ComboFix 11-03-16.01 - admin 2011-03-16  22:14:55.1.2 - x86
MicrosoftŽ Windows Vista™ Home Premium   6.0.6001.1.1250.48.1033.18.2037.942 [GMT 1:00]
Uruchomiony z: c:\users\admin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hEcJpOp25900
c:\programdata\hEcJpOp25900\hEcJpOp25900
c:\programdata\hEcJpOp25900\hEcJpOp25900.exe
c:\windows\system32\KBL.LOG
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-02-16 do 2011-03-16  )))))))))))))))))))))))))))))))
.
.
2011-03-16 21:23 . 2011-03-16 21:23	--------	d-----w-	c:\users\mja\AppData\Local\temp
2011-03-16 21:23 . 2011-03-16 21:23	--------	d-----w-	c:\users\goœć\AppData\Local\temp
2011-03-16 21:23 . 2011-03-16 21:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-03-16 15:31 . 2011-03-16 15:31	--------	d-----w-	c:\users\goœć\AppData\Roaming\WinRAR
2011-03-15 19:23 . 2011-03-15 19:23	--------	d-----w-	c:\program files\SkanerOnline
2011-03-15 18:20 . 2011-03-15 18:20	--------	d-----w-	C:\My Documents
2011-03-15 09:39 . 2011-02-11 06:54	5943120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D82E3E9-E932-4851-8945-EA43E9C42FF7}\mpengine.dll
2011-03-09 12:33 . 2010-12-29 17:41	323072	----a-w-	c:\windows\system32\sbe.dll
2011-03-09 12:33 . 2010-12-29 17:41	153088	----a-w-	c:\windows\system32\sbeio.dll
2011-03-09 12:33 . 2010-12-29 17:41	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-03-09 12:33 . 2010-12-29 17:39	177664	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-09 12:33 . 2010-12-17 16:43	2067456	----a-w-	c:\windows\system32\mstscax.dll
2011-03-09 12:33 . 2010-12-17 15:06	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-03-06 19:11 . 2011-03-06 19:11	--------	d-----w-	c:\users\goœć\AppData\Local\PackageAware
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2060-08-18 18:02 . 2009-11-16 18:48	2023424	------w-	c:\windows\system32\VCL50.BPL
2060-08-18 18:02 . 2009-11-16 18:48	1496064	------w-	c:\windows\system32\CC3250MT.DLL
2060-08-18 18:02 . 2009-11-16 18:48	248832	------w-	c:\windows\system32\VCLX50.BPL
2060-08-18 17:40 . 2009-11-16 18:48	909824	------w-	c:\windows\system32\cp3245mt.dll
2060-08-18 17:40 . 2009-11-16 18:48	24064	------w-	c:\windows\system32\borlndmm.dll
2011-02-02 16:11 . 2009-10-04 16:51	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-01-08 07:50 . 2011-02-09 20:42	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-01-08 05:57 . 2011-02-09 20:42	292352	----a-w-	c:\windows\system32\atmfd.dll
2010-12-31 13:25 . 2011-02-09 20:42	2038784	----a-w-	c:\windows\system32\win32k.sys
2010-12-28 14:57 . 2011-01-12 19:59	409600	----a-w-	c:\windows\system32\odbc32.dll
2010-12-18 06:27 . 2011-02-09 20:42	916480	----a-w-	c:\windows\system32\wininet.dll
2010-12-18 06:22 . 2011-02-09 20:42	43520	----a-w-	c:\windows\system32\licmgr10.dll
2010-12-18 06:22 . 2011-02-09 20:42	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2010-12-18 06:22 . 2011-02-09 20:42	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-12-18 06:22 . 2011-02-09 20:42	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-12-18 05:25 . 2011-02-09 20:42	385024	----a-w-	c:\windows\system32\html.iec
2010-12-18 04:48 . 2011-02-09 20:42	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-12-18 04:47 . 2011-02-09 20:42	1638912	----a-w-	c:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyœlne, prawidłowe wpisy nie sš pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-04-06 26102056]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-30 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 188416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
.
c:\users\go˜†\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\mja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
R2 pr2ajfae;Anno 1503 Zlota Edycja Drivers Auto Removal (pr2ajfae);c:\windows\system32\pr2ajfae.exe svc [x]
S0 pe3ajfae;Anno 1503 Zlota Edycja Environment Driver (pe3ajfae);c:\windows\system32\drivers\pe3ajfae.sys [2007-02-13 65432]
S0 ps6ajfae;Anno 1503 Zlota Edycja Synchronization Driver (ps6ajfae);c:\windows\system32\drivers\ps6ajfae.sys [2007-02-13 52128]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Zawartoœć folderu 'Zaplanowane zadania'
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 19:28]
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 19:28]
.
2011-03-16 c:\windows\Tasks\User_Feed_Synchronization-{285B0CF0-2092-45E4-B680-314BA78D1989}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Skan uzupełniajšcy -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=81&bd=Presario&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-NWEReboot - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-16 22:24
Windows 6.0.6001 Service Pack 1 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyœlnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Czas ukończenia: 2011-03-16  22:26:25
ComboFix-quarantined-files.txt  2011-03-16 21:26
.
Przed: 46 926 098 432 bytes free
Po: 48 865 718 272 bytes free
.
- - End Of File - - 2F9B689625C262B43654807E8791BE19