ComboFix 12-07-08.02 - pc 2012-07-09  16:41:40.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1250.48.1045.18.3519.3076 [GMT 2:00]
Uruchomiony z: C:\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-06-09 do 2012-07-09  )))))))))))))))))))))))))))))))
.
.
2012-07-09 14:46 . 2012-07-09 14:47	--------	d-----w-	c:\users\pc\AppData\Local\temp
2012-07-09 14:46 . 2012-07-09 14:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-09 13:52 . 2012-07-09 13:52	--------	d-----w-	c:\windows\Sun
2012-07-09 13:27 . 2012-07-09 13:27	--------	d-----w-	c:\users\pc\AppData\Roaming\hellomoto
2012-07-06 07:47 . 2012-05-31 03:41	6762896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D7FDBA2-4FCA-46B0-A352-5F858EBE7374}\mpengine.dll
2012-06-19 07:15 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-19 07:15 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-19 07:15 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-19 07:15 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-19 07:14 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-19 07:14 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-19 07:14 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-19 07:14 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-19 07:14 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-12 10:25 . 2012-06-12 10:25	--------	d-----w-	c:\program files\Hoya MyStyle iDentifier (Online)
2012-06-12 10:15 . 2012-06-12 10:26	--------	d-----w-	C:\HoyaiLink
2012-06-12 10:15 . 2012-06-12 10:15	--------	d-----w-	c:\program files\HoyaiLink
2012-06-12 10:15 . 2012-06-12 10:15	840192	----a-w-	c:\windows\system32\hoyabus.dll
2012-06-12 10:15 . 2012-06-12 10:15	839680	----a-w-	c:\windows\system32\LWTracerLib.dll
2012-06-12 10:15 . 2012-06-12 10:15	43008	----a-w-	c:\windows\system32\libgcc_s_dw2-1.dll
2012-06-12 10:15 . 2012-06-12 10:15	2555392	----a-w-	c:\windows\system32\QtCore4.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-09 14:16 . 2012-07-09 14:16	167953	----a-w-	C:\flashfake_removal_tool.zip
2012-04-16 07:15 . 2012-04-10 07:11	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-04-16 07:15 . 2011-05-28 07:03	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 15:14 . 2012-03-16 11:16	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 14:31	1514152	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2009-04-03 2158592]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2010-03-12 2181744]
"hoyabus2wacon"="c:\program files\HoyaiLink\hoyabus2wacon.exe" [2012-06-12 1540096]
"ilogupdate"="c:\program files\HoyaiLink\ilogupdate.exe" [2012-06-12 1020416]
"WinSyncMetastore"="c:\users\pc\AppData\Local\Microsoft\Windows\3924\WinSyncMetastore.exe" [2012-07-09 49664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-04-14 17149952]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"KMCONFIG"="c:\program files\Keyboard & Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 07:15]
.
2012-07-09 c:\windows\Tasks\User_Feed_Synchronization-{505FA314-28B9-40AA-B06C-DBD5F66C8F96}.job
- c:\windows\system32\msfeedssync.exe [2012-06-13 03:24]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Settings,ProxyOverride = 127.0.0.1
TCP: DhcpNameServer = 192.168.2.1
DPF: {7E88D4EE-0969-48ED-9F1C-B647586C0419} - hxxp://89.228.61.76/Media.CAB
FF - ProfilePath - c:\users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\kprrfdfg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - wp.pl
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-09 16:47
Windows 6.0.6002 Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r??????????????????????????????????????????????? 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
Czas ukończenia: 2012-07-09  16:48:23
ComboFix-quarantined-files.txt  2012-07-09 14:48
ComboFix2.txt  2012-07-09 14:30
.
Przed: 19 568 254 976 bajtów wolnych
Po: 19 340 111 872 bajtów wolnych
.
- - End Of File - - 1480AB17677A34A503A7C5C8BB034E0D