ComboFix 12-05-12.01 - Ja 2012-05-12  18:11:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1250.48.1045.18.2046.1176 [GMT 2:00]
Uruchomiony z: c:\users\Ja\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FunWebProducts
c:\windows\$NtUninstallKB61398$
c:\windows\$NtUninstallKB61398$\2370744818
c:\windows\$NtUninstallKB61398$\3882354878\@
c:\windows\$NtUninstallKB61398$\3882354878\cfg.ini
c:\windows\$NtUninstallKB61398$\3882354878\Desktop.ini
c:\windows\$NtUninstallKB61398$\3882354878\L\qnbwvoto
c:\windows\$NtUninstallKB61398$\3882354878\twl.dll
c:\windows\$NtUninstallKB61398$\3882354878\U\00000001.@
c:\windows\$NtUninstallKB61398$\3882354878\U\00000002.@
c:\windows\$NtUninstallKB61398$\3882354878\U\00000004.@
c:\windows\$NtUninstallKB61398$\3882354878\U\80000000.@
c:\windows\$NtUninstallKB61398$\3882354878\U\80000004.@
c:\windows\$NtUninstallKB61398$\3882354878\U\80000032.@
c:\windows\$NtUninstallKB61398$\3882354878\version
c:\windows\datazy.log
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\Google Earth Pro Gold Edition 2009.exe
c:\windows\w4win.ini
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-04-12 do 2012-05-12  )))))))))))))))))))))))))))))))
.
.
2012-05-12 16:23 . 2012-05-12 16:26	--------	d-----w-	c:\users\Ja\AppData\Local\temp
2012-05-12 16:23 . 2012-05-12 16:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-12 00:44 . 2012-05-12 00:44	--------	d-----w-	c:\program files\ESET
2012-05-12 00:31 . 2012-05-12 00:31	--------	d-----w-	c:\users\Ja\AppData\Local\ElevatedDiagnostics
2012-05-12 00:11 . 2012-05-12 00:12	--------	d-----w-	c:\users\Ja\AppData\Local\CrashDumps
2012-05-11 23:31 . 2012-05-11 23:47	--------	d-----w-	c:\program files\Lavalys
2012-05-11 23:13 . 2012-02-01 15:11	1218048	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 23:13 . 2012-02-01 15:10	964608	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 23:13 . 2012-02-01 15:10	1404928	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-11 23:13 . 2012-02-01 15:10	983040	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 23:13 . 2012-02-01 15:10	936960	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 23:13 . 2012-02-01 13:58	47104	----a-w-	c:\program files\Windows Journal\PDIALOG.exe
2012-05-11 23:12 . 2012-03-30 12:39	905600	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-11 23:12 . 2012-03-20 23:28	53120	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-11 23:11 . 2012-03-01 14:46	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-05-11 23:11 . 2012-02-29 13:41	1069056	----a-w-	c:\windows\system32\DWrite.dll
2012-05-11 23:11 . 2012-03-01 14:46	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-05-11 23:11 . 2012-02-29 14:08	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-05-11 23:11 . 2012-02-29 13:44	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-05-11 23:07 . 2012-04-03 08:16	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-11 23:07 . 2012-04-03 08:16	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-11 23:07 . 2012-04-02 13:36	2044928	----a-w-	c:\windows\system32\win32k.sys
2012-05-11 19:46 . 2012-05-12 04:34	--------	d-----w-	c:\programdata\Norton
2012-05-08 13:49 . 2012-04-13 07:36	6734704	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D80D45C2-2D42-4E9F-BFF5-040FE65FDF13}\mpengine.dll
2012-05-05 16:43 . 2012-05-05 16:43	--------	d-----w-	c:\users\Ja\AppData\Roaming\Sony Online Entertainment
2012-05-05 15:40 . 2012-05-05 15:40	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-05-05 15:40 . 2012-05-05 15:40	157352	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-05 15:40 . 2012-05-05 15:40	129976	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-04 20:29 . 2012-05-04 20:29	--------	d-----w-	c:\users\Ja\AppData\Local\TechSmith
2012-05-04 20:25 . 2012-05-04 20:25	--------	d-----w-	c:\windows\system32\QuickTime
2012-05-02 21:59 . 2012-05-02 22:08	--------	d-----w-	c:\users\Ja\AppData\Roaming\gtk-2.0
2012-05-02 21:59 . 2012-05-02 21:59	--------	d-----w-	c:\users\Ja\.thumbnails
2012-05-02 21:56 . 2012-05-02 22:14	--------	d-----w-	c:\users\Ja\.gimp-2.6
2012-05-02 21:55 . 2012-05-02 21:55	--------	d-----w-	c:\program files\GIMP-2.0
2012-04-30 13:49 . 2012-04-30 13:49	4	----a-w-	c:\windows\system32\proc-1037709799.bin
2012-04-30 13:49 . 2012-04-30 13:49	--------	d-----w-	c:\users\Ja\AppData\Roaming\GanymedeNet
2012-04-25 14:32 . 2012-04-25 14:32	--------	d-----w-	c:\programdata\SweetIM
2012-04-25 14:32 . 2012-04-25 14:32	--------	d-----w-	c:\program files\SweetIM
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 06:34 . 2012-04-04 08:43	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-05 06:34 . 2011-07-25 15:01	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-02 12:43 . 2012-04-02 12:43	1292288	----a-w-	c:\windows\is-IMCH4.exe
2012-04-01 00:17 . 2012-04-01 00:17	1292288	----a-w-	c:\windows\is-2QK7H.exe
2012-03-22 18:00 . 2012-04-02 12:50	79360	----a-w-	c:\windows\system32\ff_vfw.dll
2012-02-29 15:11 . 2012-04-12 07:51	5120	----a-w-	c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-12 07:51	172032	----a-w-	c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-12 07:51	157696	----a-w-	c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-12 07:51	12800	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-12 07:51	1799168	----a-w-	c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 07:51	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 07:51	1127424	----a-w-	c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 07:51	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-02-23 08:18 . 2011-07-25 15:06	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-19 22:55 . 2011-07-25 15:19	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-05-05 15:40 . 2012-03-20 19:44	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06	163328	--sha-r-	c:\windows\System32\flvDX.dll
2007-02-21 10:47	31232	--sha-r-	c:\windows\System32\msfDX.dll
2008-03-16 12:30	216064	--sha-r-	c:\windows\System32\nbDX.dll
2010-01-06 21:00	107520	--sha-r-	c:\windows\System32\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-02-19 12:46	1337648	----a-r-	c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-02-19 1337648]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-02-19 1337648]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-11-28 296056]
"PhilipsDM"="c:\program files\Philips\SA43xx\Philips Device Manager\Bin\LaunchDM.exe" [2009-12-12 40960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-70149214-1339082029-3386996294-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
{6080a529-897e-4629-a488-aba0c29b635e}
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 06:34]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-10 13:41]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-10 13:41]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.arkowcy.pl/
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000&barid={768914F5-60A5-4517-AAB9-DC73029676B1}
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 217.172.224.160 89.231.1.206
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - 
FF - ProfilePath - c:\users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\wev3esra.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.arkowcy.pl/
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
URLSearchHooks-{5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-{FCB7D55C-B9B6-43E4-A692-FB0561F87000}_is1 - c:\users\Ja\Desktop\Programy\Programy\VirtualDubMod_1.5.10.3_build_2550_PL\VirtualDubMOD\plugins\plugins\unins000.exe
.
.
.
**************************************************************************
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=hex:51,66,7a,6c,4c,1d,38,12,55,e2,d0,
   7e,f8,75,36,04,cc,26,b5,2d,be,5d,85,a1
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
   36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,35,c0,f5,
   ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
   34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}"=hex:51,66,7a,6c,4c,1d,38,12,4d,a0,e0,
   7c,bc,37,84,0f,e5,41,cb,b4,b5,01,91,c9
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,
   ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}"=hex:51,66,7a,6c,4c,1d,38,12,6c,7c,df,
   f1,7c,21,0c,01,ca,a7,7a,0a,52,a3,7a,19
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:11,ef,9b,5d,36,2f,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,b7,f6,f9,2e,ab,87,4f,84,3d,89,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,b7,f6,f9,2e,ab,87,4f,84,3d,89,\
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'Explorer.exe'(1136)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\atieclxx.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\WUDFHost.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Czas ukończenia: 2012-05-12  18:34:31 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-05-12 16:34
.
Przed: 161 538 191 360 bajtów wolnych
Po: 163 031 420 928 bajtów wolnych
.
- - End Of File - - AD32A8FB595D2DFEFC8F264EB78D4A19