ComboFix 10-06-18.03 - marzar 2010-06-19 22:54:05.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.48.1045.18.3066.2128 [GMT 2:00] Uruchomiony z: c:\users\marzar\Desktop\viry\ComboFix.exe Użyto następujących komend :: c:\users\marzar\Desktop\viry\CFScript.txt SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania * Rezydentny antywirus jest aktywny FILE :: "c:\windows\system32\cpuvis.sys" . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CPUVIS -------\Service_cpuvis ((((((((((((((((((((((((( Pliki utworzone od 2010-05-19 do 2010-06-19 ))))))))))))))))))))))))))))))) . 2010-06-19 20:59 . 2010-06-19 21:01 -------- d-----w- c:\users\marzar\AppData\Local\temp 2010-06-19 20:59 . 2010-06-19 20:59 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-06-19 20:59 . 2010-06-19 20:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-06-18 15:08 . 2010-06-18 15:08 -------- d--h--w- c:\windows\PIF 2010-06-18 09:24 . 2007-03-28 18:49 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys 2010-06-18 09:24 . 2007-03-28 18:23 14072 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys 2010-06-18 09:24 . 2007-03-28 18:29 131944 ----a-w- c:\windows\system32\drivers\symsnap.sys 2010-06-18 09:24 . 2007-03-28 18:29 37864 ----a-w- c:\windows\system32\drivers\v2imount.sys 2010-06-18 09:23 . 2010-06-18 15:06 -------- d-----w- c:\program files\Norton Ghost 2010-06-18 08:16 . 2010-06-18 08:16 -------- d-----w- c:\program files\PowerQuest 2010-06-17 05:40 . 2010-06-17 05:40 -------- d-----w- c:\users\marzar\AppData\Roaming\Symantec 2010-06-17 05:40 . 2010-06-17 05:40 -------- d-----w- c:\users\marzar\AppData\Local\Symantec_Corporation 2010-06-16 23:18 . 2010-06-16 23:18 -------- d-----w- c:\program files\Symantec 2010-06-16 23:17 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2010-06-16 23:17 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2010-06-16 23:17 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-06-16 23:17 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2010-06-16 23:17 . 2010-06-18 15:06 -------- d-----w- c:\programdata\Symantec 2010-06-16 23:17 . 2010-06-18 07:35 -------- d-----w- c:\programdata\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3} 2010-06-08 23:16 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-06-08 23:16 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-06-08 23:16 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll 2010-06-08 23:16 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys 2010-06-02 11:07 . 2007-12-10 00:00 57344 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ZIMFPRNT.DLL 2010-06-02 11:05 . 2010-06-02 11:05 -------- d-----w- c:\program files\HP 2010-06-02 11:05 . 2007-12-10 00:00 61440 ----a-w- c:\windows\system32\ZIMF.DLL 2010-06-02 11:05 . 2007-12-10 00:00 53248 ----a-w- c:\windows\system32\ZTAG.DLL 2010-06-02 11:05 . 2007-12-10 00:00 434176 ----a-w- c:\windows\system32\ZSHP1020.EXE 2010-06-02 11:05 . 2007-12-10 00:00 106496 ----a-w- c:\windows\system32\ZSPOOL.DLL 2010-06-02 11:05 . 2007-12-10 00:00 102400 ----a-w- c:\windows\system32\ZLhp1020.DLL 2010-05-26 11:20 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-19 21:01 . 2010-04-25 20:34 34997 ----a-w- c:\programdata\nvModes.dat 2010-06-19 20:59 . 2008-07-17 05:45 2140 ----a-w- c:\windows\bthservsdp.dat 2010-06-19 15:08 . 2008-07-16 12:38 682732 ----a-w- c:\windows\system32\perfc015.dat 2010-06-19 15:08 . 2008-07-16 12:38 2217836 ----a-w- c:\windows\system32\perfh015.dat 2010-06-19 14:46 . 2009-01-01 17:09 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-06-19 13:51 . 2010-04-27 21:19 -------- d-----w- c:\program files\My applications 2010-06-18 17:39 . 2009-01-01 18:36 -------- d-----w- c:\users\marzar\AppData\Roaming\U3 2010-06-18 14:04 . 2009-01-05 16:33 1 ----a-w- c:\users\marzar\AppData\Roaming\OpenOffice.ux.pl\3\user\uno_packages\cache\stamp.sys 2010-06-18 08:23 . 2008-07-16 13:50 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-18 08:11 . 2009-04-07 09:49 -------- d-----w- c:\program files\MoorHunt 2010-06-16 23:17 . 2010-06-16 23:17 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2010-06-16 23:17 . 2010-06-16 23:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_GenericMount_01009.Wdf 2010-06-08 23:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-06-04 18:41 . 2009-03-26 16:47 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-09 07:30 . 2010-05-09 07:30 -------- d-----w- c:\programdata\Panda Security 2010-05-09 07:30 . 2010-05-09 07:30 -------- d-----w- c:\program files\Panda USB Vaccine 2010-05-08 07:54 . 2009-01-09 18:10 1356 ----a-w- c:\users\marzar\AppData\Local\d3d9caps.dat 2010-05-04 05:59 . 2010-06-08 23:17 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 05:55 . 2010-06-08 23:17 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-05-04 05:55 . 2010-06-08 23:17 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-05-04 04:31 . 2010-06-08 23:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-05-02 22:14 . 2010-05-02 22:14 -------- d-----w- c:\users\marzar\AppData\Roaming\DivX 2010-04-27 21:19 . 2010-04-27 21:19 -------- d-----w- c:\program files\Temp 2010-04-27 20:58 . 2010-04-27 20:58 -------- d-----w- c:\program files\Windows Portable Devices 2010-04-27 20:58 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-04-27 20:57 . 2010-04-27 20:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2010-04-27 20:05 . 2008-07-16 14:37 -------- d-----w- c:\programdata\NVIDIA 2010-04-27 20:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-04-27 20:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-04-27 20:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-04-27 20:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2010-04-27 20:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-04-27 20:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2010-04-25 22:58 . 2008-07-16 14:24 -------- d-----w- c:\program files\Microsoft SQL Server 2010-04-25 22:57 . 2010-04-25 22:57 -------- d-----w- c:\program files\ESET 2010-04-25 22:43 . 2008-12-31 11:08 137720 ----a-w- c:\users\marzar\AppData\Local\GDIPFONTCACHEV1.DAT 2010-04-25 20:22 . 2010-04-25 20:22 -------- d-----w- c:\program files\NVIDIA Corporation 2010-04-24 21:36 . 2009-01-05 16:29 -------- d-----w- c:\program files\OpenOffice.ux.pl 3 2010-04-24 20:01 . 2009-01-05 16:28 -------- d-----w- c:\program files\Java 2010-04-23 05:19 . 2010-04-21 19:34 -------- d-----w- c:\program files\AutoMapa EU 2010-04-20 06:54 . 2010-04-20 06:54 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-04-20 06:15 . 2010-04-20 06:15 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-04-20 06:15 . 2010-04-20 06:25 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll 2010-04-20 06:13 . 2010-04-20 06:25 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe 2010-04-12 15:29 . 2010-04-24 20:01 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-07 19:08 . 2010-04-07 19:08 96896 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys 2010-04-07 19:07 . 2010-04-07 19:07 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2010-04-07 19:03 . 2010-04-07 19:03 133512 ----a-w- c:\windows\system32\drivers\eamonm.sys 2010-03-25 16:12 . 2010-03-25 16:12 136008 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416] "iPlusManager"="c:\program files\iPlus\iPlusChecker.exe" [2009-12-21 446464] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-24 813584] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] 2010-04-07 19:07 2145000 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] 2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2007-01-08 13:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2008-03-17 08:59 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2007-03-14 12:01 71216 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):ec,ef,ed,19,45,e6,ca,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3868899706-1755380393-728579318-1003] "EnableNotificationsRef"=dword:00000001 R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [x] R3 NETw5v32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-20 3663360] R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-07 114984] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-04-07 133512] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-04-07 96896] S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2007-05-23 13312] S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2009-06-17 40720] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2009-06-17 10384] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-28 68200] S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [2008-04-05 242560] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-03-17 08:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Zawartość folderu 'Zaplanowane zadania' 2010-06-18 c:\windows\Tasks\User_Feed_Synchronization-{A9C4F07E-A0B0-48A2-A605-6CD7E90D2AE8}.job - c:\windows\system32\msfeedssync.exe [2010-06-08 04:30] . . ------- Skan uzupełniający ------- . uStart Page = about:blank IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: {C73CCBDF-67EF-4B9E-AEA3-B02F07C01090} = 194.204.159.1,194.204.152.34 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-19 23:01 Windows 6.0.6002 Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'Explorer.exe'(3604) c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\btmmhook.dll c:\windows\system32\btncopy.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\agrsmsvc.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\nvvsvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe c:\windows\system32\conime.exe c:\windows\RtHDVCpl.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Czas ukończenia: 2010-06-19 23:07:16 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-06-19 21:07 ComboFix2.txt 2010-06-19 14:22 Przed: 90 357 293 056 bajtów wolnych Po: 90 114 338 816 bajtów wolnych - - End Of File - - FD23B52F22ACA62DC7541AA46C190DDC