ComboFix 12-04-03.02 - Michał 2012-04-04 12:30:46.1.2 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2038.1723 [GMT 2:00] Uruchomiony z: c:\documents and settings\Micha-\Pulpit\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Han\WINDOWS c:\program files\iplus c:\program files\iplus\commanderFix.exe c:\program files\iplus\countries.eng c:\program files\iplus\countries.pl c:\program files\iplus\Drivers\difxapi.dll c:\program files\iplus\Drivers\Driver2k\Huawei\ewdcsc.cat c:\program files\iplus\Drivers\Driver2k\Huawei\ewdcsc.inf c:\program files\iplus\Drivers\Driver2k\Huawei\ewdcsc.sys c:\program files\iplus\Drivers\Driver2k\Huawei\ewfake.inf c:\program files\iplus\Drivers\Driver2k\Huawei\ewmdm2k.cat c:\program files\iplus\Drivers\Driver2k\Huawei\ewmdm2k.inf c:\program files\iplus\Drivers\Driver2k\Huawei\ewnet.inf c:\program files\iplus\Drivers\Driver2k\Huawei\ewser2k.cat c:\program files\iplus\Drivers\Driver2k\Huawei\ewser2k.inf c:\program files\iplus\Drivers\Driver2k\Huawei\ewusbfake.cat c:\program files\iplus\Drivers\Driver2k\Huawei\ewusbfake.sys c:\program files\iplus\Drivers\Driver2k\Huawei\ewusbmdm.sys c:\program files\iplus\Drivers\Driver2k\Huawei\ewusbnet.cat c:\program files\iplus\Drivers\Driver2k\Huawei\ewusbnet.sys c:\program files\iplus\Drivers\Driver2k\Huawei\mod7700.cat c:\program files\iplus\Drivers\Driver2k\Huawei\mod7700.inf c:\program files\iplus\Drivers\Driver2k\Huawei\mod7700.sys c:\program files\iplus\Drivers\Driver2k\Huawei64\ewfake.inf c:\program files\iplus\Drivers\Driver2k\Huawei64\ewmdm2k.cat c:\program files\iplus\Drivers\Driver2k\Huawei64\ewmdm2k.inf c:\program files\iplus\Drivers\Driver2k\Huawei64\ewser2k.cat c:\program files\iplus\Drivers\Driver2k\Huawei64\ewser2k.inf c:\program files\iplus\Drivers\Driver2k\Huawei64\ewusbfake.cat c:\program files\iplus\Drivers\Driver2k\Huawei64\ewusbfake.sys c:\program files\iplus\Drivers\Driver2k\Huawei64\ewusbmdm.sys c:\program files\iplus\Drivers\driverInstallation.log c:\program files\iplus\Drivers\driverInstaller.exe c:\program files\iplus\Drivers\huawei-drivers-list.txt c:\program files\iplus\en\iplus.mo c:\program files\iplus\eng.lang c:\program files\iplus\help\IPlus_Manager_User_Manual.pdf c:\program files\iplus\help\Podrecznik_Uzytkownika_IPlus_Manager.pdf c:\program files\iplus\iPlusChecker.exe c:\program files\iplus\iPlusManager.exe c:\program files\iplus\iPlusManager.ini c:\program files\iplus\license.rtf c:\program files\iplus\log\openssl.exe c:\program files\iplus\log\plus.pem c:\program files\iplus\NDISAPI.dll c:\program files\iplus\networks.dat c:\program files\iplus\PaseczekControlAPI.dll c:\program files\iplus\pl.lang c:\program files\iplus\pl\iplus.mo c:\program files\iplus\resources.dat c:\program files\iplus\SysConfig.dat c:\program files\iplus\tools.exe c:\program files\iplus\unins000.dat c:\program files\iplus\unins000.exe c:\program files\iplus\uninstallTool.exe c:\program files\iplus\update.exe c:\program files\iplus\update\update.ini c:\program files\iplus\userPrefs.def c:\windows\$NtUninstallKB65190$ c:\windows\$NtUninstallKB65190$\1026833517\@ c:\windows\$NtUninstallKB65190$\1026833517\L\noxplmrd c:\windows\$NtUninstallKB65190$\1026833517\loader.tlb c:\windows\$NtUninstallKB65190$\1026833517\U\@00000001 c:\windows\$NtUninstallKB65190$\1026833517\U\@000000c0 c:\windows\$NtUninstallKB65190$\1026833517\U\@000000cb c:\windows\$NtUninstallKB65190$\1026833517\U\@000000cf c:\windows\$NtUninstallKB65190$\1026833517\U\@80000000 c:\windows\$NtUninstallKB65190$\1026833517\U\@800000c0 c:\windows\$NtUninstallKB65190$\1026833517\U\@800000cb c:\windows\$NtUninstallKB65190$\1026833517\U\@800000cf c:\windows\$NtUninstallKB65190$\2934336695 c:\windows\msmqinst.log c:\windows\system32\a016mdm.dll c:\windows\system32\acrsch2svc.dll c:\windows\system32\aiclient.dll c:\windows\system32\alim1541.dll c:\windows\system32\AlteraByteBlaster.dll c:\windows\system32\ARSVC.dll c:\windows\system32\as32svc.dll c:\windows\system32\bthmodem.dll c:\windows\system32\cpqvcagent.dll c:\windows\system32\dds_log_ad13.cmd c:\windows\system32\driVERs\yyolllyy.sys c:\windows\system32\GoProto.dll c:\windows\system32\mfebopk.dll c:\windows\system32\mspqm.dll c:\windows\system32\MSW_USB.dll c:\windows\system32\ntcharge.dll c:\windows\system32\Packet.dll c:\windows\system32\pae_avs.dll c:\windows\system32\pensup.dll c:\windows\system32\rdpcdd.dll c:\windows\system32\rpsupdaterr.dll c:\windows\system32\se45mdfl.dll c:\windows\system32\se45mdm.dll c:\windows\system32\SET2CF.tmp c:\windows\system32\SET2D3.tmp c:\windows\system32\SET45.tmp c:\windows\system32\SET4A.tmp c:\windows\system32\sis162u.dll c:\windows\system32\smartscaps.dll c:\windows\system32\symc810.dll c:\windows\system32\TPHDLOG0.LOG c:\windows\system32\V0070VID.dll c:\windows\system32\VAIOMediaPlatform-PhotoServer-UPnP.dll c:\windows\system32\winpowermonitor.dll c:\windows\system32\wpcap.dll . Zainfekowana kopia c:\windows\system32\drivers\mrxsmb.sys została znaleziona. Problem naprawiono Plik odzyskano z - The cat found it :) . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF -------\Legacy_blueservice -------\Legacy_bmuservice -------\Legacy_CX23880 -------\Legacy_hpgate -------\Legacy_lusbaudio -------\Legacy_MRESP50 -------\Legacy_mssqlserver -------\Legacy_ntsvcmgr -------\Legacy_OracleOraHome92ClientCache -------\Legacy_passthru -------\Legacy_pduip6000dmemcrdmgr -------\Legacy_PTDCBus -------\Legacy_quickbooksdb -------\Legacy_RTL8169 -------\Legacy_slssvc -------\Legacy_SMPLSCSI -------\Legacy_szserver -------\Legacy_tapeware -------\Legacy_TMBUS -------\Legacy_w550mgmt -------\Legacy_XTrapD12 -------\Legacy_yyolllyy -------\Legacy_z525mgmt -------\Service_blueservice -------\Service_bmuservice -------\Service_CX23880 -------\Service_hpgate -------\Service_lusbaudio -------\Service_MRESP50 -------\Service_mssqlserver -------\Service_ntsvcmgr -------\Service_OracleOraHome92ClientCache -------\Service_passthru -------\Service_pduip6000dmemcrdmgr -------\Service_PTDCBus -------\Service_quickbooksdb -------\Service_RTL8169 -------\Service_slssvc -------\Service_SMPLSCSI -------\Service_szserver -------\Service_tapeware -------\Service_TMBUS -------\Service_w550mgmt -------\Service_XTrapD12 -------\Service_yyolllyy -------\Service_z525mgmt . . ((((((((((((((((((((((((( Pliki utworzone od 2012-03-04 do 2012-04-04 ))))))))))))))))))))))))))))))) . . 2012-04-04 10:55 . 2012-04-04 10:55 56200 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{40B20F72-2C6B-4A57-A95B-8EAE81945D41}\offreg.dll 2012-04-04 09:44 . 2011-07-15 13:29 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2012-04-04 09:17 . 2012-04-04 09:17 -------- d-----w- c:\documents and settings\Michał\Client Security Solution 2012-04-04 07:48 . 2012-04-04 07:48 29904 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{40B20F72-2C6B-4A57-A95B-8EAE81945D41}\MpKsl7ae377d8.sys 2012-04-03 17:14 . 2012-04-03 17:14 -------- d-----w- c:\documents and settings\Michał\Ustawienia lokalne\Dane aplikacji\Panasonic 2012-04-01 16:03 . 2012-04-01 16:03 -------- d-----w- c:\documents and settings\Michał\Dane aplikacji\Apple Computer 2012-04-01 14:59 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{40B20F72-2C6B-4A57-A95B-8EAE81945D41}\mpengine.dll 2012-04-01 14:55 . 2012-04-01 14:55 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2012-04-01 14:55 . 2012-04-01 14:55 -------- d-----r- c:\documents and settings\LocalService\Ulubione 2012-04-01 13:39 . 2012-04-01 13:39 -------- d-----r- c:\documents and settings\NetworkService\Ulubione 2012-04-01 13:13 . 2012-04-01 13:13 50704 ----a-w- c:\windows\system32\drivers\npf.sys 2012-03-22 13:26 . 2012-03-22 13:26 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-03-22 13:26 . 2012-03-22 13:26 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll 2012-03-10 17:02 . 2012-03-10 17:02 -------- d-----w- c:\program files\Mozilla Thunderbird . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-14 02:15 . 2011-07-30 14:13 6582328 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-02-03 09:57 . 2008-04-15 12:00 1860352 ----a-w- c:\windows\system32\win32k.sys 2012-01-31 12:44 . 2011-01-22 18:53 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-23 16:35 . 2012-01-23 15:51 249856 ------w- c:\windows\Setup1.exe 2012-01-23 16:35 . 2012-01-23 15:51 73216 ----a-w- c:\windows\ST6UNST.EXE 2012-01-11 19:07 . 2012-02-15 07:18 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20 . 2007-10-10 11:42 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-22 13:26 . 2011-05-06 17:49 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2009-03-05 16:08 . 2009-08-05 16:33 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 204288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP OfficeJet T Series"="c:\program files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe -reg Software\Hewlett-Packard\OfficeJet T Series\Install" [X] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-06-17 200704] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-06-17 208896] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-05 172032] "TpShocks"="TpShocks.exe" [2007-03-29 181808] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 536576] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-03-22 120368] "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696] "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-01-30 2618944] "tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 270336] "snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "MediaFace Integration"="c:\program files\MediaFACE 5.0\SetHook.exe" [2007-12-21 53248] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ BTTray.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-27 561213] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-10 50688] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664] HP Image Zone - szybkie uruchamianie.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] PHOTOfunSTUDIO 4.0 HD Edition.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO 4.0 HD\AutoStartupService.exe [2010-8-31 146360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-03-14 20:17 89600 ----a-w- c:\windows\system32\psqlpwd.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2006-12-14 02:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mega Zbiory\\giFT\\giFTl.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\Han\\Ustawienia lokalne\\Dane aplikacji\\Google\\Chrome\\Application\\chrome.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16354:TCP"= 16354:TCP:BitComet 16354 TCP "16354:UDP"= 16354:UDP:BitComet 16354 UDP . R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-03-02 19760] S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] S1 cyqbrgzx;cyqbrgzx;\??\c:\windows\system32\drivers\cyqbrgzx.sys --> c:\windows\system32\drivers\cyqbrgzx.sys [?] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2011-02-28 95200] S2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-14 11152] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592] S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-02-08 569344] S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2011-02-21 71424] S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2011-02-21 11520] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [2008-01-22 10343168] S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-09-13 35264] S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2007-11-03 178913] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs MRESP50 XTrapD12 websenselogserver aolservice SMPLSCSI z525mgmt atiavaiw passthru CX23880 tapeware bmuservice bridge USB28xxBGA TMBUS mssqlserver ntsvcmgr RTL8169 lusbaudio blueservice szserver slssvc PTDCBus pduip6000dmemcrdmgr OracleOraHome92ClientCache hpgate w550mgmt dlbt_device quickbooksdb . Zawartość folderu 'Zaplanowane zadania' . 2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1748312379-341804264-3578943189-1008Core.job - c:\documents and settings\Han\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2012-02-01 10:42] . 2012-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1748312379-341804264-3578943189-1008UA.job - c:\documents and settings\Han\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2012-02-01 10:42] . 2012-04-04 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39] . 2012-04-04 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-10-10 16:16] . 2012-01-14 c:\windows\Tasks\prismDowngrade.job - c:\program files\NCH Software\Prism\prism.exe [2010-08-13 15:44] . 2012-01-15 c:\windows\Tasks\prismShakeIcon.job - c:\program files\NCH Software\Prism\prism.exe [2010-08-13 15:44] . 2012-04-04 c:\windows\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://lenovo.live.com uSearchURL,(Default) = hxxp://g.msn.com.pl/0SEPLPL/SAOS01?FORM=TOOLBR IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Wyślij do urządzenia &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\Michał\Dane aplikacji\Mozilla\Firefox\Profiles\ocpkq357.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . HKLM-Run-HornetMonitor - c:\program files\Common Files\Hornet\MntrHrnt.exe HKLM-Run-iPlusManager - c:\program files\iPlus\iPlusChecker.exe HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe Notify-ACNotify - ACNotify.dll AddRemove-iPlus manager_is1 - c:\program files\iPlus\unins000.exe AddRemove-Remove Multimedia Center - c:\swtools\apps\MMCfTO\customiz\sequencer.exe AddRemove-Google Chrome - c:\documents and settings\Michał\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\15.0.874.121\Installer\setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-04 12:56 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(288) c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infra.dll c:\program files\ThinkVantage Fingerprint Software\homepass.dll c:\program files\ThinkVantage Fingerprint Software\bio.dll c:\program files\ThinkVantage Fingerprint Software\ps2css.dll c:\program files\ThinkVantage Fingerprint Software\crypto.dll c:\program files\ThinkVantage Fingerprint Software\remote.dll c:\program files\Lenovo\HOTKEY\tphklock.dll . - - - - - - - > 'lsass.exe'(344) c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infra.dll . - - - - - - - > 'explorer.exe'(308) c:\windows\system32\WININET.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Czas ukończenia: 2012-04-04 13:04:24 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-04-04 11:04 . Przed: 19 963 879 424 bajtów wolnych Po: 20 382 425 088 bajtów wolnych . - - End Of File - - 1E79283874445B52D4A958E32D7B77DC