ComboFix 11-02-09.02 - XxXxX 2011-02-09  22:37:31.3.1 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1250.48.1045.18.1526.887 [GMT 1:00]
Uruchomiony z: c:\users\XxXxX\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
FW: Kaspersky Internet Security *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
SP: Kaspersky Internet Security *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((   Pliki utworzone od 2011-01-09 do 2011-02-09  )))))))))))))))))))))))))))))))
.

2011-02-09 21:43 . 2011-02-09 21:43	--------	d-----w-	c:\users\Public\AppData\Local\temp
2011-02-09 21:43 . 2011-02-09 21:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-02-09 20:12 . 2009-10-20 18:34	162320	----a-w-	c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2011-02-09 20:12 . 2011-02-09 20:12	95259	----a-w-	c:\windows\system32\drivers\klick.dat
2011-02-09 20:12 . 2011-02-09 20:12	108059	----a-w-	c:\windows\system32\drivers\klin.dat
2011-02-09 20:11 . 2011-02-09 20:47	--------	d-----w-	c:\programdata\Kaspersky Lab
2011-02-09 20:11 . 2011-02-09 20:11	--------	d-----w-	c:\program files\Kaspersky Lab
2011-02-09 20:10 . 2011-02-09 20:10	--------	d-----w-	c:\programdata\Kaspersky Lab Setup Files
2011-02-09 14:15 . 2011-02-09 15:05	--------	d-----w-	c:\program files\Unknown Device Identifier
2011-02-09 13:34 . 2011-02-09 13:34	--------	d-----w-	c:\users\XxXxX\AppData\Roaming\Malwarebytes
2011-02-09 13:33 . 2011-02-09 13:33	--------	d-----w-	c:\programdata\Malwarebytes
2011-02-09 13:33 . 2011-02-09 15:06	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-02-08 14:03 . 2008-03-17 10:57	103680	----a-w-	c:\windows\system32\drivers\ewusbfake.sys
2011-02-08 14:03 . 2008-03-17 10:05	101632	----a-r-	c:\windows\system32\drivers\ewusbmdm.sys
2011-02-08 14:03 . 2008-03-16 13:47	872192	----a-w-	c:\windows\system32\drivers\mod7700.sys
2011-02-08 14:03 . 2008-01-22 14:10	100864	----a-w-	c:\windows\system32\drivers\ewusbnet.sys
2011-02-08 14:03 . 2007-08-09 03:06	23424	----a-r-	c:\windows\system32\drivers\ewdcsc.sys
2011-02-08 14:02 . 2011-02-08 14:04	--------	d-----w-	c:\program files\PLAY ONLINE
2011-02-08 11:59 . 2011-02-08 11:59	--------	d-----w-	C:\_OTL
2011-02-04 23:50 . 2011-02-05 10:07	--------	d-----w-	c:\program files\Ask.com
2011-02-04 23:50 . 2011-02-04 23:50	--------	d-----w-	c:\users\XxXxX\AppData\Roaming\HideIPEasy
2011-02-04 23:50 . 2011-02-04 23:50	--------	d-----w-	c:\programdata\HideIPEasy
2011-02-04 23:49 . 2011-02-05 10:07	--------	d-----w-	c:\program files\HideIPEasy
2011-02-03 17:20 . 2011-02-03 17:20	--------	d-----w-	c:\program files\RMF FM Miasto Muzyki
2011-02-03 15:14 . 2011-02-03 15:14	--------	d-----w-	c:\program files\Opera
2011-01-23 17:34 . 2011-01-23 17:34	--------	d-----w-	c:\users\XxXxX\AppData\Roaming\Media Player Classic
2011-01-23 17:33 . 2010-12-07 18:40	183808	----a-w-	c:\windows\system32\xvidvfw.dll
2011-01-23 17:33 . 2010-12-07 18:22	810496	----a-w-	c:\windows\system32\xvidcore.dll
2011-01-23 17:33 . 2010-11-03 19:08	237568	----a-w-	c:\windows\system32\yv12vfw.dll
2011-01-23 17:33 . 2010-01-17 16:18	151552	----a-w-	c:\windows\system32\ac3acm.acm
2011-01-23 17:33 . 2009-07-03 14:13	121344	----a-w-	c:\windows\system32\lagarith.dll
2011-01-23 17:33 . 2008-09-24 19:41	839680	----a-w-	c:\windows\system32\lameACM.acm
2011-01-23 17:33 . 2006-04-02 13:47	630784	----a-w-	c:\windows\system32\vp7vfw.dll
2011-01-23 17:33 . 2011-01-13 08:00	80896	----a-w-	c:\windows\system32\ff_vfw.dll
2011-01-23 17:33 . 2011-01-24 21:31	--------	d-----w-	c:\program files\K-Lite Codec Pack
2011-01-19 20:55 . 2011-01-19 20:55	--------	d-----w-	C:\Downloads

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 761945]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-28 1130504]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 vista;vista;c:\program files\My applications\vista.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-11-03 21520]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

.
Zawartość folderu 'Zaplanowane zadania'

2011-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2091594752-2284216975-2041109325-1000Core.job
- c:\users\XxXxX\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-11 13:00]

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2091594752-2284216975-2041109325-1000UA.job
- c:\users\XxXxX\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-11 13:00]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddr
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: {32D2D741-C438-4507-9E85-AF541F147E1D} = 89.108.195.20 217.17.34.10
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\XxXxX\AppData\Roaming\Mozilla\Firefox\Profiles\xp4185vs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/results.php?f=5&a=ddr&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2011-02-09  22:48:50
ComboFix-quarantined-files.txt  2011-02-09 21:48
ComboFix2.txt  2011-02-07 18:42

Przed: 8 547 000 320 bajtów wolnych
Po: 8 479 674 368 bajtów wolnych

- - End Of File - - 1D9214787F5F25A8457D1ACE09C7801B