ComboFix 13-01-11.02 - PTSM 2013-01-11  20:43:49.1.2 - x86 MINIMAL
Uruchomiony z: F:\ComboFix.exe
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.pad
c:\documents and settings\PTSM\wgsdgsdgdsgsd.exe
c:\program files\FilmFanaticEI
c:\program files\FilmFanaticEI\Installr\1.bin\NPpaEISb.dll
c:\program files\FilmFanaticEI\Installr\1.bin\paEIPlug.dll
c:\program files\FilmFanaticEI\Installr\1.bin\paEZSETP.dll
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-12-11 do 2013-01-11  )))))))))))))))))))))))))))))))
.
.
2013-01-11 19:31 . 2013-01-11 19:32	--------	d-----w-	c:\documents and settings\Administrator
2013-01-10 21:19 . 2013-01-11 19:32	2934	----a-w-	c:\documents and settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.js
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 18:01 . 2012-11-07 14:16	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-09 18:01 . 2011-10-19 15:57	74248	-c--a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2006-03-02 12:00	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2006-03-02 12:00	1866624	----a-w-	c:\windows\system32\win32k.sys
2012-11-12 16:56 . 2011-03-27 19:46	83912	----a-w-	c:\windows\system32\LMIRfsClientNP.dll
2012-11-12 16:56 . 2011-03-27 19:46	31144	----a-w-	c:\windows\system32\LMIport.dll
2012-11-12 16:56 . 2011-03-27 19:46	92072	----a-w-	c:\windows\system32\LMIinit.dll
2012-11-06 02:00 . 2009-08-19 15:07	1371648	----a-w-	c:\windows\system32\msxml6.dll
2012-11-02 02:03 . 2006-03-02 12:00	375296	----a-w-	c:\windows\system32\dpnet.dll
2012-11-01 12:13 . 2006-03-02 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-11-01 12:13 . 2006-03-02 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-11-01 12:13 . 2006-03-02 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2006-03-02 12:00	385024	----a-w-	c:\windows\system32\html.iec
2012-02-29 18:33 . 2011-03-27 16:58	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"ChkMail"="c:\program files\ChkMail\ChkMail\ChkMail.exe" [2007-03-20 741376]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
.
c:\documents and settings\Administrator\Menu Start\Programy\Autostart\
runctf.lnk - c:\windows\system32\rundll32.exe [2006-3-2 33280]
.
c:\documents and settings\PTSM\Menu Start\Programy\Autostart\
runctf.lnk - c:\windows\system32\rundll32.exe [2006-3-2 33280]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-11-12 16:56	92072	----a-w-	c:\windows\system32\LMIinit.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\SUPDSvc.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [x]
R3 StkCMini;Syntek AVStream USB2.0 2M WebCam;c:\windows\system32\Drivers\StkCMini.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-07 18:01]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 13:02]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 13:02]
.
2013-01-10 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-06-06 20:33]
.
2013-01-10 c:\windows\Tasks\User_Feed_Synchronization-{16A03E76-C51A-48CF-95B0-75EEB8CA7203}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
2013-01-10 c:\windows\Tasks\User_Feed_Synchronization-{59D3031F-2DBB-46B4-8CEF-B2427CD17AA1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Skan uzupełniający -------
.
FF - ProfilePath - c:\documents and settings\PTSM\Dane aplikacji\Mozilla\Firefox\Profiles\w0zui1t9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.interia.pl/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=07CD9515-A222-4FCD-BBEA-01EEB4403B59&apn_ptnrs=9M&apn_sauid=9D2C5306-78B8-4DF1-AF05-189D60D3A640&apn_dtid=OSJ000&&q=
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKLM-Run-EPSON Stylus DX4800 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
AddRemove-EPSON Printer and Utilities - c:\windows\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-11 21:10
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(248)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\l3codeca.acm
c:\windows\system32\ac3acm.acm
c:\windows\system32\lameACM.acm
.
Czas ukończenia: 2013-01-11  21:12:36
ComboFix-quarantined-files.txt  2013-01-11 20:12
.
Przed: 5 546 418 176 bajtów wolnych
Po: 7 582 117 888 bajtów wolnych
.
- - End Of File - - 63F96D7F0C7490FD5DBC4A8DAE814C39