ComboFix 12-07-08.02 - Administrator 2012-07-10  10:11:07.3.2 - x86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.3071.2657 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe
AV: AVG Internet Security Business Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-06-10 do 2012-07-10  )))))))))))))))))))))))))))))))
.
.
2012-07-10 07:57 . 2008-04-14 20:50	21504	----a-w-	c:\windows\system32\hidserv.dll
2012-07-10 07:57 . 2008-04-14 19:50	14720	----a-w-	c:\windows\system32\drivers\kbdhid.sys
2012-07-10 07:56 . 2001-10-26 14:57	12160	----a-w-	c:\windows\system32\drivers\mouhid.sys
2012-07-10 07:56 . 2008-04-13 22:15	32128	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2012-07-10 07:56 . 2008-04-13 22:15	10368	----a-w-	c:\windows\system32\drivers\hidusb.sys
2012-07-09 19:20 . 2012-07-09 19:20	--------	d-----w-	c:\documents and settings\Administrator\Dane aplikacji\Malwarebytes
2012-07-09 19:20 . 2012-07-09 19:20	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2012-07-09 19:20 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-09 19:20 . 2012-07-09 19:20	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-07-09 18:47 . 2012-07-09 18:47	--------	d-----w-	c:\documents and settings\All Users\Ulubione
2012-07-09 18:21 . 2012-07-09 18:21	--------	d-----w-	C:\_OTL
2012-07-06 17:35 . 2012-07-10 08:09	--------	d-----w-	c:\windows\system32\CatRoot2
2012-07-06 17:35 . 2012-07-10 05:34	--------	d-----w-	c:\windows\system32\Lang
2012-07-06 16:44 . 2012-07-06 16:44	--------	d-----w-	c:\documents and settings\Administrator\Dane aplikacji\hellomoto
2012-06-24 22:30 . 2012-07-02 19:37	--------	d-----w-	c:\documents and settings\Administrator\Dane aplikacji\DivX
2012-06-24 22:28 . 2012-06-24 22:30	--------	d-----w-	c:\program files\DivX
2012-06-24 22:27 . 2012-06-24 22:31	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\DivX
2012-06-23 10:06 . 2012-06-23 10:20	--------	d-----w-	c:\documents and settings\Administrator\Dane aplikacji\U3
2012-06-19 08:50 . 2012-07-06 16:47	--------	d-----w-	c:\documents and settings\Administrator\Dane aplikacji\Skype
2012-06-19 08:50 . 2012-06-19 08:50	--------	d-----w-	c:\program files\Common Files\Skype
2012-06-19 08:50 . 2012-06-19 08:50	--------	d-----r-	c:\program files\Skype
2012-06-19 08:50 . 2012-06-19 08:50	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 18:56 . 2012-04-18 18:56	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56	69632	----a-w-	c:\windows\system32\QuickTime.qts
2012-06-16 07:21 . 2012-03-03 15:35	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 23:10 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
[-] 2008-05-27 . 3328DEC6A3BC1F3394F8E033FF524147 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneV"="c:\program files\Gigabyte\ET5\GUI.exe" [2004-06-14 200704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
"RTHDCPL"="RTHDCPL.EXE" [2005-07-13 14679552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-03-12 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"WSManHTTPConfig"="c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\912\WSManHTTPConfig.exe" [2012-07-06 49664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-05-27 123904]
.
c:\documents and settings\Administrator\Menu Start\Programy\Autostart\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-09-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-09-07 32592]
R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [2012-05-05 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [2012-05-05 5248]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-09-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-09-07 297168]
S2 avgfws;Zapora AVG;c:\program files\AVG\AVG10\avgfws.exe [2011-03-09 2708024]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-06-01 116648]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-03-03 2255464]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-06-07 160944]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-07-12 30432]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-07-12 30432]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-08-19 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-08-19 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-08-19 27216]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-06-01 116648]
S3 MarkFun_NT;MarkFun_NT;c:\program files\Gigabyte\ET5\MARKFUN.W32 [2012-03-03 8236]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-05 113120]
S3 X86BDA;OEM Capture;c:\windows\system32\drivers\OEMDrv.sys [2012-05-24 195712]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - HIDSERV
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-01 15:46]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-01 15:46]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1614895754-1606980848-500Core.job
- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2012-05-30 16:51]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1614895754-1606980848-500UA.job
- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2012-05-30 16:51]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.179.1.63 62.179.1.62
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\eic5xdbi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wp.pl/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-10 10:18
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\ET5\markfun.w32"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(1828)
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
Czas ukończenia: 2012-07-10  10:21:50
ComboFix-quarantined-files.txt  2012-07-10 08:21
ComboFix2.txt  2012-07-09 19:14
ComboFix3.txt  2012-07-09 18:55
.
Przed: 23 673 511 936 bajtów wolnych
Po: 23 663 747 072 bajtów wolnych
.
- - End Of File - - 4A63264CF89B8D372B30A7ACF1088723