Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:21, on 2009-05-11
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wincustomize.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAFED5DA-FA87-4CC0-9BAA-748D642FDB8C}: NameServer = 192.168.1.197,192.168.1.198
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

--
End of file - 5158 bytes

ComboFix 09-05-11.01 - zimi2k 2009-05-11 20:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.527 [GMT 2:00]
Uruchomiony z: e:\media\Instal\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090510-0] *On-access scanning disabled* (Updated)
FW: Sunbelt Kerio Personal Firewall *enabled*

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msscp.dll
.
---- Poprzednie uruchomienie -------
.
c:\windows\qxqkjf.huk
c:\windows\system32\msscp.dll

.
((((((((((((((((((((((((( Pliki utworzone od 2009-04-11 do 2009-05-11 )))))))))))))))))))))))))))))))
.

2009-05-11 17:35 . 2009-01-18 21:35 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-11 17:20 . 2009-05-11 17:20 -------- d-----w c:\program files\Trend Micro
2009-05-11 17:19 . 2009-05-11 17:19 -------- d-----w c:\documents and settings\LocalService\Pulpit
2009-05-11 17:15 . 2009-01-18 21:30 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-11 17:15 . 2009-05-11 17:15 -------- dc----w c:\windows\system32\DRVSTORE
2009-05-11 17:05 . 2009-05-11 17:05 -------- dc-h--w c:\documents and settings\All Users\Dane aplikacji\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-11 17:05 . 2009-05-11 17:05 -------- d-----w c:\program files\Lavasoft
2009-05-11 17:05 . 2009-05-11 17:16 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Lavasoft
2009-04-27 16:17 . 2009-04-27 16:17 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\FLEXnet
2009-04-27 16:10 . 2009-04-27 16:10 -------- d-----w c:\program files\Bonjour
2009-04-27 15:55 . 2009-04-27 15:55 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-27 15:47 . 2009-04-27 16:12 -------- d-----w c:\program files\Common Files\Adobe
2009-04-26 20:02 . 2009-04-26 20:02 -------- d-----w c:\documents and settings\zimi2k\Dane aplikacji\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-09 18:52 . 2009-03-24 18:56 -------- d-----w c:\program files\NAPI-PROJEKT
2009-04-27 16:19 . 2009-03-24 17:11 22144 ----a-w c:\documents and settings\zimi2k\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-04-14 07:57 . 2009-03-24 18:57 -------- d-----w c:\program files\Picasa2
2009-04-10 11:18 . 2009-03-24 18:41 -------- d-----w c:\program files\MoorHunt
2009-03-29 16:10 . 2009-03-29 15:48 -------- d-----w c:\program files\Avi2Dvd
2009-03-29 15:48 . 2009-03-29 15:48 -------- d-----w c:\program files\AviSynth 2.5
2009-03-29 08:18 . 2001-10-26 16:15 448004 ----a-w c:\windows\system32\perfh015.dat
2009-03-29 08:18 . 2001-10-26 16:15 74230 ----a-w c:\windows\system32\perfc015.dat
2009-03-26 17:56 . 2009-03-24 17:02 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-26 14:46 . 2009-03-26 14:49 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-26 14:44 . 2009-03-26 14:44 -------- d-----w c:\program files\Java
2009-03-26 10:26 . 2009-03-26 10:26 0 ----a-w c:\windows\ativpsrm.bin
2009-03-26 10:24 . 2009-03-24 17:12 -------- d-----w c:\program files\ATI Technologies
2009-03-24 20:31 . 2009-03-24 20:31 -------- d-----w c:\program files\Advanced Disk Catalog
2009-03-24 20:11 . 2009-03-24 20:10 -------- d-----w c:\program files\Winamp
2009-03-24 20:06 . 2009-03-24 18:01 -------- d-----w c:\program files\Tlen.pl
2009-03-24 19:30 . 2009-03-24 19:30 -------- d-----w c:\program files\Canon
2009-03-24 19:28 . 2009-03-24 19:28 -------- d-----w c:\program files\Common Files\Canon
2009-03-24 19:13 . 2009-03-24 19:13 -------- d-----w c:\program files\Nero
2009-03-24 19:13 . 2009-03-24 19:13 -------- d-----w c:\program files\Common Files\Ahead
2009-03-24 19:08 . 2009-03-24 19:08 -------- d-----w c:\program files\IrfanView
2009-03-24 19:05 . 2009-03-24 19:05 -------- d-----w c:\program files\Microsoft.NET
2009-03-24 19:03 . 2009-03-24 19:03 -------- d-----w c:\program files\Common Files\Logitech
2009-03-24 18:59 . 2009-03-24 18:59 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-24 18:59 . 2009-03-24 18:59 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-24 18:58 . 2009-03-24 18:58 -------- d-----w c:\program files\Common Files\Logishrd
2009-03-24 18:58 . 2009-03-24 18:58 -------- d-----w c:\program files\7-Zip
2009-03-24 18:58 . 2009-03-24 17:12 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-24 18:58 . 2009-03-24 18:58 -------- d-----w c:\program files\Logitech
2009-03-24 18:57 . 2009-03-24 18:57 -------- d-----w c:\program files\Google
2009-03-24 18:57 . 2009-03-24 18:57 -------- d-----w c:\program files\PhotoFiltre
2009-03-24 18:56 . 2009-03-24 18:56 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-24 18:54 . 2009-03-24 18:54 -------- d-----w c:\program files\foobar2000
2009-03-24 18:54 . 2009-03-24 18:54 -------- d-----w c:\program files\DAEMON Tools
2009-03-24 18:52 . 2009-03-24 18:52 685816 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-24 18:51 . 2009-03-24 18:51 -------- d-----w c:\program files\MarBit
2009-03-24 18:49 . 2009-03-24 18:49 -------- d-----w c:\program files\CyberLink
2009-03-24 18:45 . 2009-03-24 18:45 -------- d-----w c:\program files\Opera
2009-03-24 18:39 . 2009-03-24 18:39 -------- d-----w c:\program files\Sunbelt Software
2009-03-24 18:39 . 2009-03-24 18:39 -------- d-----w c:\program files\PhotomatixPro3
2009-03-24 18:38 . 2009-03-24 18:38 -------- d-----w c:\program files\r2 studios
2009-03-24 18:38 . 2009-03-24 18:38 -------- d-----w c:\program files\Elaborate Bytes
2009-03-24 18:33 . 2009-03-24 18:33 -------- d-----w c:\program files\Common Files\ACD Systems
2009-03-24 18:33 . 2009-03-24 18:33 -------- d-----w c:\program files\ACD Systems
2009-03-24 17:56 . 2009-03-24 17:56 998 ----a-w c:\windows\system32\syswinan.vbs
2009-03-24 17:38 . 2009-03-24 17:38 -------- d-----w c:\program files\Alwil Software
2009-03-24 17:37 . 2009-03-24 17:36 -------- d-----w c:\program files\totalcmd
2009-03-24 17:28 . 2009-03-24 17:28 -------- d-----w c:\program files\Realtek Sound Manager
2009-03-24 17:28 . 2009-03-24 17:28 -------- d-----w c:\program files\AvRack
2009-03-24 17:27 . 2009-03-24 17:27 -------- d-----w c:\program files\AMD
2009-03-24 17:21 . 2009-03-24 17:21 55253 ----a-w c:\windows\BricoPackUninst.cmd
2009-03-24 17:21 . 2009-03-24 17:21 1511 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2009-03-24 17:21 . 2008-04-14 20:50 219648 ----a-w c:\windows\system32\uxtheme.dll
2009-03-24 17:13 . 2009-03-24 17:12 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-24 17:11 . 2009-03-24 17:11 -------- d-----w c:\program files\7-9_xp32_dd_ccc_wdm_enu_52443
2009-03-24 17:03 . 2009-03-24 17:03 -------- d-----w c:\program files\microsoft frontpage
2009-03-24 17:02 . 2001-07-21 22:36 67 --sha-w c:\windows\Fonts\desktop.ini
2009-03-24 17:01 . 2009-03-24 17:01 -------- d-----w c:\program files\Usługi online
2009-03-24 16:59 . 2009-03-24 16:59 21856 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-20 18:50 . 2009-03-20 18:50 3358720 ----a-w c:\windows\system32\GPhotos.scr
2009-02-25 22:58 . 2007-08-22 02:07 3565568 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 21:42 . 2007-08-22 02:09 442368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-25 21:41 . 2007-08-22 02:07 325120 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-25 21:30 . 2007-08-22 01:21 11841536 ----a-w c:\windows\system32\atioglxx.dll
2009-02-25 21:30 . 2007-08-22 01:59 204800 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-25 21:29 . 2007-03-23 20:23 155648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-25 21:29 . 2007-08-22 01:59 26112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-25 21:29 . 2007-08-22 01:58 43520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-25 21:29 . 2007-08-22 01:58 155648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-25 21:27 . 2007-08-22 01:57 602112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-25 21:26 . 2007-08-22 01:56 53248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-25 21:16 . 2007-08-22 01:47 3817984 ----a-w c:\windows\system32\ati3duag.dll
2009-02-25 21:09 . 2007-08-22 02:07 307200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-25 20:59 . 2007-08-22 01:35 2670080 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-25 20:58 . 2007-08-22 01:35 887724 ----a-w c:\windows\system32\ativva6x.dat
2009-02-25 20:44 . 2009-02-25 20:44 49664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-25 20:40 . 2007-08-22 01:19 475136 ----a-w c:\windows\system32\atikvmag.dll
2009-02-25 20:38 . 2009-02-25 20:38 126976 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-25 20:38 . 2007-08-22 01:17 17408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-25 20:37 . 2007-08-22 01:13 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-25 20:35 . 2007-08-22 01:15 290816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-25 20:32 . 2007-08-22 01:11 626688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-25 20:30 . 2009-02-25 20:30 3227648 ----a-w c:\windows\system32\aticaldd.dll
2009-02-25 14:15 . 2009-03-24 17:12 593920 ------w c:\windows\system32\ati2sgag.exe
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Komunikator"="c:\program files\Tlen.pl\tlen.exe" [2009-01-17 5853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 171520]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-12-22 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-24 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Tlen.pl\\tlen.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-05-11 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-24 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-02-20 71088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-24 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38e30777-189b-11de-b9ae-806d6172696f}]
\Shell\AutoRun\command - H:\setup.exe
.
Zawartość folderu 'Zaplanowane zadania'

2009-05-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34]
.
.
------- Skan uzupełniający -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.wincustomize.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {CAFED5DA-FA87-4CC0-9BAA-748D642FDB8C} = 192.168.1.197,192.168.1.198
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 20:34
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1640)
c:\program files\Logitech\SetPoint\IMHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Czas ukończenia: 2009-05-11 20:38 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-05-11 18:38

Przed: 1 047 109 632 bajtów wolnych
Po: 1 036 681 216 bajtów wolnych

217