ComboFix 12-08-17.03 - Właściciel 12-08-18 19:01:25.1.1 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1015.684 [GMT 2:00] Uruchomiony z: c:\documents and settings\W-aťciciel\Moje dokumenty\Pobieranie\ComboFix.exe . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Skype\SkypePM.exe c:\windows\IsUn0415.exe c:\windows\system32\Packet.dll c:\windows\system32\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((( Pliki utworzone od 2012-07-18 do 2012-08-18 ))))))))))))))))))))))))))))))) . . 2012-08-18 11:52 . 2012-08-18 16:26 -------- d-----w- C:\UsbFix 2012-08-18 06:58 . 2012-08-18 06:58 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla 2012-08-18 06:40 . 2012-08-18 06:40 -------- d-----w- C:\_OTL 2012-08-17 21:28 . 2012-08-17 21:28 -------- d-----w- c:\documents and settings\Właściciel\Dane aplikacji\Malwarebytes 2012-08-17 21:28 . 2012-08-17 21:28 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2012-08-17 21:27 . 2012-08-17 21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-17 21:27 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-18 16:50 . 2010-11-03 10:02 477240 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-07-18 20:15 . 2012-05-28 20:24 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-07-20 13:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-07-07 12382816] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "Badoo Desktop"="c:\documents and settings\All Users\Dane aplikacji\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe" [2011-10-05 1051760] "GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-07-20 12218904] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-08 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-08 114688] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-08 94208] "RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832] "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-06-03 98304] "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232] "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] 2008-03-20 10:04 2127296 ----a-w- c:\program files\Gadu-Gadu\gg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2007-05-14 22:22 35328 ----a-w- c:\program files\Winamp\winampa.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10-09-19 17:14 135664] S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10-09-19 17:14 135664] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [12-05-28 22:24 113120] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . Zawartość folderu 'Zaplanowane zadania' . 2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-19 15:13] . 2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-19 15:13] . . ------- Skan uzupełniający ------- . uStart Page = mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksport do programu Microsoft Excel - d:\office\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 194.204.159.1 195.117.171.10 FF - ProfilePath - c:\documents and settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\9zzs1u01.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ . - - - - USUNIĘTO PUSTE WPISY - - - - . HKCU-Run-Software Informer - c:\program files\Software Informer\softinfo.exe HKCU-Run-SkypePM - c:\documents and settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Skype\SkypePM.exe HKLM-RunOnce- - (no file) MSConfigStartUp-AQQ - c:\progra~1\WapSter\WAPSTE~1\AQQ.exe MSConfigStartUp-IPLA! - c:\program files\ipla\ipla.exe AddRemove-FCE Words - c:\windows\IsUn0415.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-18 19:14 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'explorer.exe'(560) c:\program files\Google\Drive\googledrivesync32.dll c:\windows\system32\browselc.dll c:\program files\Microsoft Office\OFFICE11\msohev.dll c:\windows\system32\ODBC32.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\windows\system32\shdoclc.dll . Czas ukończenia: 2012-08-18 19:19:32 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-08-18 17:19 . Przed: 5 997 674 496 bajtów wolnych Po: 5 895 036 928 bajtów wolnych . - - End Of File - - 69770033A0F128ED36D5EC3D0E6D42AD