ComboFix 09-02-12.03 - Maciek 2009-02-12 23:30:09.6 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.446.104 [GMT 1:00] Uruchomiony z: c:\documents and settings\Maciek\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Maciek\Pulpit\CFScript.txt…txt AV: avast! antivirus 4.8.1201 [VPS 090129-0] *On-access scanning disabled* (Outdated) * Utworzono nowy punkt przywracania FILE :: c:\windows\system32\SET12DC.tmp c:\windows\system32\SET12DD.tmp c:\windows\system32\SET12DE.tmp c:\windows\system32\SET12DF.tmp c:\windows\system32\SET12E7.tmp . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\1utbfd.bat C:\2aaxaiy.exe C:\autorun.inf C:\FOUND.017 c:\found.017\FILE0000.CHK C:\FOUND.018 c:\found.018\FILE0000.CHK c:\found.018\FILE0002.CHK c:\found.018\FILE0003.CHK C:\m0vnonh.bat C:\pook.com c:\windows\system32\nmdfgds0.dll c:\windows\system32\nmdfgds1.dll c:\windows\system32\olhrwef.exe c:\windows\system32\SET12DC.tmp c:\windows\system32\SET12DD.tmp c:\windows\system32\SET12DE.tmp c:\windows\system32\SET12DF.tmp c:\windows\system32\SET12E7.tmp D:\1utbfd.bat D:\2aaxaiy.exe D:\Autorun.inf D:\m0vnonh.bat D:\pook.com J:\8.bat J:\autorun.inf J:\uvsqfgwd.cmd . ((((((((((((((((((((((((( Pliki utworzone od 2009-01-12 do 2009-02-12 ))))))))))))))))))))))))))))))) . 2009-02-12 21:50 . 2009-02-12 21:49 108,565 -r-hs---- C:\ur0.com 2009-02-11 17:30 . 1998-09-02 09:02 194,320 --a------ c:\windows\system32\qcut.dll 2009-02-11 17:30 . 1998-08-27 05:51 182,032 --a------ c:\windows\system32\dxtmsft3.dll 2009-02-11 17:30 . 1998-08-20 12:02 140,800 --a------ c:\windows\system32\tm20dec.ax 2009-02-11 17:30 . 1998-09-02 09:28 63,488 --a------ c:\windows\system32\unam4ie.exe 2009-02-11 17:30 . 1998-09-02 09:28 38,160 --a------ c:\windows\system32\LMRTREND.dll 2009-02-11 17:30 . 1998-08-17 10:21 11,776 --a------ c:\windows\system32\mciqtz.drv 2009-02-11 17:30 . 1998-08-17 10:21 10,240 --a------ c:\windows\system32\vidx16.dll 2009-02-11 17:30 . 1998-08-17 10:21 5,672 --a------ c:\windows\system32\quartz.vxd 2009-02-11 17:30 . 2009-02-11 17:30 4,608 --a------ c:\windows\system32\w95inf32.dll 2009-02-11 17:30 . 2009-02-11 17:30 2,272 --a------ c:\windows\system32\w95inf16.dll 2009-02-11 17:23 . 2009-02-11 17:43 9 --a------ c:\windows\Sierra.ini 2009-02-11 17:16 . 2009-02-11 17:16 2009-02-10 20:51 . 2009-02-11 17:13 108,067 -r-hs---- C:\opgde.exe 2009-02-03 10:28 . 2009-02-03 10:28 109,930 -r-hs---- C:\a2h2.com 2009-02-03 09:20 . 2006-06-20 09:56 225,280 --a------ c:\windows\system32\rewire.dll 2009-02-03 09:19 . 2009-02-03 09:19 2009-02-03 09:19 . 2009-02-03 09:19 2009-02-03 09:19 . 2002-07-07 23:14 1,294,336 --a------ c:\windows\system32\vorbis.acm 2009-01-30 15:04 . 2009-01-30 15:04 2009-01-29 19:12 . 2009-01-29 19:12 2009-01-29 17:48 . 2009-01-29 17:48 2009-01-29 17:48 . 2009-01-29 17:48 2009-01-29 17:48 . 2009-01-29 17:48 2009-01-29 17:43 . 2009-01-29 17:43 2009-01-29 17:34 . 2009-01-29 17:34 2009-01-29 17:32 . 2009-01-29 17:32 2009-01-29 17:32 . 2009-01-29 17:32 2009-01-21 14:46 . 2009-01-26 10:14 151 --a------ c:\windows\PhotoSnapViewer.INI 2009-01-17 22:25 . 2009-01-17 22:25 2009-01-17 22:21 . 2009-01-17 22:21 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-02 10:48 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero 2008-12-12 17:03 3,088,896 ------w c:\windows\system32\dllcache\mshtml.dll 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys 2008-12-22 07:24 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-12-22 07:24 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-12-22 07:24 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-12-22 07:24 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-12-22 07:24 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2007-10-23 19:54 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys 2007-10-23 19:54 88 --sh–r c:\windows\system32\BB780C9D54.sys . ------- Sigcheck ------- 2007-03-08 17:38 579072 a37a4637f84f8dd771274eaf8d17fa65 c:\windows\system32\user32.dll 2005-03-02 19:21 578560 6a93565be9b8422eb7538c66ac732d76 c:\windows$hf_mig$\KB890859\SP2QFE\user32.dll 2007-03-08 17:51 579584 11abdecc02efc1d2b6a6a0fa46c26594 c:\windows$hf_mig$\KB925902\SP2QFE\user32.dll 2004-08-04 20:00 578560 0c81764f50f32d376e6e4b9e9f4b01a0 c:\windows$NtUninstallKB890859$\user32.dll 2005-03-02 19:18 578560 b7eeb1a1af740306049241ddf61f21ff c:\windows$NtUninstallKB925902$\user32.dll 2007-03-08 17:38 579072 a37a4637f84f8dd771274eaf8d17fa65 c:\windows$NtServicePackUninstall$\user32.dll 2008-04-14 19:20 580096 a435c5c069afd901751ac323ad238793 c:\windows\ServicePackFiles\i386\user32.dll 2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 c:\windows\explorer.exe 2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 c:\windows$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-04 20:00 1033728 379098a96e6c165b659de7e4328010ea c:\windows$NtUninstallKB938828$\explorer.exe 2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 c:\windows$NtServicePackUninstall$\explorer.exe 2008-04-14 19:21 1035264 c791ed9eac5e76d9525e157b1d7a599a c:\windows\ServicePackFiles\i386\explorer.exe 2005-06-11 00:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\system32\spoolsv.exe 2005-06-11 01:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2004-08-04 20:00 57856 bebe8a85954ff460374fd5a0cd21e19b c:\windows$NtUninstallKB896423$\spoolsv.exe 2005-06-11 00:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows$NtServicePackUninstall$\spoolsv.exe 2008-04-14 19:21 57856 dd69ec597ab942c39b950d9c3ce1375d c:\windows\ServicePackFiles\i386\spoolsv.exe . ((((((((((((((((((((((((((((( snapshot@2009-01-29_18.24.07,64 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE + 2008-05-16 00:24:44 1,152,888 ----a-w c:\windows\system32\aswBoot.exe + 2008-05-16 00:12:36 95,608 ----a-w c:\windows\system32\AvastSS.scr + 2008-04-14 18:20:34 33,792 ----a-w c:\windows\system32\dllcache\lmmib2.dll + 2008-04-14 18:20:44 84,992 ----a-w c:\windows\system32\dllcache\olepro32.dll + 2008-05-16 00:13:26 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys + 2008-05-16 00:16:06 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys + 2008-01-17 17:34:02 93,264 ----a-w c:\windows\system32\drivers\aswmon.sys + 2008-05-16 00:18:34 94,416 ----a-w c:\windows\system32\drivers\aswmon2.sys + 2008-05-16 00:15:30 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys + 2008-05-16 00:20:32 78,416 ----a-w c:\windows\system32\drivers\aswSP.sys + 2008-05-16 00:14:12 42,912 ----a-w c:\windows\system32\drivers\aswTdi.sys + 2008-04-14 18:20:34 33,792 ----a-w c:\windows\system32\lmmib2.dll - 2009-01-29 17:07:22 59,602 ----a-w c:\windows\system32\perfc009.dat + 2009-02-12 21:22:56 59,602 ----a-w c:\windows\system32\perfc009.dat - 2009-01-29 17:07:22 75,394 ----a-w c:\windows\system32\perfc015.dat + 2009-02-12 21:22:56 75,394 ----a-w c:\windows\system32\perfc015.dat - 2009-01-29 17:07:22 393,972 ----a-w c:\windows\system32\perfh009.dat + 2009-02-12 21:22:56 393,972 ----a-w c:\windows\system32\perfh009.dat - 2009-01-29 17:07:22 450,082 ----a-w c:\windows\system32\perfh015.dat + 2009-02-12 21:22:56 450,082 ----a-w c:\windows\system32\perfh015.dat + 2009-02-12 22:33:50 16,384 ----a-w c:\windows\TEMP\Perflib_Perfdata_658.dat + 2009-02-12 22:35:00 16,384 ----a-w c:\windows\TEMP\Perflib_Perfdata_8e0.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2004-08-04 15360] “AdobeUpdater”=“c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe” [2007-10-26 2321600] “LightScribe Control Panel”=“c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe” [2007-08-23 455968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AzMixerSel”=“c:\program files\Realtek\InstallShield\AzMixerSel.exe” [2005-08-24 53248] “IMJPMIG8.1”=“c:\windows\IME\imjp8_1\IMJPMIG.EXE” [2004-08-04 208952] “MSPY2002”=“c:\windows\system32\IME\PINTLGNT\ImScInst.exe” [2004-08-04 59392] “PHIME2002ASync”=“c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE” [2004-08-04 455168] “PHIME2002A”=“c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE” [2004-08-04 455168] “Acer ePresentation HPD”=“c:\acer\Empowering Technology\ePresentation\ePresentation.exe” [2006-03-31 204800] “ePower_DMC”=“c:\acer\Empowering Technology\ePower\ePower_DMC.exe” [2006-04-04 421888] “Boot”=“c:\acer\Empowering Technology\ePower\Boot.exe” [2006-03-15 579584] “eRecoveryService”=“c:\acer\Empowering Technology\eRecovery\eRAgent.exe” [2006-04-28 401408] “ImageItEncrypt”=“c:\windows\system32\ImageItEncrypt.exe” [2005-12-30 40960] “TkBellExe”=“c:\program files\Common Files\Real\Update_OB\realsched.exe” [2007-01-04 185896] “NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 153136] “SunJavaUpdateSched”=“c:\program files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 132496] “avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-16 79224] “AGRSMMSG”=“AGRSMMSG.exe” [2005-12-12 c:\windows\AGRSMMSG.exe] “RTHDCPL”=“RTHDCPL.EXE” [2006-02-10 c:\windows\RTHDCPL.exe] “MacrokeyManager”=“WTMKM.exe” [2007-09-03 c:\windows\system32\WTMKM.exe] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2004-08-04 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-13 113664] c:\documents and settings\All Users\Menu Start\Programy\Autostart\AutorunsDisabled Adobe Reader Speed Launch.lnk - d:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - d:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] Last.fm Helper.lnk - d:\program files\Last.fm\LastFMHelper.exe [2007-07-29 106496] [HKEY_LOCAL_MACHINE\software\microsoft\security center] “AntiVirusDisableNotify”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “%windir%\Network Diagnostic\xpnetdiag.exe”= “d:\Program Files\Gadu-Gadu\gg.exe”= “d:\Program Files\Real\RealPlayer\RealPlay.exe”= “d:\Program Files\Last.fm\LastFM.exe”= “d:\Program Files\Vuze\Azureus.exe”= “c:\Program Files\Skype\Phone\Skype.exe”= [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] “8461:TCP”= 8461:TCP:GoD High Port “8462:TCP”= 8462:TCP:GoD Low Port R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-29 78416] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-29 20560] R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?] S1 aiptektp;Pen Pad;c:\windows\system32\drivers\aiptektp.sys [2008-03-12 23168] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2006-12-16 102712] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\xyw9tmdj.com \Shell\explore\Command - F:\xyw9tmdj.com \Shell\open\Command - F:\xyw9tmdj.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4fedb59e-f44a-11dd-8d4e-00163662fc43}] \Shell\AutoRun\command - F:\pook.com \Shell\open\Command - F:\pook.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e14f2d6a-f1d4-11dd-8d47-00163662fc43}] \Shell\AutoRun\command - F:\pook.com \Shell\open\Command - F:\pook.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ec18a1e8-c111-11dd-8ccc-00163662fc43}] \Shell\AutoRun\command - F:\a2h2.com \Shell\open\Command - F:\a2h2.com [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}] “c:\program files\Common Files\LightScribe\LSRunOnce.exe” . Zawartość folderu ‘Zaplanowane zadania’ 2009-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42] . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe . ------- Skan uzupełniający ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.aceradvantage.com/stdreg FF - ProfilePath - c:\documents and settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\x3o6cc9j.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-12 23:34:48 Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPI skanowanie ukrytych procesów … skanowanie ukrytych wpisów autostartu … skanowanie ukrytych plików … skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-3332477278-378396504-1455552419-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] “ThreadingModel”=“Apartment” @=“c:\WINDOWS\system32\OLE32.DLL” “cd042efbbd7f7af1647644e76e06692b”=hex:c8,28,51,af,b0,29,a3,98,1e,6b,c1,02,44, 0a,e8,28,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] “ThreadingModel”=“Apartment” @=“c:\WINDOWS\system32\OLE32.DLL” “bca643cdc5c2726b20d2ecedcc62c59b”=hex:71,3b,04,66,8b,46,0d,96,e0,4e,97,ee,1d, 8f,0e,1d,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] “ThreadingModel”=“Apartment” @=“c:\WINDOWS\system32\OLE32.DLL” “2c81e34222e8052573023a60d06dd016”=hex:ff,7c,85,e0,43,d4,0e,fe,d4,e9,cc,ce,25, 8c,b5,c4,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] “ThreadingModel”=“Apartment” @=“c:\WINDOWS\system32\OLE32.DLL” “2582ae41fb52324423be06337561aa48”=hex:6b,65,49,6a,7e,99,74,f7,e5,61,c1,8d,21, e8,7c,c5,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] “ThreadingModel”=“Apartment” @=“c:\WINDOWS\system32\OLE32.DLL” “caaeda5fd7a9ed7697d9686d4b818472”=hex:f5,1d,4d,73,a8,13,5c,05,e5,f5,33,d5,17, 3f,c9,cf,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] “ThreadingModel”=“Apartment” @=“c:\WINDOWS\system32\OLE32.DLL” “a4a1bcf2cc2b8bc3716b74b2b4522f5d”=hex:b0,18,ed,a7,3f,8d,37,a4,ff,ad,31,6f,e7, d6,cf,6d,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] “ThreadingModel”=“Apartment” @=“c:\WINDOWS\system32\OLE32.DLL” “4d370831d2c43cd13623e232fed27b7b”=hex:97,20,4e,9a,c7,f1,35,ee,18,c4,f5,15,87, e7,7e,b4,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] “ThreadingModel”=“Apartment” @=“c:\WINDOWS\system32\OLE32.DLL” “1d68fe701cdea33e477eb204b76f993d”=hex:01,3a,48,fc,e8,04,4a,f1,1b,23,1c,4d,33, a3,31,8d,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] “ThreadingModel”=“Apartment” @=“c:\WINDOWS\system32\OLE32.DLL” “1fac81b91d8e3c5aa4b0a51804d844a3”=hex:51,fa,6e,91,28,9e,14,cc,d5,f8,46,b2,dc, b4,66,e8,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] “ThreadingModel”=“Apartment” @=“c:\WINDOWS\system32\OLE32.DLL” “f5f62a6129303efb32fbe080bb27835b”=hex:37,a4,aa,c3,a6,15,56,0a,dc,2b,37,ea,af, 32,77,41,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] “ThreadingModel”=“Apartment” @=“c:\WINDOWS\system32\OLE32.DLL” “fd4e2e1a3940b94dceb5a6a021f2e3c6”=hex:2a,b7,cc,b5,b9,7f,41,e7,04,dd,ea,9a,19, 9e,81,a0,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] “ThreadingModel”=“Apartment” @=“c:\WINDOWS\system32\OLE32.DLL” “8a8aec57dd6508a385616fbc86791ec2”=hex:6c,43,2d,1e,aa,22,2f,9c,e2,62,8a,20,98, 08,87,9e,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\ . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > ‘winlogon.exe’(676) c:\windows\system32\Ati2evxx.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\SYSTEM32\ATI2EVXX.EXE c:\windows\SYSTEM32\ATI2EVXX.EXE c:\program files\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE c:\program files\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\atwtusb.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wbem\unsecapp.exe c:\documents and settings\Maciek\Pulpit\AntiPica-en.exe . ************************************************************************** . Czas ukończenia: 2009-02-12 23:37:21 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-02-12 22:37:16 ComboFix4.txt 2009-01-29 17:40:32 ComboFix5.txt 2009-02-12 22:29:18 ComboFix3.txt 2009-01-29 19:40:32 ComboFix2.txt 2009-01-30 06:32:46 Przed: 22 062 202 880 bajtów wolnych Po: 22,226,796,544 bajtów wolnych 325 — E O F — 2009-01-29 16:54:52