ComboFix 11-03-21.02 - Zagi 2011-03-22  18:16:12.1.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1250.48.1045.18.2046.1210 [GMT 1:00]
Uruchomiony z: c:\users\Zagi\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\program files\Automated Content Enhancer
c:\program files\Automated Content Enhancer\4.1.0.5190\Data\config.md
c:\program files\Automated Content Enhancer\4.1.0.5190\FF\chrome\ACEAddOn.jar
c:\program files\Automated Content Enhancer\4.1.0.5190\FF\chrome\content\ACEAddOn.xul
c:\program files\Automated Content Enhancer\4.1.0.5190\FF\components\ACEFFAddOn.xpt
c:\program files\Automated Content Enhancer\4.1.0.5190\FF\install.rdf
c:\program files\Automated Content Enhancer\4.1.0.5190\unins000.dat
c:\program files\Content Management Wizard
c:\program files\Content Management Wizard\1.1.0.1870\config.mx
c:\program files\Content Management Wizard\1.1.0.1870\data.mx
c:\program files\Content Management Wizard\1.1.0.1870\exclude.mx
c:\program files\Content Management Wizard\1.1.0.1870\MatchingData.zd5
c:\program files\Content Management Wizard\1.1.0.1870\pxtmpdata.mx
c:\program files\Content Management Wizard\1.1.0.1870\unins000.dat
c:\program files\Customized Platform Advancer
c:\program files\Customized Platform Advancer\4.1.0.1800\Data\config.md
c:\program files\Customized Platform Advancer\4.1.0.1800\FF\chrome\content\CPAAddOn.xul
c:\program files\Customized Platform Advancer\4.1.0.1800\FF\chrome\CPAAddOn.jar
c:\program files\Customized Platform Advancer\4.1.0.1800\FF\components\CPAFFAddOn.xpt
c:\program files\Customized Platform Advancer\4.1.0.1800\FF\install.rdf
c:\program files\Customized Platform Advancer\4.1.0.1800\unins000.dat
c:\program files\Gameztar Toolbar
c:\program files\Internet Today
c:\program files\Internet Today\1.1.0.1190\InternetToday.skf
c:\program files\Internet Today\1.1.0.1190\unins000.dat
c:\program files\Textual Content Provider
c:\program files\Textual Content Provider\1.1.0.1610\data\pxtmpdata.mx
c:\program files\Textual Content Provider\1.1.0.1610\data\TP_Config.mx
c:\program files\Textual Content Provider\1.1.0.1610\data\TP_Data.mx
c:\program files\Textual Content Provider\1.1.0.1610\data\TP_DomainExcludeList.mx
c:\program files\Textual Content Provider\1.1.0.1610\unins000.dat
c:\program files\Web Search Operator
c:\program files\Web Search Operator\3.1.0.1840\Data\config.md
c:\program files\Web Search Operator\3.1.0.1840\FF\chrome\content\WSOAddOn.xul
c:\program files\Web Search Operator\3.1.0.1840\FF\chrome\WSOAddOn.jar
c:\program files\Web Search Operator\3.1.0.1840\FF\components\WSOFFAddOn.xpt
c:\program files\Web Search Operator\3.1.0.1840\FF\install.rdf
c:\program files\Web Search Operator\3.1.0.1840\unins000.dat
c:\users\Zagi\AppData\Local\Customized Platform Advancer
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\config.md
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-025731.596.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-031935.202.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-031935.259.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-032109.303.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-033259.519.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-033356.140.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-033511.407.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-084003.859.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-084025.372.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-085334.048.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-085431.083.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-085539.506.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-091347.218.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-094018.278.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-094131.962.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-094138.373.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-094331.572.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-094340.751.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-094358.208.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-095744.445.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-103355.740.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-104019.327.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-104039.124.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-104056.908.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-104112.416.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-104308.230.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-104339.668.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-104507.590.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-105307.632.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-111329.821.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-120650.702.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-120906.875.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-123739.316.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-123855.850.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-123908.159.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-123927.725.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-124026.045.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-124233.626.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-124344.873.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-124610.681.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-124617.203.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-124646.503.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-124717.017.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-124938.951.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-125025.409.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-135727.605.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-162444.122.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-162455.527.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-162529.863.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-162544.715.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-162559.645.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-162706.993.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-162732.436.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-162735.588.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-162816.446.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-162825.464.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-162842.858.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-162948.542.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-163024.189.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-163522.503.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-163553.330.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-163803.886.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-163926.493.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-164023.513.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-164039.800.log
c:\users\Zagi\AppData\Local\Customized Platform Advancer\4.1.0.1800\HJHP_20091207-164342.072.log
c:\users\Zagi\AppData\Local\Internet Today
c:\users\Zagi\AppData\Local\TempDIR
c:\users\Zagi\AppData\Local\TempDIR\SecureW2_EAP_Suite_111.exe
c:\users\Zagi\AppData\Local\Textual Content Provider
c:\users\Zagi\AppData\Local\Textual Content Provider\1.1.0.1610\Data\TP_Config.mx
c:\users\Zagi\AppData\Local\Textual Content Provider\1.1.0.1610\Data\TP_Data.mx
c:\users\Zagi\AppData\Local\Textual Content Provider\1.1.0.1610\Data\TP_DomainExcludeList.mx
c:\users\Zagi\AppData\Local\Web Search Operator
c:\users\Zagi\AppData\Local\Web Search Operator\3.1.0.1840\config.md
c:\users\Zagi\AppData\Roaming\EurekaLog
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-02-22 do 2011-03-22  )))))))))))))))))))))))))))))))
.
.
2011-03-22 16:39 . 2011-03-22 16:39	--------	d-----w-	C:\_OTL
2011-03-22 16:09 . 2011-03-22 16:09	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2011-03-22 16:07 . 2011-03-22 16:07	--------	d-----w-	c:\programdata\Symantec
2011-03-22 16:07 . 2011-03-22 16:07	--------	d-----w-	c:\windows\system32\drivers\NSS
2011-03-22 16:07 . 2011-03-22 16:07	--------	d-----w-	c:\programdata\Norton
2011-03-22 16:07 . 2011-03-22 16:07	--------	d-----w-	c:\program files\Norton Security Scan
2011-03-22 16:07 . 2011-03-22 16:07	--------	d-----w-	c:\program files\NortonInstaller
2011-03-22 14:20 . 2011-03-22 14:20	--------	d-----w-	c:\program files\ESET
2011-03-22 14:19 . 2011-03-22 14:19	--------	d-----w-	c:\program files\SkanerOnline
2011-03-22 14:16 . 2011-03-22 14:16	--------	d-----w-	c:\program files\CCleaner
2011-03-22 14:09 . 2011-03-22 14:09	2560	----a-w-	c:\windows\_MSRSTRT.EXE
2011-03-22 13:44 . 2011-03-22 13:44	108544	--sha-r-	c:\windows\system32\fixmapi9.dll
2011-03-22 09:25 . 2011-03-22 09:25	212480	----a-r-	c:\users\Zagi\AppData\Roaming\Microsoft\Installer\{D3FA739F-B301-480A-B791-36BFBCB5241C}\IconTmpl2.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe
2011-03-22 09:25 . 2011-03-22 09:25	2065296	----a-r-	c:\users\Zagi\AppData\Roaming\Microsoft\Installer\{D3FA739F-B301-480A-B791-36BFBCB5241C}\IconTmpl4.A961A077_4BD0_4C98_86BC_EE4A98CE550D.exe
2011-03-22 09:25 . 2011-03-22 09:25	720792	----a-r-	c:\users\Zagi\AppData\Roaming\Microsoft\Installer\{D3FA739F-B301-480A-B791-36BFBCB5241C}\IconTmpl6.A961A077_4BD0_4C98_86BC_EE4A98CE550D.exe
2011-03-22 09:25 . 2011-03-22 09:25	--------	d-----w-	c:\program files\CodeMeter
2011-03-22 09:25 . 2011-03-22 09:25	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2011-03-22 09:20 . 2011-03-22 09:20	--------	d---a-w-	c:\program files\Common Files\Graphisoft Shared
2011-03-22 09:19 . 2011-03-22 09:19	--------	d-----w-	c:\program files\Graphisoft
2011-03-12 11:28 . 2011-03-12 11:28	103864	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-09 15:27 . 2011-02-19 05:33	802304	----a-w-	c:\windows\system32\FntCache.dll
2011-03-09 15:27 . 2011-02-19 05:32	1074176	----a-w-	c:\windows\system32\DWrite.dll
2011-03-09 15:27 . 2011-02-19 05:32	739840	----a-w-	c:\windows\system32\d2d1.dll
2011-03-09 15:27 . 2010-12-23 05:28	642048	----a-w-	c:\windows\system32\CPFilters.dll
2011-03-09 15:27 . 2010-12-23 05:28	850432	----a-w-	c:\windows\system32\sbe.dll
2011-03-09 15:27 . 2010-12-23 05:28	534528	----a-w-	c:\windows\system32\EncDec.dll
2011-03-09 15:27 . 2010-12-23 05:24	199680	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-09 15:26 . 2010-12-18 05:30	2690560	----a-w-	c:\windows\system32\mstscax.dll
2011-03-09 15:26 . 2010-12-18 05:26	1034240	----a-w-	c:\windows\system32\mstsc.exe
2011-03-01 12:53 . 2011-03-01 12:53	--------	d-----w-	c:\programdata\FLEXnet
2011-03-01 12:45 . 2011-03-01 12:45	--------	d-----w-	c:\program files\Common Files\Autodesk
2011-03-01 12:43 . 2011-03-01 12:43	--------	d-----w-	c:\program files\Common Files\Macrovision Shared
2011-03-01 12:33 . 2009-03-09 14:27	453456	----a-w-	c:\windows\system32\d3dx10_41.dll
2011-03-01 12:33 . 2009-03-09 14:27	1846632	----a-w-	c:\windows\system32\D3DCompiler_41.dll
2011-03-01 12:33 . 2009-03-09 14:27	4178264	----a-w-	c:\windows\system32\D3DX9_41.dll
2011-02-23 18:30 . 2010-09-14 06:07	276992	----a-w-	c:\windows\system32\wcncsvc.dll
2011-02-23 15:18 . 2011-01-07 07:31	442880	----a-w-	c:\windows\system32\XpsPrint.dll
2011-02-23 15:18 . 2011-01-07 07:31	288256	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-21 23:36 . 2011-02-21 23:36	--------	d-----w-	C:\a128c62e6fc4fc1600af
2011-02-21 17:55 . 2011-02-21 17:55	--------	d-----w-	c:\program files\Common Files\Java
2011-02-21 17:53 . 2011-02-21 17:53	--------	d-----w-	c:\programdata\McAfee
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 05:45 . 2011-02-09 13:39	219008	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 20:40 . 2010-07-25 14:15	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-01-07 07:27 . 2011-02-09 13:40	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-09 13:40	294400	----a-w-	c:\windows\system32\atmfd.dll
2011-01-05 05:37 . 2011-02-09 13:40	428032	----a-w-	c:\windows\system32\vbscript.dll
2011-01-05 03:37 . 2011-02-09 13:40	2329088	----a-w-	c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-10-11 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2010-10-11 21:02	2735200	----a-w-	c:\program files\free-downloads.net\tbfre1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-10-11 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2010-10-11 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AQQ"="c:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2011-02-07 8993280]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2009-04-24 203416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2009-08-10 27184]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-05-05 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\Zagi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2010-5-3 6872976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Network Server.lnk - c:\program files\WIBUKEY\Server\WkSvMgr.exe [2011-1-14 3768320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Kmm4xNT;Kmm4xNT; [x]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-05 721904]
S2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\progra~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [2006-11-03 1327104]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2010-05-03 2065296]
S2 JobManagerService110;Ansys JobManager Service V11;d:\ansys\v110\RSM\bin\JobManagerService.exe [2007-09-20 20480]
S2 ScriptHostService110;Ansys ScriptHost Service V11;d:\ansys\v110\RSM\bin\ScriptHostService.exe [2007-09-20 20480]
S3 netw5v32;Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows Vista w wersji 32-bitowej;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-03-22 c:\windows\Tasks\Norton Security Scan for Zagi.job
- c:\program files\Norton Security Scan\Engine\3.0.1.8\Nss.exe [2011-03-22 14:06]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx
FF - ProfilePath - c:\users\Zagi\AppData\Roaming\Mozilla\Firefox\Profiles\i0ue54j3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - %profile%\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
.
.
------- Skojarzenia plików -------
.
.scr=AutoCADScriptFile
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Zagi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2011-03-22  18:23:26
ComboFix-quarantined-files.txt  2011-03-22 17:23
.
Przed: 17 222 045 696 bajtów wolnych
Po: 17 121 972 224 bajtów wolnych
.
- - End Of File - - 258DB60F4FD4DA14EAB32E151C985F89