ComboFix 12-09-09.02 - Dom 2012-09-10 15:21:27.3.2 - x86 MINIMAL Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.48.1045.18.3070.2572 [GMT 2:00] Uruchomiony z: c:\users\Dom\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((( Pliki utworzone od 2012-08-10 do 2012-09-10 ))))))))))))))))))))))))))))))) . . 2012-09-10 13:26 . 2012-09-10 13:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-10 13:10 . 2012-09-10 13:26 -------- d-----w- c:\users\Dom\AppData\Local\temp 2012-09-09 15:29 . 2012-09-09 15:29 -------- d-----w- c:\programdata\dtibotwimyfdrez 2012-09-09 15:29 . 2012-09-09 15:29 162816 ----a-w- c:\windows\iocjckui.exe 2012-08-21 22:18 . 2012-08-21 22:20 -------- d-----w- c:\users\Dom\AppData\Roaming\ooVoo Details 2012-08-21 22:16 . 2012-08-21 22:16 -------- d-----w- c:\program files\ooVoo 2012-08-21 22:12 . 2012-08-21 22:12 -------- d-----w- c:\users\Dom\AppData\Local\Google 2012-08-21 22:12 . 2012-08-21 22:12 -------- d-----w- c:\users\Dom\AppData\Local\CRE 2012-08-21 22:12 . 2012-08-21 22:12 -------- d-----w- c:\program files\Conduit 2012-08-21 22:12 . 2012-08-21 22:12 -------- d-----w- c:\users\Dom\AppData\Local\Conduit 2012-08-21 22:11 . 2012-08-21 22:12 -------- d-----w- c:\program files\01NET.com 2012-08-20 23:33 . 2012-08-20 23:33 -------- d-----w- c:\users\Dom\AppData\Local\Facebook 2012-08-15 17:16 . 2012-08-15 17:16 -------- d-----w- c:\windows\system32\Browser Manager 2012-08-15 13:28 . 2012-08-15 13:28 -------- d-----w- c:\program files\Ask.com 2012-08-15 13:18 . 2012-08-15 13:18 -------- d-----w- c:\windows\Sun 2012-08-15 13:15 . 2012-08-15 13:15 -------- d-----w- c:\programdata\Ask 2012-08-15 13:15 . 2012-08-15 13:15 -------- d-----w- c:\program files\Common Files\Java 2012-08-15 13:14 . 2012-08-15 13:14 -------- d-----w- c:\program files\Oracle 2012-08-15 13:14 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-15 13:14 . 2012-07-05 20:06 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-15 13:13 . 2012-08-15 13:13 -------- d-----w- c:\program files\Java 2012-08-14 21:05 . 2012-08-14 21:06 -------- d-----r- c:\program files\Skype 2012-08-14 21:05 . 2012-08-14 21:05 -------- d-----w- c:\program files\Common Files\Skype 2012-08-13 10:21 . 2012-08-13 10:21 -------- d-----w- c:\users\Dom\.thumbnails 2012-08-13 10:18 . 2012-08-17 21:24 -------- d-----w- c:\users\Dom\.gimp-2.7 2012-08-13 10:18 . 2012-08-13 10:18 -------- d-----w- c:\users\Dom\.gegl-0.0 2012-08-13 10:17 . 2012-08-13 10:17 -------- d-----w- c:\program files\GIMP-2.7 2012-08-13 10:17 . 2012-08-13 10:17 -------- d-----w- c:\program files\v9Soft 2012-08-13 09:55 . 2012-08-13 09:55 -------- d-----w- c:\programdata\Browser Manager 2012-08-13 09:54 . 2012-08-13 09:54 -------- d-----w- c:\program files\BabylonToolbar . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-16 00:41 . 2012-07-21 13:21 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBA7EE75-1408-4071-B792-96B85F78EB33}\mpengine.dll . . ((((((((((((((((((((((((((((( SnapShot_2012-09-10_13.09.33 ))))))))))))))))))))))))))))))))))))))))) . + 2008-02-15 22:13 . 2012-09-10 13:16 26940 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:03 . 2012-09-10 13:16 51664 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2012-04-11 12:27 . 2012-09-10 13:16 7336 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1832116753-682593944-3140558332-1000_UserData.bin + 2012-09-10 13:14 . 2012-09-10 13:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-09-10 12:50 . 2012-09-10 12:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-09-10 13:14 . 2012-09-10 13:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-09-10 12:50 . 2012-09-10 12:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2006-12-05 05:27 . 2012-09-10 13:02 661070 c:\windows\System32\perfh015.dat + 2006-12-05 05:27 . 2012-09-10 13:24 661070 c:\windows\System32\perfh015.dat - 2006-11-02 10:33 . 2012-09-10 13:02 586568 c:\windows\System32\perfh009.dat + 2006-11-02 10:33 . 2012-09-10 13:24 586568 c:\windows\System32\perfh009.dat - 2006-12-05 05:27 . 2012-09-10 13:02 126324 c:\windows\System32\perfc015.dat + 2006-12-05 05:27 . 2012-09-10 13:24 126324 c:\windows\System32\perfc015.dat + 2006-11-02 10:33 . 2012-09-10 13:24 100640 c:\windows\System32\perfc009.dat - 2006-11-02 10:33 . 2012-09-10 13:02 100640 c:\windows\System32\perfc009.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272] "{8e5025c2-8ea3-430d-80b8-a14151068a6d}"= "c:\program files\01NET.com\prxtb01NE.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_CLASSES_ROOT\clsid\{8e5025c2-8ea3-430d-80b8-a14151068a6d}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8e5025c2-8ea3-430d-80b8-a14151068a6d}] 2011-05-09 09:49 176936 ----a-w- c:\program files\01NET.com\prxtb01NE.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-05-04 13:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272] "{8e5025c2-8ea3-430d-80b8-a14151068a6d}"= "c:\program files\01NET.com\prxtb01NE.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{8e5025c2-8ea3-430d-80b8-a14151068a6d}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928] "Facebook Update"="c:\users\Dom\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-20 138096] "ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2012-08-20 27040888] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] "iocjckuimjmuyca"="c:\windows\iocjckui.exe" [2012-09-09 162816] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-05-04 1561768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\BROWSE~1\22565~1.25\{16CDF~1\browsemngr.dll . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] . . --- Inne Usługi/Sterowniki w Pamięci --- . *NewlyCreated* - ECACHE . Zawartość folderu 'Zaplanowane zadania' . 2012-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 13:08] . 2012-09-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1832116753-682593944-3140558332-1000Core.job - c:\users\Dom\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-20 23:33] . 2012-09-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1832116753-682593944-3140558332-1000UA.job - c:\users\Dom\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-20 23:33] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3128284 mStart Page = hxxp://www.v9.com/?utm_source=b&utm_medium=pbr&from=pbr&uid=WD-WXE807274047_WDCWD2500BEVS-22UST0&ts=1344853016 IE: &P&obierz &za pomocą BitComet - d:\programfiles\BitComet\BitComet.exe/AddLink.htm IE: Pobierz wszystko za pomocą BitComet - d:\programfiles\BitComet\BitComet.exe/AddAllLink.htm TCP: DhcpNameServer = 192.168.1.1 0.0.0.0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-10 15:26 Windows 6.0.6002 Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . Czas ukończenia: 2012-09-10 15:27:38 ComboFix-quarantined-files.txt 2012-09-10 13:27 ComboFix2.txt 2012-09-10 13:10 ComboFix3.txt 2012-09-10 12:43 . Przed: 15 274 049 536 bajtów wolnych Po: 15 055 118 336 bajtów wolnych . - - End Of File - - 58E172E307D3CEF68FCB11F12C84EE75