"="rem C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [ ]
"PHIME2002ASync"="rem C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [ ]
"PHIME2002A"="rem C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [ ]
"PCMService"="rem C:\Program Files\Acer\Acer Arcade\PCMService.exe" [ ]
"igfxtray"="rem C:\WINDOWS\system32\igfxtray.exe" [ ]
"igfxhkcmd"="rem C:\WINDOWS\system32\hkcmd.exe" [ ]
"igfxpers"="rem C:\WINDOWS\system32\igfxpers.exe" [ ]
"eDataSecurity Loader"="rem C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [ ]
"ADMTray.exe"="rem C:\Acer\Empowering Technology\admtray.exe" [ ]
"ntiMUI"="rem C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [ ]
"RTHDCPL"="rem RTHDCPL.EXE" []
"SkyTel"="rem SkyTel.EXE" []
"ePower_DMC"="rem C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [ ]
"Acer ePower Management"="rem C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [ ]
"LManager"="rem C:\PROGRA~1\LAUNCH~1\LManager.exe" [ ]
"eRecoveryService"="rem C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [ ]
"LVCOMSX"="rem C:\WINDOWS\system32\LVCOMSX.EXE" [ ]
"LogitechCameraAssistant"="rem C:\Program Files\Logitech\Video\CameraAssistant.exe" [ ]
"LogitechVideo[inspector]"="rem C:\Program Files\Logitech\Video\InstallHelper.exe" [ ]
"LogitechCameraService(E)"="rem C:\WINDOWS\system32\ElkCtrl.exe" [ ]
"WinampAgent"="rem C:\Program Files\Winamp\winampa.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"Easy-PrintToolBox"="rem C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [ ]
"QuickTime Task"="rem C:\Program Files\QuickTime\qttask.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Google Desktop Search"="rem C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [ ]
"ISUSPM Startup"="rem C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [ ]
"ISUSScheduler"="rem C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 06:07 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 05:53 714608]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24 1065800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 16:14]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 06:07]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 20:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf3292fc-006e-11dc-b1e3-0016d44d40a3}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

*Newly Created Service* - COMHOST
*Newly Created Service* - IKFILESEC
*Newly Created Service* - IKSYSFLT
*Newly Created Service* - IKSYSSEC
*Newly Created Service* - MCHINJDRV
*Newly Created Service* - SDAUXSERVICE
*Newly Created Service* - SDCORESERVICE
.
Contents of the 'Scheduled Tasks' folder
"2007-12-17 07:02:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-07 19:46:26 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Natalka.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exef/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 12:55:44
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

  1. Forum Komputerowe Tweaks.pl
  2. Przeglądanie profilu: Posty: Natalkaaaa
  3. Polityka prywatności
  4. Szukaj
  5. Regulamin Forum ·