ComboFix 12-08-28.01 - fitnes 2012-08-28  12:44:00.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1250.48.1045.18.3061.2464 [GMT 2:00]
Uruchomiony z: c:\temp\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\SPL1A7A.tmp
c:\programdata\SPL20F5.tmp
c:\programdata\SPL360D.tmp
c:\programdata\SPL6D47.tmp
c:\programdata\SPL70F7.tmp
c:\programdata\SPL7690.tmp
c:\programdata\SPL85B2.tmp
c:\programdata\SPL91C8.tmp
c:\programdata\SPL996.tmp
c:\programdata\SPLA12E.tmp
c:\programdata\SPLA566.tmp
c:\programdata\SPLDB92.tmp
c:\programdata\SPLE7F8.tmp
c:\programdata\SPLE963.tmp
c:\programdata\SPLF7F8.tmp
c:\programdata\SPLF888.tmp
c:\users\fitnes\AppData\Roaming\ReportsBookLog.txt
c:\windows\system32\winrgb32.dll
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-07-28 do 2012-08-28  )))))))))))))))))))))))))))))))
.
.
2012-08-28 07:54 . 2012-08-28 07:55	--------	d-----w-	c:\users\fitnes\AppData\Roaming\hellomoto
2012-08-16 00:02 . 2012-07-04 14:02	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-08-15 23:55 . 2012-05-11 15:57	623616	----a-w-	c:\windows\system32\localspl.dll
2012-08-15 01:23 . 2012-08-16 00:22	--------	d-----w-	c:\windows\system32\drivers\NIS\1308000.00E
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 10:13 . 2009-05-06 08:57	24944	----a-w-	c:\windows\system32\drivers\GVTDrv.sys
2012-08-28 10:13 . 2009-05-06 08:51	16608	----a-w-	c:\windows\gdrv.sys
2012-08-15 18:27 . 2012-06-25 08:47	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-08-15 18:27 . 2011-09-13 12:18	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-15 10:34 . 2011-12-20 08:54	98304	----a-w-	c:\windows\system32\getver.exe
2012-06-15 10:28 . 2011-12-20 08:54	103224	----a-w-	c:\windows\system32\HASPSrvN.exe
2012-06-15 10:28 . 2011-12-20 08:54	709432	----a-w-	c:\windows\system32\HASPSrv.exe
2012-06-15 10:19 . 2011-12-20 08:54	1400832	----a-w-	c:\windows\system32\haspclnt.dll
2012-06-05 16:47 . 2012-07-10 22:20	1401856	----a-w-	c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-10 22:20	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-10 22:20	440704	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-23 07:36	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 07:36	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 07:35	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 07:35	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-23 07:36	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-23 07:36	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-23 07:35	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-23 07:35	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-23 07:35	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-07-10 22:20	278528	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-10 22:20	204288	----a-w-	c:\windows\system32\ncrypt.dll
2012-08-03 08:11 . 2011-07-07 11:11	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-14 7416352]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2008-09-10 16040]
"Lexmark 5600-6600 Series Fax Server"="c:\program files\Lexmark 5600-6600 Series\fm3032.exe" [2008-09-10 311976]
"Monitor Serwisu klucza HASP"="c:\windows\system32\HASPSrvN.exe" [2012-06-15 103224]
"AutoRegisterCerts"="c:\program files\Unizeto\proCertum CardManager\cryptoCertumScanner.exe" [2011-07-07 118024]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"TURegOpt"="c:\users\fitnes\AppData\Local\Microsoft\Windows\2449\TURegOpt.exe" [2012-08-28 73216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor.lnk - c:\program files\Vivotek\ST3402\Monitor_VV.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1673712086-3022348113-4059795357-1001]
"EnableNotificationsRef"=dword:00000002
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 18:27]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D3070459-3125-4F22-B767-245CA07DF06E}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\fitnes\AppData\Roaming\Mozilla\Firefox\Profiles\44imjyl7.default\
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-PureSync - c:\program files\PureSync\PureSyncTray.exe
HKLM-Run-IP surveillance - (no file)
HKLM-Run-nDiag32 factory burning script - c:\ndiag32\ndiag32.bat
HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-28 12:50
Windows 6.0.6002 Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
.
Czas ukończenia: 2012-08-28  12:52:55
ComboFix-quarantined-files.txt  2012-08-28 10:52
.
Przed: 70 116 298 752 bajtów wolnych
Po: 71 305 543 680 bajtów wolnych
.
- - End Of File - - 4B7976CD31B964FB1A86B3CB720E11F8