ComboFix 13-05-11.01 - IBM 2013-05-11 20:38:00.1.2 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1014.772 [GMT 2:00] Uruchomiony z: G:\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Dane aplikacji\Browse2save c:\documents and settings\All Users\Dane aplikacji\Browse2save\50f6862c3587d.dll c:\documents and settings\All Users\Dane aplikacji\Browse2save\50f6862c3587d.tlb c:\documents and settings\All Users\Dane aplikacji\Browse2save\data\Browse2save.dat c:\documents and settings\All Users\Dane aplikacji\Browse2save\settings.ini c:\documents and settings\All Users\Dane aplikacji\Browse2save\uninstall.exe c:\documents and settings\All Users\Menu Start\Programy\Browse2save c:\documents and settings\All Users\Menu Start\Programy\Browse2save\Browse2save.lnk c:\documents and settings\All Users\Menu Start\Programy\Browse2save\Uninstall.lnk c:\documents and settings\All Users\Menu Start\Programy\RelevantKnowledge c:\documents and settings\All Users\Menu Start\Programy\RelevantKnowledge\About RelevantKnowledge.lnk c:\documents and settings\All Users\Menu Start\Programy\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk c:\documents and settings\All Users\Menu Start\Programy\RelevantKnowledge\Privacy Policy and User License Agreement.lnk c:\documents and settings\All Users\Menu Start\Programy\RelevantKnowledge\Support.lnk c:\documents and settings\All Users\Menu Start\Programy\RelevantKnowledge\Uninstall Instructions.lnk c:\documents and settings\IBM\Dane aplikacji\Dealio c:\documents and settings\IBM\Dane aplikacji\Dealio\res\widgets.xml c:\documents and settings\IBM\Dane aplikacji\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml c:\documents and settings\IBM\Dane aplikacji\skype.dat c:\documents and settings\IBM\Dane aplikacji\skype.ini c:\documents and settings\IBM\Moje dokumenty\ZDL00005.TMP c:\documents and settings\IBM\Moje dokumenty\ZDL00123.TMP c:\documents and settings\IBM\Moje dokumenty\ZDL00244.TMP c:\documents and settings\IBM\Moje dokumenty\ZDL25811.TMP c:\documents and settings\IBM\Moje dokumenty\ZDL25965.TMP c:\documents and settings\IBM\Moje dokumenty\ZDL27447.TMP c:\documents and settings\IBM\Recent\Thumbs.db c:\program files\Dealio Toolbar c:\program files\Dealio Toolbar\IE\4.7\config.ini c:\program files\Dealio Toolbar\Res\amazon.gif c:\program files\Dealio Toolbar\Res\apple.gif c:\program files\Dealio Toolbar\Res\barnes.gif c:\program files\Dealio Toolbar\Res\bestbuy.gif c:\program files\Dealio Toolbar\Res\btnClose.gif c:\program files\Dealio Toolbar\Res\btnMinimize.gif c:\program files\Dealio Toolbar\Res\dealio_logo.gif c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif c:\program files\Dealio Toolbar\Res\ebay.gif c:\program files\Dealio Toolbar\Res\facebook.gif c:\program files\Dealio Toolbar\Res\googleplus.gif c:\program files\Dealio Toolbar\Res\icon_settings.gif c:\program files\Dealio Toolbar\Res\Lang\res1031.ini c:\program files\Dealio Toolbar\Res\Lang\res1033.ini c:\program files\Dealio Toolbar\Res\Lang\res1034.ini c:\program files\Dealio Toolbar\Res\Lang\res1036.ini c:\program files\Dealio Toolbar\Res\Lang\res1040.ini c:\program files\Dealio Toolbar\Res\macys.gif c:\program files\Dealio Toolbar\Res\newegg.gif c:\program files\Dealio Toolbar\Res\overstock.gif c:\program files\Dealio Toolbar\Res\radiobeta.gif c:\program files\Dealio Toolbar\Res\search-button-hover.gif c:\program files\Dealio Toolbar\Res\search-button.gif c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif c:\program files\Dealio Toolbar\Res\search-chevron.gif c:\program files\Dealio Toolbar\Res\search_amazon.gif c:\program files\Dealio Toolbar\Res\search_baidu.gif c:\program files\Dealio Toolbar\Res\search_dealio.gif c:\program files\Dealio Toolbar\Res\search_ebay.gif c:\program files\Dealio Toolbar\Res\search_yahoo.gif c:\program files\Dealio Toolbar\Res\search_yandex.gif c:\program files\Dealio Toolbar\Res\target.gif c:\program files\Dealio Toolbar\Res\twitter.gif c:\program files\Dealio Toolbar\Res\walmart.gif c:\program files\Dealio Toolbar\Res\widgets.xml c:\program files\Dealio Toolbar\WidgiHelper.exe c:\program files\DealPly c:\program files\DealPly\DealPly.crx c:\program files\DealPly\DealPlyIE.dll c:\program files\DealPly\DealPlyUpdate.exe c:\program files\DealPly\DealPlyUpdateRun.exe c:\program files\DealPly\icon.ico c:\program files\DealPly\sqlite3.dll c:\program files\DealPly\uninst.exe c:\program files\GoDSetup195PP0123.exe c:\program files\RelevantKnowledge c:\program files\RelevantKnowledge\msvcp71.dll c:\program files\RelevantKnowledge\msvcr71.dll c:\program files\RelevantKnowledge\ncncf.dat c:\program files\RelevantKnowledge\nscf.dat c:\program files\RelevantKnowledge\rlls.dll c:\program files\RelevantKnowledge\rlls64.dll c:\program files\RelevantKnowledge\rloci.bin c:\program files\RelevantKnowledge\rlservice.exe c:\program files\RelevantKnowledge\rlvknlg.exe c:\program files\RelevantKnowledge\rlvknlg64.exe c:\program files\RelevantKnowledge\shfscp.dat c:\windows\IsUn0415.exe c:\windows\system32\_000006_.tmp.dll c:\windows\system32\SET27F3.tmp c:\windows\system32\SET27F4.tmp c:\windows\system32\SET27F5.tmp c:\windows\system32\SET425.tmp c:\windows\system32\SET426.tmp c:\windows\system32\SET427.tmp c:\windows\system32\SET428.tmp c:\windows\system32\SET42D.tmp c:\windows\system32\SET42E.tmp c:\windows\system32\SET42F.tmp c:\windows\system32\SET430.tmp c:\windows\system32\SET431.tmp c:\windows\system32\SET434.tmp c:\windows\system32\SET437.tmp c:\windows\system32\SET438.tmp c:\windows\system32\SET43A.tmp c:\windows\system32\SET43F.tmp c:\windows\system32\SET443.tmp c:\windows\system32\SET98.tmp c:\windows\system32\SET9D.tmp c:\windows\system32\SETA4.tmp c:\windows\system32\SETB1.tmp c:\windows\system32\SETC8.tmp c:\windows\system32\Thumbs.db c:\windows\system32\TPAPSLOG.LOG c:\windows\system32\TPHDLOG0.LOG c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe c:\windows\wininit.ini . . ((((((((((((((((((((((((( Pliki utworzone od 2013-04-11 do 2013-05-11 ))))))))))))))))))))))))))))))) . . 2013-05-11 16:25 . 2013-05-11 16:25 -------- d-----w- c:\windows\system32\wbem\mof 2013-05-11 16:24 . 2013-05-11 16:24 -------- d-----w- c:\documents and settings\IBM\Dane aplikacji\Search Settings 2013-05-11 16:20 . 2013-05-11 16:20 -------- d-----w- c:\windows\system32\xircom 2013-05-11 16:20 . 2013-05-11 16:20 -------- d-----w- c:\windows\system32\wbem\snmp 2013-05-09 07:32 . 2013-05-09 07:32 -------- dc----w- c:\documents and settings\All Users\Dane aplikacji\McAfee Security Scan 2013-05-09 07:32 . 2013-05-09 07:32 -------- dc----w- c:\documents and settings\All Users\Dane aplikacji\McAfee 2013-05-09 07:32 . 2013-05-09 07:32 -------- d-----w- c:\program files\McAfee Security Scan 2013-05-06 07:07 . 2011-09-09 09:50 89856 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys 2013-05-06 07:07 . 2011-09-09 09:50 73984 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys 2013-05-06 07:07 . 2011-09-09 09:50 66688 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys 2013-05-06 07:07 . 2011-09-09 09:50 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys 2013-05-06 07:07 . 2010-10-08 14:55 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys 2013-05-06 07:07 . 2010-09-26 16:09 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys 2013-05-06 07:07 . 2010-08-06 05:42 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys 2013-05-06 07:07 . 2005-05-13 14:27 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys 2013-05-06 07:07 . 2011-10-24 14:31 239488 ----a-w- c:\windows\system32\drivers\ewusbnet.sys 2013-05-06 07:07 . 2011-08-16 15:17 195200 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys 2013-05-06 07:07 . 2010-07-27 07:52 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys 2013-05-06 07:07 . 2010-03-20 10:06 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-09 07:32 . 2012-08-20 19:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-09 07:32 . 2012-08-20 19:53 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-08 08:36 . 2008-08-02 17:24 293888 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 15:56 . 2008-08-02 17:24 2151424 ------w- c:\windows\system32\ntoskrnl.exe 2013-03-07 15:56 . 2008-08-02 17:24 2030080 ------w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 01:58 . 2008-08-02 17:25 1867520 ------w- c:\windows\system32\win32k.sys 2013-02-27 07:58 . 2008-08-02 17:24 2067456 ------w- c:\windows\system32\mstscax.dll 2013-02-24 19:00 . 2008-08-02 17:24 832512 ----a-w- c:\windows\system32\wininet.dll 2013-02-24 19:00 . 2008-08-02 17:24 78336 ------w- c:\windows\system32\ieencode.dll 2013-02-24 19:00 . 2008-08-02 17:24 17408 ------w- c:\windows\system32\corpol.dll 2013-02-24 19:00 . 2008-08-02 17:23 1830912 ------w- c:\windows\system32\inetcpl.cpl 2013-02-12 00:32 . 2008-08-02 17:40 12928 ------w- c:\windows\system32\drivers\usb8023x.sys 2013-02-12 00:32 . 2008-08-02 17:25 12928 ------w- c:\windows\system32\drivers\usb8023.sys . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Mobile Partner"="c:\program files\PLAY Web partner\PLAY Web partner" [X] "Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2009-12-21 11850344] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 204288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 110592] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 512000] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-05 200704] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-05 208896] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416] "TpShocks"="TpShocks.exe" [2007-09-28 181544] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 162328] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368] "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696] "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 2630968] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "MCI USB Icon"="c:\windows\system32\USBIcon.exe" [2004-09-17 81920] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552] "SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-09-27 894304] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ BTTray.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-27 561213] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-2 50688] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-03-14 20:17 89600 ------w- c:\windows\system32\psqlpwd.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2006-12-14 02:06 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau Notification Packages REG_MULTI_SZ scecli psqlpwd . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\igfxsrvc.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20266:TCP"= 20266:TCP:BitComet 20266 TCP "20266:UDP"= 20266:UDP:BitComet 20266 UDP "12871:TCP"= 12871:TCP:BitComet 12871 TCP "12871:UDP"= 12871:UDP:BitComet 12871 UDP "4249:UDP"= 4249:UDP:Windows Media Format SDK (chrome.exe) "4248:UDP"= 4248:UDP:Windows Media Format SDK (chrome.exe) "4253:UDP"= 4253:UDP:Windows Media Format SDK (chrome.exe) "24956:TCP"= 24956:TCP:BitComet 24956 TCP "24956:UDP"= 24956:UDP:BitComet 24956 UDP . R2 EWA net DB WIS;EWA net DB WIS;c:\program files\EWA net\database\TransBase WIS\tbmux32.exe [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x] R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [x] R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [x] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe [x] S2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [x] S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [x] S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x] S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys [x] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x] S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [x] S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Zawartość folderu 'Zaplanowane zadania' . 2013-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 07:32] . 2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 11:48] . 2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 11:48] . 2013-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3473095315-67837119-714969770-1005Core.job - c:\documents and settings\IBM\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-07-04 12:32] . 2013-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3473095315-67837119-714969770-1005UA.job - c:\documents and settings\IBM\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-07-04 12:32] . 2013-05-11 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-08-02 16:18] . 2008-08-02 c:\windows\Tasks\Przypomnienie o rejestracji 1.job - c:\windows\system32\OOBE\oobebaln.exe [2008-08-02 20:51] . 2013-05-11 c:\windows\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54] . 2013-05-11 c:\windows\Tasks\{09E197E4-EB85-4586-AF7A-CA0DDCE16F65}.job - c:\documents and settings\All Users\Dane aplikacji\CloudSoft\OptimizerPro\OptimizerPro.exe [2013-01-16 19:53] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.babylon.com/?babsrc=HP_Prot mStart Page = hxxp://websearch.just-browse.info/ uSearchURL,(Default) = hxxp://g.msn.com.pl/0SEPLPL/SAOS01?FORM=TOOLBR IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Wyślij do urządzenia &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 . - - - - USUNIĘTO PUSTE WPISY - - - - . BHO-{15C463D6-B0BC-0817-A5B3-FB7294C2522D} - c:\documents and settings\All Users\Dane aplikacji\Browse2save\50f6862c3587d.dll HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe HKCU-Run-Komunikator - c:\program files\Tlen.pl\tlen.exe Notify-ACNotify - ACNotify.dll SafeBoot-Wdf01000.sys SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-BitComet - c:\program files\BitComet\uninst.exe AddRemove-DealPly - c:\program files\DealPly\uninst.exe AddRemove-EWA net - c:\program files\EWA net\install\manager\setup.exe AddRemove-Kyodai Mahjongg 18.42 (Full package)_is1 - c:\program files\Kyodai\unins000.exe AddRemove-NAPIPROJEKT_is1 - c:\program files\NAPI-PROJEKT\unins000.exe AddRemove-{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} - c:\documents and settings\All Users\Dane aplikacji\Browse2save\uninstall.exe AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-05-11 20:54 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\konfig] "ImagePath"="c:\opt\MBCASE\pm\bin\mcp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\license] "ImagePath"="c:\opt\MBCASE\pm\bin\mcp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mcp] "ImagePath"="c:\opt\MBCASE\pm\bin\mcp" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(1732) c:\windows\system32\vrlogon.dll c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infra.dll c:\program files\ThinkVantage Fingerprint Software\homepass.dll c:\program files\ThinkVantage Fingerprint Software\bio.dll c:\program files\ThinkVantage Fingerprint Software\ps2css.dll c:\program files\ThinkVantage Fingerprint Software\remote.dll c:\program files\Lenovo\HOTKEY\tphklock.dll c:\program files\ThinkVantage Fingerprint Software\pscssint.dll c:\program files\ThinkVantage Fingerprint Software\basegui.dll c:\program files\ThinkVantage Fingerprint Software\crypto.dll c:\program files\ThinkVantage Fingerprint Software\biokmd.dll c:\program files\ThinkVantage Fingerprint Software\tpmkey.dll c:\program files\ThinkVantage Fingerprint Software\ibmcore.dll . - - - - - - - > 'lsass.exe'(1788) c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infra.dll . - - - - - - - > 'explorer.exe'(2284) c:\windows\system32\WININET.dll c:\windows\system32\btmmhook.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\rundll32.exe c:\windows\system32\TpShocks.exe c:\windows\system32\igfxsrvc.exe c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE c:\windows\system32\IPSSVC.EXE c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Google\Update\1.3.21.145\GoogleCrashHandler.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\windows\System32\TPHDEXLG.exe c:\program files\Lenovo\Client Security Solution\tvttcsd.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe c:\program files\Common Files\Lenovo\Logger\logmon.exe c:\program files\lenovo\system update\suservice.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe . ************************************************************************** . Czas ukończenia: 2013-05-11 21:02:29 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2013-05-11 19:02 . Przed: 37 366 005 760 bajtów wolnych Po: 46 786 207 744 bajtów wolnych . - - End Of File - - 57CE93DDA465ABD0D54C300F4253CC2A