ComboFix 12-07-07.04 - Vaio 2012-07-08 14:35:54.1.2 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.48.1045.18.3038.2484 [GMT 2:00] Uruchomiony z: c:\users\Vaio\Desktop\ComboFix.exe AV: McAfee Anti-Virus i Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus i Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\users\Vaio\AppData\Local\unins000.exe c:\users\Vaio\ContentaConverterPREMIUM.tmp c:\windows\system32\drivers\etc\hosts.ics . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-08 do 2012-07-08 ))))))))))))))))))))))))))))))) . . 2012-07-08 12:42 . 2012-07-08 12:42 -------- d-----w- c:\users\Vaio\AppData\Local\temp 2012-07-08 12:42 . 2012-07-08 12:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-06 15:46 . 2012-07-06 15:46 -------- d-----w- c:\users\Vaio\AppData\Roaming\hellomoto 2012-06-25 09:02 . 2012-06-25 09:02 -------- d-----w- c:\users\Vaio\AppData\Local\Macromedia . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-25 07:55 . 2012-05-25 11:48 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-25 07:55 . 2012-05-25 11:48 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-17 18:51 . 2011-06-04 10:35 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-08-25 11:47 . 2010-08-25 11:47 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2011-04-14 12:01 . 2011-02-27 12:11 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-11-22 270336] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-11 39408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2011-02-07 1362944] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19549320] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "RstrtMgr"="c:\users\Vaio\AppData\Local\Microsoft\Windows\3094\RstrtMgr.exe" [2012-07-06 49664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-10-17 6295552] "Apoint"="c:\program files\Apoint\Apoint.exe" [2008-09-30 122880] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-25 30192] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2010-02-11 24576] "AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-09-09 1097728] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120] "FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker32.exe" [2011-12-09 726912] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-10-15 776744] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2008-11-06 02:32 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . R2 0157581341749362mcinstcleanup;McAfee Application Installer Cleanup (0157581341749362);c:\users\Vaio\AppData\Local\Temp\015758~1.EXE [x] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ hpdevmgmt REG_MULTI_SZ hpqcxs08 . Zawartość folderu 'Zaplanowane zadania' . 2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 07:55] . 2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 22:16] . 2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 22:16] . 2012-01-14 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-04-13 10:22] . 2011-11-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-04-13 10:22] . . ------- Skan uzupełniający ------- . uStart Page = https://www.online.icomarch24.pl/ioptima24/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.0.1 DPF: DrvInstObjCab - hxxp://demo.cdnonline.pl/OnlineDemo/DrvInstObj.cab FF - ProfilePath - c:\users\Vaio\AppData\Roaming\Mozilla\Firefox\Profiles\srjvvwjb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.gazetaprawna.pl/ . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - c:\users\Vaio\AppData\Local\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-08 14:42 Windows 6.0.6001 Service Pack 1 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\S-1-5-21-1868213863-3244487241-2592187260-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:06,ef,cd,e4,83,6d,70,01,62,f7,71,c7,70,1d,b1,6a,6a,4b,21,05,79,c6,b2, 90,f4,a3,f9,be,53,5c,b3,b4,8f,14,7a,78,96,23,6d,fa,2f,8e,7c,27,41,58,d7,18,\ "??"=hex:ed,46,ff,f7,52,69,de,c3,f3,bb,8d,0a,68,c0,8f,0f . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b4 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Czas ukończenia: 2012-07-08 14:45:14 ComboFix-quarantined-files.txt 2012-07-08 12:44 . Przed: 125 296 136 192 bajtów wolnych Po: 126 646 972 416 bajtów wolnych . - - End Of File - - E3DC62DE63F95E39A22504C89A66EE52