ComboFix 10-11-26.07 - birdas 2010-11-27 18:16:20.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2559.2116 [GMT 1:00] Uruchomiony z: c:\combofix\ComboFix.exe Użyto następujących komend :: ComboFix AV: Emsisoft Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255} . ((((((((((((((((((((((((( Pliki utworzone od 2010-10-27 do 2010-11-27 ))))))))))))))))))))))))))))))) . 2010-11-12 19:44 . 2010-11-12 19:44 -------- d-----w- C:\totalcmd 2010-11-12 19:12 . 2010-11-12 19:12 -------- d-----r- C:\MSOCache . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ------- Sigcheck ------- [-] 2008-05-08 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-05-08 . 9F02C1CF7C3100E4AEA7DD8B6A86A01B . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-10-07 12661344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] "nwiz"="nwiz.exe" [2008-05-03 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "P17Helper"="P17.dll" [2005-05-03 64512] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 196608] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752] "a-squared"="c:\program files\EMSISOFT ANTI-MALWARE\a2guard.exe" [2010-10-05 3416968] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-11-12 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Taskman"="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "d:\\QuakeWorld.PL\\ezquake-gl.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "7390:TCP"= 7390:TCP:Services "7391:TCP"= 7391:TCP:Services "3291:TCP"= 3291:TCP:Services "5082:TCP"= 5082:TCP:Services "3832:TCP"= 3832:TCP:Services "2666:TCP"= 2666:TCP:Services R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2010-11-26 41928] R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-11-26 11776] R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2010-11-26 2806000] R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [2010-11-26 72808] R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [2010-11-12 13225] . . ------- Skan uzupełniający ------- . IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\birdas\Dane aplikacji\Mozilla\Firefox\Profiles\r408mdoy.default\ FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.4.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-27 18:19 Windows 5.1.2600 Dodatek Service Pack 3 NTFS detected NTDLL code modification: ZwOpenFile skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2010-11-27 18:21:34 ComboFix-quarantined-files.txt 2010-11-27 17:21 Przed: 98 191 732 736 bajtów wolnych Po: 98 254 999 552 bajtów wolnych - - End Of File - - 383C67420C5A78D7A76EAAAE9A43B4B0