ComboFix 08-11-20.02 - admin 2008-11-23 16:34:20.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.373 [GMT 1:00] Uruchomiony z: E:\ComboFix.exe * Resident AV is active . ((((((((((((((((((((((((( Pliki utworzone od 2008-10-23 do 2008-11-23 ))))))))))))))))))))))))))))))) . 2008-11-23 15:23 . 2008-11-23 15:23 d-------- C:\VundoFix Backups 2008-11-20 21:04 . 2008-11-20 21:04 84,992 -r-hs---- c:\windows\system32\kav321.dll 2008-11-15 13:28 . 2008-11-15 13:28 d-------- c:\documents and settings\admin\Dane aplikacji\Stellarium 2008-11-15 13:27 . 2008-11-15 13:27 d-------- d:\program files\Stellarium 2008-11-13 15:11 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-13 15:11 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-10 21:47 . 2008-11-10 21:46 108,507 -r-hs---- C:\ogcikeq.com 2008-11-10 21:46 . 2008-11-21 16:55 84,992 -r-hs---- c:\windows\system32\kav320.dll 2008-11-09 09:13 . 2008-11-09 09:12 109,000 -r-hs---- C:\60k281bl.com 2008-11-08 20:21 . 2008-10-30 18:30 104,188 -r-hs---- C:\vfjc8mxm.exe 2008-11-01 12:29 . 2008-11-01 12:29 d-------- d:\program files\LG Electronics 2008-11-01 12:29 . 2007-07-11 10:45 21,632 --a------ c:\windows\system32\drivers\lgusbmodem.sys 2008-11-01 12:29 . 2007-07-11 15:51 19,840 --a------ c:\windows\system32\drivers\lgusbdiag.sys 2008-11-01 12:29 . 2007-07-11 10:40 12,416 --a------ c:\windows\system32\drivers\lgusbbus.sys 2008-11-01 12:28 . 2008-11-01 12:28 d-------- d:\program files\LG PC Suite 2 2008-10-24 13:37 . 2008-10-15 17:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-23 13:44 --------- d-----w d:\program files\Lineage II 2008-11-16 10:19 --------- d-----w d:\program files\Debugging Tools for Windows (x86) 2008-11-14 22:33 196,608 ----a-w c:\windows\system32\drivers\nStandard.bin 2008-11-08 11:41 --------- d-----w c:\program files\Common Files\VideoMate 2008-11-01 11:29 --------- d--h--w d:\program files\InstallShield Installation Information 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-11 15:40 --------- d-----w c:\documents and settings\admin\Dane aplikacji\Desktop Sidebar 2008-10-11 11:31 --------- d-----w d:\program files\Desktop Sidebar 2008-10-10 14:22 2,815,531 ----a-w d:\program files\AMD_v1320.zip 2008-10-10 13:48 4,241,472 ----a-w d:\program files\MakeDisk.zip 2008-10-10 13:37 42,572,801 ----a-w d:\program files\C-MediaCM6501_Audio_V5128709_V51281606.zip 2008-10-10 12:20 637,771 ----a-w d:\program files\Chipset.zip 2008-10-10 12:06 --------- d-----w d:\program files\Trend Micro 2008-10-08 16:52 --------- d-----w d:\program files\Driver Cleaner 2008-10-08 16:16 --------- d-----w c:\program files\Common Files\INCA Shared 2008-10-06 16:05 --------- d-----w c:\program files\Common Files\Adobe 2008-10-04 17:28 --------- d-----w d:\program files\Windows Media Components 2008-10-04 17:28 --------- d-----w d:\program files\VideoMate 2008-10-04 17:26 --------- d-----w c:\program files\Common Files\Ulead Systems 2008-10-04 17:12 --------- d-----w d:\program files\Java 2008-10-04 17:11 --------- d-----w c:\program files\Common Files\Java 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-29 12:21 --------- d-----w d:\program files\SystemRequirementsLab 2008-09-28 18:16 --------- d-----w d:\program files\C-Media 6501 Sound 2008-09-28 18:15 53,248 ----a-w c:\windows\system32\C6501rm.dll 2008-09-28 18:15 32,768 ----a-w c:\windows\system32\c6501prop.dll 2008-09-28 18:15 274,432 ----a-w c:\windows\system32\C6501rm.exe 2008-09-28 18:15 266,240 ----a-w c:\windows\Cmi6501Uninstall.exe 2008-09-28 18:15 1,700,352 ----a-w c:\windows\system32\GdiPlus.dll 2008-09-28 18:15 1,310,720 ----a-w c:\windows\system32\drivers\c6501.sys 2008-09-28 17:59 289,792 ----a-w c:\windows\system32\idecoins.dll 2008-09-28 17:43 --------- d-----w d:\program files\ASUS 2008-09-28 17:29 24,576 ----a-w c:\windows\system32\AsIO.dll 2008-09-28 17:29 12,400 ----a-w c:\windows\system32\drivers\AsIO.sys 2008-09-27 07:18 --------- d-----w d:\program files\DAEMON Tools Toolbar 2008-09-26 17:33 --------- d-----w d:\program files\Novativa Streamster 2008-09-26 11:00 --------- d-----w d:\program files\Maxthon 2008-09-16 19:27 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-09-15 15:27 1,846,656 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll 2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((( snapshot_2008-11-21_17.51.07,48 ))))))))))))))))))))))))))))))))))))))))) . - 2000-08-31 06:00:00 89,504 ----a-w c:\windows\fdsv.exe + 2000-08-31 07:00:00 89,504 ----a-w c:\windows\fdsv.exe - 2000-08-31 06:00:00 80,412 ----a-w c:\windows\grep.exe + 2000-08-31 07:00:00 80,412 ----a-w c:\windows\grep.exe - 2000-08-31 06:00:00 98,816 ----a-w c:\windows\sed.exe + 2000-08-31 07:00:00 98,816 ----a-w c:\windows\sed.exe - 2000-08-31 06:00:00 136,704 ----a-w c:\windows\SWSC.exe + 2000-08-31 07:00:00 136,704 ----a-w c:\windows\SWSC.exe - 2000-08-31 06:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe + 2000-08-31 07:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe + 2008-11-22 19:18:45 4,274 ----a-w c:\windows\system32\drivers\klif.sys - 2000-08-31 06:00:00 49,152 ----a-w c:\windows\VFIND.exe + 2000-08-31 07:00:00 49,152 ----a-w c:\windows\VFIND.exe - 2000-08-31 06:00:00 68,096 ----a-w c:\windows\zip.exe + 2000-08-31 07:00:00 68,096 ----a-w c:\windows\zip.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Gadu-Gadu"="d:\program files\Gadu-Gadu\gg.exe" [2004-02-27 745472] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "Nokia.PCSync"="d:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928] "GDFirewallTray"="d:\program files\G DATA TotalCare\Firewall\GDFirewallTray.exe" [2008-02-07 1193648] "AVKTray"="d:\program files\G DATA TotalCare\AVKTray\AVKTray.exe" [2008-03-04 603720] "GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664] "NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016] "Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ ComproRemote.lnk - c:\program files\Common Files\VideoMate\ComproRemote.exe [2008-10-04 1978368] ComproSchedulerDTV.lnk - c:\program files\Common Files\VideoMate\ComproSchedulerDTV.exe [2008-10-04 90112] G DATA Firewall Tray.lnk - d:\program files\G DATA TotalCare\Firewall\GDFirewallTray.exe [2008-08-22 1193648] Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - d:\program files\SAGEM WiFi manager\WLANUTL.exe [2008-08-22 925696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= SF3.DLL [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\program files\\Gadu-Gadu\\gg.exe"= "d:\\program files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "d:\\program files\\Microsoft Office\\Office12\\GROOVE.EXE"= "d:\\program files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\program files\\Novativa Streamster\\Streamster.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\program files\\Lineage II\\system\\l2.exe"= R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2008-08-22 19328] R0 nvgts;nvgts;c:\windows\system32\DRIVERS\nvgts.sys [2008-08-18 145952] R2 AVKProxy;G DATA AntiVirus Proxy;"c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe" [2008-08-22 718408] R2 AVKService;G DATA Scheduler;d:\program files\G DATA TotalCare\AVK\AVKService.exe [2008-08-22 427592] R2 AVKWCtl;Strażnik AntiVirus;d:\program files\G DATA TotalCare\AVK\AVKWCtl.exe [2008-08-22 1127816] R2 GDTdiInterceptor;GDTdiInterceptor;\??\c:\windows\system32\drivers\GDTdiIcpt.sys [2008-08-22 41928] R3 asusgsb;ASUS Virtual Video Capture Device Driver;c:\windows\system32\drivers\asusgsb.sys [2008-08-21 12416] R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2008-09-28 1310720] R3 CXSONORA;VideoMate 2388x AvStream Video Capture;c:\windows\system32\drivers\VMTVE88x.sys [2008-10-04 300800] R3 GDFwSvc;G DATA Personal Firewall;d:\program files\G DATA TotalCare\Firewall\GDFwSvc.exe [2008-08-22 1496648] R3 GDMnIcpt;GDMnIcpt;\??\c:\windows\system32\drivers\MiniIcpt.sys [2008-08-22 46536] R3 HookCentre;HookCentre;\??\c:\windows\system32\drivers\HookCentre.sys [2008-08-22 32200] R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\DRIVERS\WlanBZXP.sys [2008-08-22 402432] S3 G DATA Tuner Service;G DATA Tuner Service;d:\program files\G DATA TotalCare\AVKTuner\AVKTunerService.exe [2008-08-22 792136] S3 Video3D;ASUS Video3D Service;c:\windows\system32\Drivers\Video3D32.sys [2008-08-21 10752] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS [] . . ------- Skan uzupełniający ------- . FireFox -: Profile - c:\documents and settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\s8nthxhj.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/ FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-23 16:36:12 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- PROCES: c:\windows\explorer.exe -> d:\program files\Gadu-Gadu\ggwhook.dll . Czas ukończenia: 2008-11-23 16:36:58 ComboFix-quarantined-files.txt 2008-11-23 15:36:54 ComboFix2.txt 2008-11-21 16:51:33 ComboFix3.txt 2008-10-12 14:31:49 Przed: 20 684 566 528 bajtów wolnych Po: 20,686,213,120 bajtów wolnych 182 --- E O F --- 2008-11-13 21:15:59