TA STRONA UŻYWA COOKIE. Dowiedz się więcej o celu ich używania i zmianie ustawień cookie w przeglądarce. Korzystając ze strony wyrażasz zgodę na używanie cookie, zgodnie z aktualnymi ustawieniami przeglądarki.  [X]
Nick Data Język
Poldek 30/09/2008 21:59:09 Plain Text

Log z Combofix

  1. ComboFix 08-09-30.01 - User 2008-09-30 21:11:27.1 - NTFSx86
  2. Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1033.18.206 [GMT 1:00]
  3. Running from: C:Documents and SettingsUserDesktopComboFix.exe
  4. Command switches used :: C:Documents and SettingsUserDesktopCFScript.txt..txt
  5. * Created a new restore point
  6.  
  7. [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
  8.  
  9. FILE ::
  10. C:windowssystem32nzdd.dll
  11. .
  12.  
  13. (((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
  14. .
  15.  
  16. C:Documents and SettingsAll UsersApplication Data2ACA5CC3-0F83-453D-A079-1076FE1A8B65
  17. C:Documents and SettingsUserApplication DataWeatherDPA
  18. C:Documents and SettingsUserApplication DataWeatherDPAWeatherWeatherStartup.xml
  19. C:windowsregedit.com
  20. C:windowssystem32adssite-remove.exe
  21. C:windowssystem32driverstdssserv.sys
  22. C:windowssystem32msnav32.ax
  23. C:windowssystem32nzdd.dll
  24. C:windowssystem32tdssadw.dll
  25. C:windowssystem32TDSSerrors.log
  26. C:windowssystem32tdssinit.dll
  27. C:windowssystem32tdssl.dll
  28. C:windowssystem32tdsslog.dll
  29. C:windowssystem32tdssmain.dll
  30. C:windowssystem32tdssserf.dll
  31. C:windowssystem32TDSSserf1.dll
  32. C:windowssystem32TDSSservers.dat
  33.  
  34. .
  35. (((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
  36. .
  37.  
  38. -------Legacy_TDSSSERV
  39. -------Service_TDSSserv
  40.  
  41.  
  42. (((((((((((((((((((((((((  Files Created from 2008-08-28 to 2008-09-30  )))))))))))))))))))))))))))))))
  43. .
  44.  
  45. 2008-09-28 22:56 . 2008-09-28 22:56      <DIR>      d--------      C:Documents and SettingsNetworkServiceApplication DataWebroot
  46. 2008-09-28 22:53 . 2008-09-28 22:53      <DIR>      d--------      C:Program FilesWebroot
  47. 2008-09-28 22:53 . 2008-09-28 22:53      <DIR>      d--------      C:Documents and SettingsUserApplication DataWebroot
  48. 2008-09-28 22:53 . 2008-09-28 22:53      <DIR>      d--------      C:Documents and SettingsAll UsersApplication DataWebroot
  49. 2008-09-28 22:53 . 2008-08-09 16:04      1,538,928      --a------      C:WINDOWSWRSetup.dll
  50. 2008-09-28 22:51 . 2008-09-28 22:51      164      --a------      C:install.dat
  51. 2008-09-27 23:24 . 2008-04-13 19:45      26,112      --a------      C:WINDOWSsystem32driversusbser.sys
  52. 2008-09-27 23:24 . 2008-04-13 19:45      26,112      --a--c---      C:WINDOWSsystem32dllcacheusbser.sys
  53. 2008-09-27 23:24 . 2008-09-27 23:24      0      --ah-----      C:WINDOWSsystem32driversMsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
  54. 2008-09-27 23:24 . 2008-09-27 23:24      0      --ah-----      C:WINDOWSsystem32driversMsft_Kernel_ccdcmb_01005.Wdf
  55. 2008-09-27 23:17 . 2008-09-27 23:17      <DIR>      d--------      C:Program FilesCommon FilesPCSuite
  56. 2008-09-27 23:17 . 2008-09-27 23:17      <DIR>      d--------      C:Program FilesCommon FilesNokia
  57. 2008-09-27 23:16 . 2008-09-27 23:16      <DIR>      d--------      C:Program FilesPC Connectivity Solution
  58. 2008-09-27 23:16 . 2007-09-17 15:53      21,632      --a------      C:WINDOWSsystem32driverspccsmcfd.sys
  59. 2008-09-27 23:14 . 2008-05-07 07:39      1,419,232      --a------      C:WINDOWSsystem32wdfcoinstaller01005.dll
  60. 2008-09-27 23:14 . 2008-05-07 07:38      659,968      --a------      C:WINDOWSsystem32nmwcdcocls.dll
  61. 2008-09-27 23:14 . 2008-05-07 07:38      20,864      --a------      C:WINDOWSsystem32driversccdcmbo.sys
  62. 2008-09-27 23:14 . 2008-05-07 07:38      17,536      --a------      C:WINDOWSsystem32driversccdcmb.sys
  63. 2008-09-27 23:14 . 2008-05-07 07:38      8,064      --a------      C:WINDOWSsystem32driversusbser_lowerfltj.sys
  64. 2008-09-27 23:14 . 2008-06-06 09:24      8,064      --a------      C:WINDOWSsystem32driversusbser_lowerflt.sys
  65. 2008-09-22 12:08 . 2008-09-22 12:08      <DIR>      d--------      C:Documents and SettingsAll UsersApplication DataMusicnotes
  66. 2008-09-13 20:26 . 2008-09-15 07:55      <DIR>      d--------      C:Documents and SettingsUserApplication DataLimeWire
  67. 2008-09-07 00:38 . 2008-09-08 07:51      <DIR>      d--------      C:Documents and SettingsUserApplication DataOpenOffice.org3
  68. 2008-09-07 00:31 . 2008-09-07 00:33      <DIR>      d--------      C:Program FilesOpenOffice.org 3
  69. 2008-09-07 00:31 . 2008-09-07 00:33      <DIR>      d--------      C:Program FilesOpenOffice.org
  70. 2008-09-02 20:25 . 2008-09-02 20:25      <DIR>      d--------      C:Program Filesthunk skip 01
  71. 2008-09-02 20:25 . 2008-09-10 22:20      <DIR>      d--------      C:Documents and SettingsUserApplication Datathunk skip 01
  72. 2008-09-02 20:25 . 2008-09-02 20:25      <DIR>      d--------      C:Documents and SettingsAll UsersApplication Datadoes dog two city
  73. 2008-09-02 20:24 . 2008-09-02 20:24      <DIR>      d--------      C:Program FilesCircle Developement
  74. 2008-08-31 13:22 . 2008-08-31 13:22      <DIR>      d--------      C:Program FilesFoxit Software
  75. 2008-08-28 22:51 . 2008-08-28 23:08      <DIR>      d--------      C:Program FilesInternet Download Manager
  76. 2008-08-28 22:51 . 2008-08-28 23:16      <DIR>      d--------      C:Documents and SettingsUserApplication DataIDM
  77. 2008-08-23 23:33 . 2008-08-23 23:33      <DIR>      d--------      C:WINDOWSsystem32scripting
  78. 2008-08-23 23:33 . 2008-08-23 23:33      <DIR>      d--------      C:WINDOWSsystem32en
  79. 2008-08-23 23:33 . 2008-08-23 23:33      <DIR>      d--------      C:WINDOWSsystem32bits
  80. 2008-08-23 23:33 . 2008-08-23 23:33      <DIR>      d--------      C:WINDOWSl2schemas
  81. 2008-08-23 23:30 . 2008-08-23 23:34      <DIR>      d--------      C:WINDOWSServicePackFiles
  82. 2008-08-23 23:23 . 2008-08-23 23:23      <DIR>      d--------      C:WINDOWSEHome
  83. 2008-08-22 09:53 . 2008-04-14 01:12      1,737,856      -----c---      C:WINDOWSsystem32mtxparhd.dll
  84. 2008-08-22 09:52 . 2008-04-14 01:11      1,888,992      --a--c---      C:WINDOWSsystem32dllcacheati3duag.dll
  85. 2008-08-09 14:42 . 2008-08-09 14:42      166,512      --a------      C:WINDOWSsystem32driversssidrv.sys
  86. 2008-08-09 14:42 . 2008-08-09 14:42      29,808      --a------      C:WINDOWSsystem32driversssfs0bbc.sys
  87. 2008-08-09 14:42 . 2008-08-09 14:42      23,152      --a------      C:WINDOWSsystem32driverssshrmd.sys
  88.  
  89. .
  90. ((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
  91. .
  92. 2008-09-28 21:41      ---------      d---a-w      C:Documents and SettingsAll UsersApplication DataTEMP
  93. 2008-09-28 10:08      ---------      d-----w      C:Program FilesSpyware Terminator
  94. 2008-09-28 10:08      ---------      d-----w      C:Documents and SettingsUserApplication DataSpyware Terminator
  95. 2008-09-28 08:34      ---------      d-----w      C:Documents and SettingsAll UsersApplication DataSpyware Terminator
  96. 2008-09-27 23:10      ---------      d-----w      C:Documents and SettingsUserApplication DataDMCache
  97. 2008-09-27 22:22      ---------      d-----w      C:Documents and SettingsUserApplication DataNokia
  98. 2008-09-27 22:19      ---------      d-----w      C:Documents and SettingsAll UsersApplication DataInstallations
  99. 2008-09-27 22:17      ---------      d-----w      C:Program FilesNokia
  100. 2008-09-17 06:51      141,312      -c--a-w      C:windowssystem32driverssp_rsdrv2.sys
  101. 2008-09-13 17:18      ---------      d-----w      C:Documents and SettingsUserApplication DataSkype
  102. 2008-09-13 16:01      ---------      d-----w      C:Documents and SettingsUserApplication DataskypePM
  103. 2008-09-11 17:52      ---------      d-----w      C:Program FilesElaborate Bytes
  104. 2008-09-06 23:40      ---------      d-----w      C:Documents and SettingsUserApplication DataOpenOffice.org2
  105. 2008-09-02 19:24      ---------      d-----w      C:Program FilesMessenger Plus! Live
  106. 2008-08-08 20:32      ---------      d-----w      C:Program FilesMozilla Thunderbird
  107. 2008-07-18 21:10      94,920      -c--a-w      C:windowssystem32cdm.dll
  108. 2008-07-18 21:10      53,448      -c--a-w      C:windowssystem32wuauclt.exe
  109. 2008-07-18 21:10      45,768      -c--a-w      C:windowssystem32wups2.dll
  110. 2008-07-18 21:10      36,552      -c--a-w      C:windowssystem32wups.dll
  111. 2008-07-18 21:09      563,912      -c--a-w      C:windowssystem32wuapi.dll
  112. 2008-07-18 21:09      325,832      -c--a-w      C:windowssystem32wucltui.dll
  113. 2008-07-18 21:09      205,000      -c--a-w      C:windowssystem32wuweb.dll
  114. 2008-07-18 21:09      1,811,656      ----a-w      C:windowssystem32wuaueng.dll
  115. 2008-07-18 21:07      270,880      -c--a-w      C:windowssystem32mucltui.dll
  116. 2008-07-18 21:07      210,976      -c--a-w      C:windowssystem32muweb.dll
  117. 2008-07-09 14:34      206,256      -c--a-w      C:windowssystem32idmmbc.dll
  118. 2008-07-07 20:26      253,952      ----a-w      C:windowssystem32es.dll
  119. 2008-06-24 17:12      295,936      -c----w      C:windowssystem32wmpeffects.dll
  120. 2008-06-24 16:43      74,240      ----a-w      C:windowssystem32mscms.dll
  121. 2008-06-23 16:57      826,368      ----a-w      C:windowssystem32wininet.dll
  122. 2008-06-20 17:46      245,248      ----a-w      C:windowssystem32mswsock.dll
  123. 2008-02-09 17:35      32      -c--a-w      C:Documents and SettingsAll UsersApplication Dataezsid.dat
  124. 2006-05-12 21:52      284      -c--a-w      C:Documents and SettingsUserApplication DataViewerApp.dat
  125. 2006-03-18 10:16      32      -c--a-r      C:Documents and SettingsAll Usershash.dat
  126. 2008-02-03 11:52      168      -csh--r      C:windowssystem3253B9A3BA90.sys
  127. 2008-02-03 11:52      16,588      -csha-w      C:windowssystem32KGyGaAvL.sys
  128. .
  129.  
  130. (((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
  131. .
  132. .
  133. *Note* empty entries & legit default entries are not shown
  134. REGEDIT4
  135.  
  136. [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
  137. "ctfmon.exe"="C:windowssystem32ctfmon.exe" [2008-04-14 15360]
  138.  
  139. [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
  140. "SpywareTerminator"="C:PROGRA~1SPYWAR~1SpywareTerminatorShield.exe" [2008-09-17 1783808]
  141. "NvCplDaemon"="C:windowssystem32NvCpl.dll" [2004-08-25 4554752]
  142. "SpySweeper"="C:Program FilesWebrootSpy SweeperSpySweeperUI.exe" [2008-08-09 5418864]
  143.  
  144. [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
  145. "CTFMON.EXE"="C:WINDOWSsystem32CTFMON.EXE" [2008-04-14 15360]
  146.  
  147. [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
  148. "SynchronousMachineGroupPolicy"= 0 (0x0)
  149. "SynchronousUserGroupPolicy"= 0 (0x0)
  150.  
  151. [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
  152. "vidc.DIV3"= DIVXc32.dll
  153. "vidc.DIV4"= DIVXc32f.dll
  154. "VIDC.PIM1"= pclepim1.dll
  155. "VIDC.MJPG"= Pvmjpg21.dll
  156.  
  157. [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
  158. "AntiVirusOverride"=dword:00000001
  159.  
  160. [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
  161. "%windir%\system32\sessmgr.exe"=
  162. "C:\Program Files\Messenger\msmsgs.exe"=
  163. "C:\Program Files\Gadu-Gadu\gg.exe"=
  164. "C:\Program Files\Windows Media Player\wmplayer.exe"=
  165. "C:\Program Files\Gadu-Gadu\ggphone\ggphone.exe"=
  166. "%windir%\Network Diagnostic\xpnetdiag.exe"=
  167. "C:\WINDOWS\system32\rtcshare.exe"=
  168. "C:\Program Files\Bonjour\mDNSResponder.exe"=
  169. "C:\Program Files\iTunes\iTunes.exe"=
  170. "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
  171. "C:\Program Files\Windows Live\Messenger\livecall.exe"=
  172. "C:\Program Files\Skype\Phone\Skype.exe"=
  173.  
  174. R0 ElbyVCD;ElbyVCD;C:windowssystem32DRIVERSElbyVCD.sys [2002-11-28 22016]
  175. R0 ssfs0bbc;ssfs0bbc;C:windowssystem32DRIVERSssfs0bbc.sys [2008-08-09 29808]
  176. R1 aswSP;avast! Self Protection;C:windowssystem32driversaswSP.sys [2008-07-19 78416]
  177. R1 CINEMSUP;Software Cinemaster NT4.0 Driver;C:windowssystem32DRIVERSCINEMSUP.SYS [1999-09-20 6144]
  178. R1 Crlscsi;Crlscsi;C:windowssystem32driversCrlscsi.sys [1995-11-07 6144]
  179. R1 sp_rsdrv2;Spyware Terminator Driver 2;C:windowssystem32driverssp_rsdrv2.sys [2008-09-17 141312]
  180. R2 aswFsBlk;aswFsBlk;C:windowssystem32DRIVERSaswFsBlk.sys [2008-07-19 20560]
  181. R2 Viewpoint Manager Service;Viewpoint Manager Service;C:Program FilesViewpointCommonViewpointService.exe [2007-01-04 24652]
  182. R3 pctvvbi;PCTVVBI;C:windowssystem32DRIVERSpctvvbi.sys [2002-11-11 6400]
  183. S3 FXDRV;FXDRV;C:Program FilesWinFastSuperUtilitiesFxdrv.sys [ ]
  184.  
  185. [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1e1fd579-24f8-11dd-959d-00016c3fe4bd}]
  186. ShellAutoRuncommand - G:LaunchU3.exe -a
  187.  
  188. [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ed288a28-ab32-11dc-9295-00016c3fe4bd}]
  189. ShellAutoRuncommand - E:PortableAppsPortableAppsMenuPortableAppsMenu.exe
  190. .
  191. Contents of the 'Scheduled Tasks' folder
  192. .
  193. - - - - ORPHANS REMOVED - - - -
  194.  
  195. HKU-Default-Run-Nokia.PCSync - C:Program FilesNokiaNokia PC Suite 6PcSync2.exe
  196.  
  197.  
  198.  
  199. **************************************************************************
  200.  
  201. catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  202. Rootkit scan 2008-09-30 21:54:20
  203. Windows 5.1.2600 Service Pack 3 NTFS
  204.  
  205. scanning hidden processes ...
  206.  
  207. scanning hidden autostart entries ...
  208.  
  209. scanning hidden files ...
  210.  
  211. scan completed successfully
  212. hidden files: 0
  213.  
  214. **************************************************************************
  215. .
  216. ------------------------ Other Running Processes ------------------------
  217. .
  218. C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
  219. C:Program FilesAlwil SoftwareAvast4ashServ.exe
  220. C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
  221. C:Program FilesBonjourmDNSResponder.exe
  222. C:WINDOWSsystem32nvsvc32.exe
  223. C:WINDOWSsystem32locator.exe
  224. C:Program FilesSpyware Terminatorsp_rsser.exe
  225. C:Program FilesWebrootSpy SweeperSpySweeper.exe
  226. C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
  227. C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
  228. C:Program FilesWebrootSpy SweeperSSU.exe
  229. .
  230. **************************************************************************
  231. .
  232. Completion time: 2008-09-30 22:15:00 - machine was rebooted
  233. ComboFix-quarantined-files.txt  2008-09-30 21:14:12
  234.  
  235. Pre-Run: 18,491,772,928 bytes free
  236. Post-Run: 19,206,635,520 bytes free
  237.  
  238. 204      --- E O F ---      2008-09-10 06:50:43
  239.