ComboFix 11-03-21.01 - R 2011-03-21 21:48:56.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.3038.2635 [GMT 1:00] Uruchomiony z: E:\ComboFix.exe AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\R\ntuser.pol . . ((((((((((((((((((((((((( Pliki utworzone od 2011-02-21 do 2011-03-21 ))))))))))))))))))))))))))))))) . . 2011-03-20 13:41 . 2011-03-20 13:41 -------- d-----r- C:\MSOCache 2011-03-19 10:30 . 2011-03-20 12:09 -------- d-----w- C:\Tapety 2011-03-18 10:54 . 2011-03-19 09:30 -------- d-----w- C:\HP_P2055_default_install_v6.1_ww . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="d:\programy\RocketDock-Listwa na pulpit\RocketDock.exe" [2007-09-02 495616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-18 281768] "Adobe Reader Speed Launcher"="e:\programy\AdobeRde910PL\Reader\Reader_sl.exe" [2009-12-21 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720] "AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] . c:\documents and settings\R\Menu Start\Programy\Autostart\ adni18_clock.lnk - d:\programy\Zegar i Temperatura\adni18_clock.exe [2011-3-19 646656] adni18_Weather-Calendar.lnk - d:\programy\Zegar i Temperatura\adni18_Double_Weather-Calendar.exe [2011-3-18 2156544] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\Programy\\JDownloader\\JDownloader_portable\\CommonFiles\\Java\\bin\\javaw.exe"= "e:\\Programy\\GameSpy Arcade\\Aphex.exe"= "c:\\HP_P2055_default_install_v6.1_ww\\setup\\hppniprint01.exe"= "c:\\HP_P2055_default_install_v6.1_ww\\setup\\hppniprint64.exe"= "c:\\HP_P2055_default_install_v6.1_ww\\setup\\hppnicifs01.exe"= "c:\\HP_P2055_default_install_v6.1_ww\\setup\\hpbtpg.exe"= "c:\\HP_P2055_default_install_v6.1_ww\\setup\\LaunchApp.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2011-03-18 721904] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-17 135336] R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-03-17 22072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . . ------- Skan uzupełniający ------- . IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: {C36CC828-BF07-431F-BD79-8D3C39787E00} = 156.17.89.1,156.17.87.193 FF - ProfilePath - c:\documents and settings\R\Dane aplikacji\Mozilla\Firefox\Profiles\g236npbp.default\ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-21 21:53 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(812) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2011-03-21 21:55:11 ComboFix-quarantined-files.txt 2011-03-21 20:55 . Przed: 26 833 891 328 bajtów wolnych Po: 26 913 665 024 bajtów wolnych . - - End Of File - - A6D07A19D70FAED73FAEE1E128FB5FA0