ComboFix 12-07-08.01 - Janina Kruk 2012-07-08 23:29:10.1.2 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.48.1045.18.1022.568 [GMT 2:00] Uruchomiony z: D:\ComboFix.exe * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\security\Database\tmp.edb . . ((((((((((((((((((((((((( Pliki utworzone od 2012-06-08 do 2012-07-08 ))))))))))))))))))))))))))))))) . . 2012-07-08 20:29 . 2012-07-08 20:29 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4CE99A82-1E2E-4236-97F3-AC8170D87368}\offreg.dll 2012-07-06 15:42 . 2012-07-06 15:42 -------- d-----w- c:\users\Janina Kruk\AppData\Roaming\hellomoto 2012-07-06 15:39 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4CE99A82-1E2E-4236-97F3-AC8170D87368}\mpengine.dll 2012-06-25 21:01 . 2012-06-25 21:01 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-06-25 21:01 . 2012-06-25 21:01 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-25 21:01 . 2012-06-25 21:01 624608 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-06-25 21:01 . 2012-06-25 21:01 43488 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll 2012-06-25 21:01 . 2012-06-25 21:01 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-25 21:01 . 2012-06-25 21:01 157608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-06-25 21:01 . 2012-06-25 21:01 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 16:23 . 2012-04-04 20:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-05 16:23 . 2012-04-04 20:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-25 21:01 . 2011-12-15 17:41 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-06-21 1232896] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-19 39408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "WUDFPlatform"="c:\users\Janina Kruk\AppData\Local\Microsoft\Windows\2209\WUDFPlatform.exe" [2012-07-06 49664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 634880] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664] "ORAHSSSessionManager"="c:\program files\Livebox\SessionManager\SessionManager.exe" [2008-06-10 107248] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "Lto Manager"="c:\program files\Quick GPS Connection Data Download Manager\DesktopLtoManager.exe" [2005-05-23 53248] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ GlobeTrotter Connect.lnk - c:\program files\ERA\GlobeTrotter Connect\GlobeTrotter Connect.exe [2008-1-10 782336] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-19 525640] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - ECACHE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Zawartość folderu 'Zaplanowane zadania' . 2012-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 16:23] . 2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 09:57] . 2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 09:57] . 2012-06-13 c:\windows\Tasks\Norton Security Scan for Janina Kruk.job - c:\progra~1\NORTON~2\Engine\352~1.10\Nss.exe [2011-12-14 15:16] . 2012-07-08 c:\windows\Tasks\User_Feed_Synchronization-{07DC1A3E-D0F0-4E88-9073-909491DE6FB7}.job - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ mStart Page = www.v9.com/idg/idg_1323970349_700942 IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Janina Kruk\AppData\Roaming\Mozilla\Firefox\Profiles\od8pbo41.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-08 23:35 Windows 6.0.6000 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Czas ukończenia: 2012-07-08 23:38:28 ComboFix-quarantined-files.txt 2012-07-08 21:38 . Przed: 6 873 190 400 bajtów wolnych Po: 7 276 089 344 bajtów wolnych . - - End Of File - - 1279F9088B11138D4F67D3EA0D4E5B0F