ComboFix 13-01-03.02 - Adam 2013-01-03  14:30:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1250.48.1045.18.1789.870 [GMT 1:00]
Uruchomiony z: c:\users\Adam\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Rezydentny antywirus jest aktywny
.
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0tbpw.pad
c:\users\Adam\AppData\Local\Temp\wpbt0.dll
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-12-03 do 2013-01-03  )))))))))))))))))))))))))))))))
.
.
2013-01-03 13:40 . 2013-01-03 13:40	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-01 19:24 . 2013-01-01 19:24	--------	d-----w-	c:\program files\v9Soft
2013-01-01 11:53 . 2013-01-01 11:53	--------	d-----w-	c:\program files\7-Zip
2013-01-01 10:48 . 2012-11-19 00:04	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{02330F60-5375-4049-B5C1-E16965444FB0}\mpengine.dll
2012-12-29 18:07 . 2013-01-03 13:24	--------	d-----w-	c:\users\Adam\AppData\Roaming\uTorrent
2012-12-25 13:43 . 2012-12-25 13:43	--------	d-----w-	c:\users\Adam\AppData\Local\Macromedia
2012-12-25 13:42 . 2012-12-25 13:42	--------	d-----w-	c:\programdata\McAfee Security Scan
2012-12-25 13:42 . 2012-12-26 16:48	--------	d-----w-	c:\program files\McAfee Security Scan
2012-12-25 13:42 . 2012-12-25 13:42	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-25 13:42 . 2012-12-25 13:42	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-05 19:25 . 2012-12-05 19:25	782608	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-29 08:26 . 2012-12-03 15:00	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2009-06-04 869888]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-10 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"uTorrent"="c:\users\Adam\Desktop\utorrent (2).exe" [2010-02-28 319280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-08-26 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-03-10 30192]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2008-03-06 241664]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2010-03-25 2499584]
.
c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
runctf.lnk - c:\windows\System32\rundll32.exe [2006-11-2 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Users^Adam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk]
path=c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
backup=c:\windows\pss\runctf.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-25 13:42]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 11:45]
.
2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 11:45]
.
2009-09-23 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-10 13:10]
.
2009-09-23 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-10 13:10]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.v9.com/?utm_source=b&utm_medium=pbr&from=pbr&uid=090630FB2E06YKHGD9ZH_HitachiHTS543225L9SA00&ts=1357068276
mStart Page = hxxp://www.v9.com/?utm_source=b&utm_medium=pbr&from=pbr&uid=090630FB2E06YKHGD9ZH_HitachiHTS543225L9SA00&ts=1357068276
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\4jxn3kpq.default\
FF - prefs.js: browser.search.selectedEngine - v9
FF - prefs.js: browser.startup.homepage - hxxp://www.v9.com/?utm_source=b&utm_medium=pbr&from=pbr&uid=090630FB2E06YKHGD9ZH_HitachiHTS543225L9SA00&ts=1357068276
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
MSConfigStartUp-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
AddRemove-pkslow_60_is1 - c:\edgard\Profesor Klaus 6.0 Słownictwo\unins000.exe
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-03 14:41
Windows 6.0.6001 Service Pack 1 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Czas ukończenia: 2013-01-03  14:44:27
ComboFix-quarantined-files.txt  2013-01-03 13:44
.
Przed: 23 688 417 280 bajtów wolnych
Po: 23 092 092 928 bajtów wolnych
.
- - End Of File - - DEEA3996CFDC759E89A7DD5AAFDDDB38