ComboFix 11-11-09.01 - Marta 13-11-2011  22:19:00.12.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2038.1640 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Marta\Pulpit\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB46700$
c:\windows\$NtUninstallKB46700$\3091821971
c:\windows\$NtUninstallKB46700$\3430974739\@
c:\windows\$NtUninstallKB46700$\3430974739\L\egjdenag
c:\windows\327516364
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-10-13 do 2011-11-13  )))))))))))))))))))))))))))))))
.
.
2011-11-13 13:33 . 2008-04-13 23:49	75264	----a-w-	c:\windows\system32\dllcache\ipsec.sys
2011-11-13 13:33 . 2011-11-13 13:33	--------	d-----w-	C:\_OTL
2011-11-13 13:30 . 2011-11-13 13:31	--------	d-----w-	C:\Tmp
2011-11-09 02:58 . 2005-11-10 23:33	73782	----a-w-	c:\windows\system32\ibmpmsvc.exe
2011-11-01 21:17 . 2011-11-01 21:17	--------	d-----w-	c:\program files\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-17 00:18 . 2008-06-08 14:01	5427	----a-w-	c:\windows\system32\EGATHDRV.SYS
2011-11-13 20:57 . 1979-12-31 22:00	44672	----a-w-	c:\windows\system32\drivers\fips.sys
2011-11-08 10:04 . 2008-06-08 13:40	40960	----a-w-	c:\windows\system32\TpKmpSvc.exe
2011-11-08 09:46 . 2008-07-26 12:13	174592	----a-w-	c:\windows\system32\LEXPPS.EXE
2011-09-26 09:41 . 2008-07-29 17:59	614400	----a-w-	c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 1979-12-31 22:00	23040	----a-w-	c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 1979-12-31 22:00	220160	----a-w-	c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 1979-12-31 22:00	602624	----a-w-	c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 1979-12-31 22:00	1859200	------w-	c:\windows\system32\win32k.sys
2011-08-17 21:25 . 1979-12-31 22:00	832512	----a-w-	c:\windows\system32\wininet.dll
2011-08-17 21:25 . 1979-12-31 22:00	1830912	------w-	c:\windows\system32\inetcpl.cpl
2011-08-17 21:25 . 1979-12-31 22:00	78336	------w-	c:\windows\system32\ieencode.dll
2011-08-17 21:25 . 1979-12-31 22:00	17408	----a-w-	c:\windows\system32\corpol.dll
2011-08-17 13:49 . 1979-12-31 22:00	138496	----a-w-	c:\windows\system32\drivers\afd.sys
2011-08-17 12:22 . 1979-12-31 22:00	389120	------w-	c:\windows\system32\html.iec
2011-10-13 10:20 . 2011-06-11 09:53	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 17:20 . 8A7426E69FFA30EE4DC76CA3E3999121 . 822272 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 17:20 . 8A7426E69FFA30EE4DC76CA3E3999121 . 822272 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-04 12:00 . 8797D059EEBD5101CC6257EE2D6B900A . 822272 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . DD69EC597AB942C39B950D9C3CE1375D . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . DD69EC597AB942C39B950D9C3CE1375D . 57856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\spoolsv.exe
[-] 2008-04-14 . DD69EC597AB942C39B950D9C3CE1375D . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2010-08-23 . 8B9ED4A686777261B9AFADD2A6D981A0 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 8B9ED4A686777261B9AFADD2A6D981A0 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . C29639BA7410BCEF8898CBCB07A59CB1 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . 0BE00656B7CAEDE754AEE4D7AD13B687 . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . 0BE00656B7CAEDE754AEE4D7AD13B687 . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[-] 2008-04-14 . 0BE00656B7CAEDE754AEE4D7AD13B687 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 737739FACEAD60683AA8D7FF7602FD14 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2006-08-25 . 19CDC3435A7C6DA3117F4E0B2C79AC5F . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . 6944354E1163DE1E6BB63F9E59B36E61 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-04 . D38C710AAC3A0D16AF7DF6770C9F6CBB . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 . 492C2DB83085130A993EE3E12D0FD0E1 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . FD317A23C3EB2A856E74279FBE04B9C2 . 149504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . FD317A23C3EB2A856E74279FBE04B9C2 . 149504 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-04 . C1FD2A565973DE555A36B335644402EB . 149504 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2010-07-16 . C10BDDDBA990C49BD195A60715DD6BEF . 1287680 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
[-] 2010-07-16 . C10BDDDBA990C49BD195A60715DD6BEF . 1287680 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
[-] 2010-07-16 . BBA690E74E139B3E0357164A1F065C24 . 1288704 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . 7A50662D3E47A0D855CE2960ED6CA523 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[-] 2008-04-14 . 7A50662D3E47A0D855CE2960ED6CA523 . 1287168 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ole32.dll
[-] 2008-04-14 . 7A50662D3E47A0D855CE2960ED6CA523 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . F139CF18D51D09325F6BFBBBC2893F19 . 1284608 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-25 . BCD128E716934F42D1818EE70652BB98 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
.
[-] 2010-04-16 . 514F80DF6DCF9BBA1D67CA16BC667787 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 514F80DF6DCF9BBA1D67CA16BC667787 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . 9B5F828F0D6A7AEA167F7D85CF693BD0 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . CD7F574A9ABDECAB9561DB0B2F7F2143 . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-14 . CD7F574A9ABDECAB9561DB0B2F7F2143 . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2004-08-04 . 8E607A6F159621A8737DF29F46EDA1EF . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . CD928E84EF8FAB1BFB5791E28F7D4E0B . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . CD928E84EF8FAB1BFB5791E28F7D4E0B . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2004-08-03 . 84400F3E86B4FFCF7442002029D63786 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[-] 2008-04-14 . 2DEE3DC6EB17D7BB774CE05695BA26D6 . 346112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 2DEE3DC6EB17D7BB774CE05695BA26D6 . 346112 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-04 . E2012CF69E88C83118472DE4945A27E5 . 346624 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2010-09-18 07:18 . 576D37910F472BB5E62EF14D4B274599 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E7A93F4C5154D34F61328D34DE02CD61 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E7A93F4C5154D34F61328D34DE02CD61 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 17:20 . E43B998C777D43FB8624741B4567BCD9 . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[-] 2008-04-14 17:20 . E43B998C777D43FB8624741B4567BCD9 . 927504 . . [4.1.0.61] . . c:\windows\ERDNT\cache\mfc40u.dll
[-] 2008-04-14 17:20 . E43B998C777D43FB8624741B4567BCD9 . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:19 . 785BA57DAEA4DAF2F3C9B359FEDA0EBF . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-04 12:00 . CFA664EFA06EEE2B02721C1384F51123 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll
.
[-] 2008-04-14 . 5B9FC235221DC3F48DA7318CB0BD4888 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . 5B9FC235221DC3F48DA7318CB0BD4888 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-04 . 5005BF45DF1D444E7639408AFAF8EED5 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2008-04-14 . A672CA3981352F8E9C30FEA056E80A62 . 176128 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . A672CA3981352F8E9C30FEA056E80A62 . 176128 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-04 . 000A0D516A2E20441E77AEA44E46B19B . 175616 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 41508EA375C97DC2B56E5F1AFC067187 . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 41508EA375C97DC2B56E5F1AFC067187 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . BA7900C70FE0E2468CBF39242F588D1B . 334336 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . CB07CD1F566A4898A4846E29B17E1A6D . 334336 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
[-] 2004-08-04 . C6718154A50FE6C55E382CDBDEDCE7A7 . 333824 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll
.
[-] 2008-04-14 . 30A2A72C04597972CF325F2A28410B63 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 30A2A72C04597972CF325F2A28410B63 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-04 . AB5FC830C5FBAC5DE4C18725D4F4BD7A . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . D6804AD9DBDF13DF147A371EB881020F . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . D6804AD9DBDF13DF147A371EB881020F . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . 8C404B302D19B510DEEC3ABB7CA8D5F0 . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 408B05D8104FB3C19403450FDA953C7C . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
[-] 2004-08-04 . 408C0FBB97B8B32E7CAF6C129EF18820 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB920683$\rasadhlp.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2011-05-09 10:45	288584	----a-w-	c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2011-05-09 10:45	288584	----a-w-	c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 376912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="tp4serv.exe" [2005-07-13 94208]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 864256]
"TP4EX"="tp4ex.exe" [2005-10-16 65536]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-24 237568]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-03-09 94208]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-03-22 106496]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"cssauthe"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" [2005-12-21 1988144]
"PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 49152]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 409600]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 98304]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-03-22 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-03-22 208896]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"UIExec"="c:\program files\blueconnect\UIExec.exe" [2009-04-07 132608]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-21 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 21:45	28672	------w-	c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 18:16	24576	------w-	c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0pgdfgsvc C 1
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDomainTDHelper]
2008-06-12 15:25	94208	----a-w-	c:\windows\system32\TDHelp32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Mythware\\e-Learning Class V6.0\\InstHelpApp.exe"=
"c:\\Program Files\\Mythware\\e-Learning Class V6.0\\SCMTransfer.exe"=
"c:\\Program Files\\Mythware\\e-Learning Class V6.0\\TDChalk.exe"=
"c:\\Program Files\\Mythware\\e-Learning Class V6.0\\TDOvrSet.exe"=
"c:\\Program Files\\Mythware\\e-Learning Class V6.0\\TeacherMain.exe"=
"c:\\Program Files\\WinSCP\\WinSCP.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Updater6\\Adobe_Updater.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Windows Media Player\\setup_wm.exe"=
"c:\\Program Files\\TortoiseSVN\\bin\\TortoiseProc.exe"=
"c:\\Program Files\\FLV Player\\FLVPlayer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
.
R0 CDD_HOST;CDD_HOST;c:\windows\system32\drivers\CDD_HOST.sys [05-02-2010 20:46 19968]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [28-04-2011 12:57 129992]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [31-12-1979 23:00 14336]
R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15-11-2005 12:11 46142]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [01-08-2011 12:23 143752]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [28-04-2011 12:57 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [28-04-2011 12:57 111688]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [28-04-2011 12:57 112456]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [21-12-2005 15:45 3968]
R2 UI Assistant Service;UI Assistant Service;c:\program files\blueconnect\AssistantServices.exe [14-01-2011 09:43 241664]
R3 TDKeybd;TDKeybd;c:\windows\system32\drivers\TDKeybd.sys [29-09-2009 16:09 7680]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [31-12-1979 23:00 13840]
S2 NanoServiceMain;Panda Cloud Antivirus Service;"c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe" --> c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [14-01-2011 09:44 7680]
S3 msftesql$NAVO2002;SQL Server FullText Search (NAVO2002);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [26-08-2005 15:00 92880]
S3 MSOLAP$NAVO2002;SQL Server Analysis Services (NAVO2002);c:\program files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [03-03-2007 22:12 14560624]
S3 MSSQL$NAVO2002;SQL Server (NAVO2002);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [03-03-2007 22:12 28771240]
S3 NAVOEnterprise2002;NAVO Enterprise 2002 Service;c:\program files\NAVO Enterprise 2002\System\navoservice.exe [29-07-2008 10:38 77824]
S3 phil2vid;Kamera Philips USB VGA;c:\windows\system32\drivers\philcam2.sys [27-10-2008 18:52 173696]
S3 SQLAgent$NAVO2002;SQL Server Agent (NAVO2002);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [14-10-2005 02:51 318680]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19-02-2010 13:37 517096]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23-09-2005 06:01 2799808]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
Akamai	REG_MULTI_SZ   	Akamai
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-11-13 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-06-08 23:13]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Marta\Dane aplikacji\Mozilla\Firefox\Profiles\ukm1r614.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
SafeBoot-16333488.sys
SafeBoot-20675273.sys
SafeBoot-22955583.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-13 22:35
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql$NAVO2002]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:NAVO2002"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\tphklock.dll
.
- - - - - - - > 'explorer.exe'(960)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\program files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\IBM ThinkVantage\Common\Logger\logmon.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\tp4serv.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Czas ukończenia: 2011-11-13  22:40:54 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2011-11-13 21:40
.
Przed: 69" "342" "711" "808 bajtów wolnych
Po: 69" "339" "209" "728 bajtów wolnych
.
- - End Of File - - 31B7B37DD736339B809C0EC4AAE29063