ComboFix 11-03-21.02 - R 2011-03-22 17:56:41.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.3038.2634 [GMT 1:00] Uruchomiony z: E:\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((( Pliki utworzone od 2011-02-22 do 2011-03-22 ))))))))))))))))))))))))))))))) . . 2011-03-20 13:41 . 2011-03-20 13:41 -------- d-----r- C:\MSOCache 2011-03-19 10:30 . 2011-03-20 12:09 -------- d-----w- C:\Tapety 2011-03-18 10:54 . 2011-03-19 09:30 -------- d-----w- C:\HP_P2055_default_install_v6.1_ww . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((( SnapShot@2011-03-21_20.53.31 ))))))))))))))))))))))))))))))))))))))))) . + 2001-10-26 16:15 . 2011-03-22 16:59 67480 c:\windows\system32\perfc015.dat - 2001-10-26 16:15 . 2011-03-21 20:51 67480 c:\windows\system32\perfc015.dat + 2001-08-17 21:30 . 2011-03-22 16:59 53098 c:\windows\system32\perfc009.dat - 2001-08-17 21:30 . 2011-03-21 20:51 53098 c:\windows\system32\perfc009.dat + 2001-10-26 16:15 . 2011-03-22 16:59 436546 c:\windows\system32\perfh015.dat - 2001-10-26 16:15 . 2011-03-21 20:51 436546 c:\windows\system32\perfh015.dat + 2001-08-17 21:30 . 2011-03-22 16:59 380684 c:\windows\system32\perfh009.dat - 2001-08-17 21:30 . 2011-03-21 20:51 380684 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="d:\programy\RocketDock-Listwa na pulpit\RocketDock.exe" [2007-09-02 495616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-18 281768] "Adobe Reader Speed Launcher"="e:\programy\AdobeRde910PL\Reader\Reader_sl.exe" [2009-12-21 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720] "AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . c:\documents and settings\R\Menu Start\Programy\Autostart\ adni18_clock.lnk - d:\programy\Zegar i Temperatura\adni18_clock.exe [2011-3-19 646656] adni18_Weather-Calendar.lnk - d:\programy\Zegar i Temperatura\adni18_Double_Weather-Calendar.exe [2011-3-18 2156544] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\Programy\\JDownloader\\JDownloader_portable\\CommonFiles\\Java\\bin\\javaw.exe"= "e:\\Programy\\GameSpy Arcade\\Aphex.exe"= "c:\\HP_P2055_default_install_v6.1_ww\\setup\\hppniprint01.exe"= "c:\\HP_P2055_default_install_v6.1_ww\\setup\\hppniprint64.exe"= "c:\\HP_P2055_default_install_v6.1_ww\\setup\\hppnicifs01.exe"= "c:\\HP_P2055_default_install_v6.1_ww\\setup\\hpbtpg.exe"= "c:\\HP_P2055_default_install_v6.1_ww\\setup\\LaunchApp.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2011-03-18 721904] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-17 135336] R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-03-17 22072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . . ------- Skan uzupełniający ------- . IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: {C36CC828-BF07-431F-BD79-8D3C39787E00} = 156.17.89.1,156.17.87.193 FF - ProfilePath - c:\documents and settings\R\Dane aplikacji\Mozilla\Firefox\Profiles\g236npbp.default\ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-22 18:00 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(808) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2011-03-22 18:02:25 ComboFix-quarantined-files.txt 2011-03-22 17:02 ComboFix2.txt 2011-03-21 20:55 . Przed: 26 780 286 976 bajtów wolnych Po: 26 792 521 728 bajtów wolnych . - - End Of File - - 5695FC1ED98132D08E1E15775DB08125