ComboFix 13-02-15.01 - 1 2013-02-16   9:49.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1250.48.1045.18.4094.2933 [GMT 1:00]
Uruchomiony z: c:\users\1\Desktop\ComboFix.exe
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20121107.txt
c:\cflog\CrashLog_20121116.txt
c:\cflog\EPLog.txt
c:\cflog\Host.txt
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPly.xpi
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\DealPlyTune.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdate.log
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\sqlite3.dll
c:\program files (x86)\DealPly\uninst.exe
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\users\1\AppData\Roaming\cglogs.dat
c:\users\1\AppData\Roaming\dclogs
c:\users\1\AppData\Roaming\dclogs\2012-12-27-5.dc
c:\users\1\AppData\Roaming\dclogs\2012-12-28-6.dc
c:\users\1\AppData\Roaming\dclogs\2012-12-29-7.dc
c:\users\1\AppData\Roaming\dclogs\2012-12-30-1.dc
c:\users\1\AppData\Roaming\dclogs\2012-12-31-2.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-01-3.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-02-4.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-03-5.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-04-6.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-05-7.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-06-1.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-07-2.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-08-3.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-09-4.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-10-5.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-11-6.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-12-7.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-13-1.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-14-2.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-15-3.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-16-4.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-17-5.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-18-6.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-19-7.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-20-1.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-21-2.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-22-3.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-23-4.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-24-5.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-25-6.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-26-7.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-27-1.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-28-2.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-29-3.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-30-4.dc
c:\users\1\AppData\Roaming\dclogs\2013-01-31-5.dc
c:\users\1\AppData\Roaming\dclogs\2013-02-01-6.dc
c:\users\1\AppData\Roaming\dclogs\2013-02-02-7.dc
c:\users\1\AppData\Roaming\dclogs\2013-02-03-1.dc
c:\users\1\AppData\Roaming\dclogs\2013-02-04-2.dc
c:\users\1\AppData\Roaming\dclogs\2013-02-05-3.dc
c:\users\1\AppData\Roaming\dclogs\2013-02-06-4.dc
c:\users\1\AppData\Roaming\dclogs\2013-02-07-5.dc
c:\users\1\AppData\Roaming\dclogs\2013-02-08-6.dc
c:\users\1\AppData\Roaming\dclogs\2013-02-10-1.dc
c:\users\1\AppData\Roaming\dclogs\2013-02-11-2.dc
c:\users\1\AppData\Roaming\dclogs\2013-02-12-3.dc
c:\users\1\AppData\Roaming\dclogs\2013-02-13-4.dc
c:\users\1\AppData\Roaming\dclogs\2013-02-14-5.dc
c:\users\1\AppData\Roaming\dclogs\2013-02-15-6.dc
c:\users\1\m2.exe
c:\windows\l33td.ini
c:\windows\system\iexplore.exe
c:\windows\System\iexplore.txt
c:\windows\system\iexplore.txt2
c:\windows\system\smss.exe
c:\windows\System\smss.txt
c:\windows\system\smss.txt2
c:\windows\SysWow64\install
c:\windows\SysWow64\install\winlogin
c:\windows\SysWow64\tmp4943.tmp
c:\windows\SysWow64\tmp4963.tmp
d:\1gry\PANDOR~1\PANDOR~2\AUTOpa~1.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-01-16 do 2013-02-16  )))))))))))))))))))))))))))))))
.
.
2013-02-16 08:17 . 2013-02-16 08:39	--------	d-----w-	c:\users\1\AppData\Local\ElevatedDiagnostics
2013-02-13 11:20 . 2013-02-13 11:20	--------	d-----w-	c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2013-02-12 19:33 . 2013-02-12 19:33	--------	d-----w-	c:\programdata\Trymedia
2013-02-12 19:19 . 2013-02-12 19:19	--------	d-----w-	c:\users\1\AppData\Roaming\DealPly
2013-02-11 12:49 . 2013-02-11 12:49	--------	d-----w-	c:\users\1\AppData\Roaming\Baumaschinen Simulator 2011
2013-02-10 21:53 . 2013-02-10 21:53	--------	d-----w-	c:\windows\SysWow64\Extensions
2013-02-10 21:52 . 2013-02-10 21:52	--------	d-----w-	c:\windows\SysWow64\searchplugins
2013-02-08 16:11 . 2013-02-08 16:11	--------	d-----w-	c:\users\1\AppData\Local\B1E
2013-02-08 16:11 . 2013-02-08 16:11	--------	d-----w-	c:\users\1\AppData\Roaming\B1Toolbar
2013-02-06 18:50 . 2013-02-06 18:56	--------	d-----w-	c:\program files (x86)\Mount&Blade Warband
2013-02-02 12:56 . 2013-02-02 12:56	--------	d-----w-	c:\users\1\AppData\Roaming\Reallusion
2013-02-02 12:53 . 2013-02-02 12:53	--------	d-----w-	c:\program files (x86)\Common Files\Reallusion
2013-02-02 12:53 . 2008-10-18 04:21	5661488	----a-w-	c:\windows\SysWow64\CSVirtualCamera.ocx
2013-02-02 12:53 . 2008-09-18 19:54	56320	----a-w-	c:\windows\system32\drivers\CamSuiteVAC.sys
2013-02-02 12:53 . 2008-05-22 11:14	65536	----a-w-	c:\windows\SysWow64\RLTransformfilter.ax
2013-02-02 12:53 . 2013-02-02 12:53	--------	d-----w-	c:\program files (x86)\Reallusion
2013-02-02 12:53 . 2009-04-28 09:07	532480	----a-w-	c:\windows\system32\drivers\PAC7302.SYS
2013-02-02 12:53 . 2007-11-02 10:07	8704	----a-w-	c:\windows\system32\CoInst_071029.dll
2013-02-02 12:52 . 2008-03-24 10:09	141824	----a-w-	c:\windows\SysWow64\SP7302.ax
2013-02-02 12:52 . 2006-10-12 10:57	14336	----a-w-	c:\windows\SysWow64\P7302USD.dll
2013-02-02 12:52 . 2013-02-02 12:53	--------	d-----w-	c:\program files (x86)\Common Files\FaceCam 300
2013-02-02 12:52 . 2013-02-02 12:52	--------	d-----w-	c:\windows\PixArt
2013-01-31 13:52 . 2013-01-31 13:52	--------	d-----w-	c:\users\1\AppData\Roaming\Theta
2013-01-31 13:35 . 2013-01-31 13:35	--------	d-----w-	c:\users\1\AppData\Local\Programs
2013-01-28 20:11 . 2013-01-28 20:11	1432242	----a-w-	c:\windows\SysWow64\Medievil 2.scr
2013-01-28 20:11 . 2013-01-28 20:11	--------	d-----w-	c:\program files (x86)\SEGA
2013-01-28 20:11 . 2013-01-28 20:12	--------	d-----w-	c:\users\1\AppData\Local\Axialis
2013-01-21 15:18 . 2013-01-21 15:18	--------	d-----w-	c:\program files (x86)\JDownloader
2013-01-17 18:29 . 2013-01-17 18:29	--------	d-----w-	c:\users\1\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2013-01-17 18:29 . 2013-01-17 18:29	--------	d-----w-	c:\program files (x86)\Common Files\Adobe AIR
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 12:36 . 2012-08-27 17:26	74096	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-10 12:36 . 2012-08-27 17:26	697712	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-30 15:38 . 2012-08-27 19:13	281520	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-01-30 15:38 . 2012-08-25 08:25	281520	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-01-30 15:38 . 2012-08-25 08:25	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-01-11 16:44 . 2013-01-11 16:44	65536	----a-r-	c:\users\1\AppData\Roaming\Microsoft\Installer\{57304C7E-5245-4953-A8F9-6A13CDCFC427}\Manual.pdf_57304C7E52454953A8F96A13CDCFC427.exe
2013-01-11 16:44 . 2013-01-11 16:44	65536	----a-r-	c:\users\1\AppData\Roaming\Microsoft\Installer\{57304C7E-5245-4953-A8F9-6A13CDCFC427}\IGTreasures.html_57304C7E52454953A8F96A13CDCFC427.exe
2013-01-11 16:44 . 2013-01-11 16:44	65536	----a-r-	c:\users\1\AppData\Roaming\Microsoft\Installer\{57304C7E-5245-4953-A8F9-6A13CDCFC427}\GamesSite.html11_57304C7E52454953A8F96A13CDCFC427.exe
2013-01-11 16:44 . 2013-01-11 16:44	65536	----a-r-	c:\users\1\AppData\Roaming\Microsoft\Installer\{57304C7E-5245-4953-A8F9-6A13CDCFC427}\clubincagold.html_57304C7E52454953A8F96A13CDCFC427.exe
2013-01-11 16:44 . 2013-01-11 16:44	40960	----a-r-	c:\users\1\AppData\Roaming\Microsoft\Installer\{57304C7E-5245-4953-A8F9-6A13CDCFC427}\speedthief.exe1_57304C7E52454953A8F96A13CDCFC427.exe
2013-01-11 16:44 . 2013-01-11 16:44	40960	----a-r-	c:\users\1\AppData\Roaming\Microsoft\Installer\{57304C7E-5245-4953-A8F9-6A13CDCFC427}\speedthief.exe_57304C7E52454953A8F96A13CDCFC427.exe
2013-01-03 13:57 . 2012-08-25 08:25	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-12-28 21:04 . 2012-12-28 21:04	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2012-12-28 20:59 . 2012-09-24 17:21	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2012-12-28 20:59 . 2012-09-24 17:21	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-11-19 00:01 . 2012-11-28 03:55	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{33DB7063-6938-477E-B4A7-24DD7C142D4A}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTo0.dll" [2011-05-09 176936]
"{dc84d6f4-abf5-441d-bdef-65f3f4d7aabe}"= "c:\program files (x86)\JDownloader\prxtbJDow.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_CLASSES_ROOT\clsid\{dc84d6f4-abf5-441d-bdef-65f3f4d7aabe}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\uTorrentControl_v2\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{dc84d6f4-abf5-441d-bdef-65f3f4d7aabe}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\JDownloader\prxtbJDow.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-10-12 20:57	194928	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTo0.dll" [2011-05-09 176936]
"{dc84d6f4-abf5-441d-bdef-65f3f4d7aabe}"= "c:\program files (x86)\JDownloader\prxtbJDow.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_CLASSES_ROOT\clsid\{dc84d6f4-abf5-441d-bdef-65f3f4d7aabe}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"screenSHU"="d:\program files (x86)\screenSHU\screenSHU.exe" [2012-04-03 2121216]
"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"GoogleChromeAutoLaunch_5FEC37F68AD04C6DB9277540FD044B6F"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="d:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
.
c:\users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
µTorrent.lnk - d:\pobieranko\uTorrent.exe [2012-8-21 969104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~1\261123~1.78\{16cdf~1\browse~1.dll c:\progra~3\browse~1\261123~1.78\{16cdf~1\browsemngr.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"62.75.206.182,255.255.255.255,192.168.1.2,1"=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-04-30 123816]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-02-08 8704]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R4 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-17 1255736]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-04 283200]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2013-01-31 2561488]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\DRIVERS\CamSuiteVAC.sys [2008-09-18 56320]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-30 20:50	1607120	----a-w-	c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-02-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 12:36]
.
2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-20 17:57]
.
2013-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-20 17:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"62.75.206.182,255.255.255.255,192.168.1.2,1"=""
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.b1.org/?bsrc=4hixr&chid=c167991
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={38C56FE8-2061-11E2-8FC4-6CF049E0DDE4}
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
FF - ProfilePath - c:\users\1\AppData\Roaming\Mozilla\Firefox\Profiles\0i5h0b94.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3175297&SearchSource=3&q={searchTerms}&CUI=UN15478869873130131
FF - prefs.js: browser.search.selectedEngine - JDownloader Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.babylon.com/?affID=116433&tt=120912_cpc_3912_2&babsrc=HP_ss&mntrId=be28478f0000000000006cf049e0dde4
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3175297&SearchSource=2&CUI=UN15478869873130131&q=
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=be28478f0000000000006cf049e0dde4&q=
FF - user.js: extensions.BabylonToolbar.id - be28478f0000000000006cf049e0dde4
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15610
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1216:28
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=116433&tt=120912_cpc_3912_2
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
user_pref('extensions.dealply.partner', 'answ');
user_pref('extensions.dealply.channel', 'answ1');
user_pref('extensions.dealply.installId', 'v24300272163380597159952012100816281528');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '8');
FF - user.js: extentions.y2layers.installId - f914bff1-99b9-4a73-a0ec-5e43a674e8d9
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
BHO-{336D0C35-8A85-403a-B9D2-65C292C39087} - (no file)
BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files (x86)\DealPly\DealPlyIE.dll
Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
Wow6432Node-HKLM-Run-l33t - c:\windows\system\iexplore.exe
HKLM_Wow6432Node-ActiveSetup-{XYLPMCH6-545N-OLA7-IVAV-4R31N43S1J26} - c:\windows\system32\install\winlogin
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
AddRemove-Baumaschinen Simulator 2011 - d:\1gry\Roboty Drogowe\uninstall.exe
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-Symulator Autobusu - d:\1gry\Symulator Autobusu\Odinstaluj.exe
AddRemove-{AEF59382-3FF1-4EBF-A93E-CCC474DCEA3F}_is1 - d:\1gry\Bau-Simulator 2012\unins000.exe
AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3374562511-2249349261-2254905696-1000\Software\SecuROM\License information*]
"datasecu"=hex:9e,1d,e3,94,1a,74,c4,23,3c,7a,2c,ed,26,f0,b7,df,49,61,73,10,41,
   bd,dc,07,fd,c7,84,fd,0e,5f,8f,54,15,6d,32,82,46,7b,d4,6c,0f,68,a5,63,d8,f3,\
"rkeysecu"=hex:71,d1,5b,2e,14,34,8f,bc,2b,ea,b5,ac,71,17,74,dc
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ExpressFiles\EFUpdater.exe
.
**************************************************************************
.
Czas ukończenia: 2013-02-16  09:58:23 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2013-02-16 08:58
.
Przed: 38 420 967 424 bajtów wolnych
Po: 38 701 260 800 bajtów wolnych
.
- - End Of File - - BB71C50E22F984769D1102A463EBA514