ComboFix 11-02-19.02 - luki 2011-02-20  11:02:38.1.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1250.48.1045.18.3070.2149 [GMT 1:00]
Uruchomiony z: c:\users\luki\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\luki\AppData\Roaming\Readar_sl.exe

.
(((((((((((((((((((((((((   Pliki utworzone od 2011-01-20 do 2011-02-20  )))))))))))))))))))))))))))))))
.

2011-02-20 10:10 . 2011-02-20 10:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-02-19 20:05 . 2011-02-19 20:05	--------	d-----w-	c:\users\luki\DoctorWeb
2011-02-19 19:25 . 2011-02-19 19:25	--------	d-----w-	c:\users\luki\AppData\Roaming\Malwarebytes
2011-02-19 19:24 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-19 19:24 . 2011-02-19 19:24	--------	d-----w-	c:\programdata\Malwarebytes
2011-02-19 19:24 . 2011-02-19 19:24	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-02-19 19:24 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-02-19 18:31 . 2011-02-19 18:31	--------	d-----w-	c:\windows\system32\Lang
2011-02-18 17:00 . 2011-02-18 17:00	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-02-18 17:00 . 2011-02-18 17:00	686400	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-02-18 09:45 . 2011-01-13 09:41	5890896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{82BF9EAF-EC4B-45CF-8B47-468B62C0F907}\mpengine.dll
2011-02-15 15:14 . 2011-02-15 15:14	--------	d-----w-	c:\users\luki\AppData\Roaming\Apple Computer
2011-02-13 19:16 . 2011-01-13 08:47	38848	----a-w-	c:\windows\avastSS.scr
2011-02-13 19:16 . 2011-02-13 19:16	--------	d-----w-	c:\programdata\Alwil Software
2011-02-13 19:13 . 2011-01-07 07:27	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-01-30 13:57 . 2011-01-30 13:57	103864	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-02-24 19:54	188216	----a-w-	c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-02-24 19:54	294608	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-02-24 19:54	47440	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-02-24 19:54	23632	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-02-24 19:54	51280	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-02-24 19:54	17744	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2010-11-29 16:38 . 2010-11-29 16:38	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38	69632	----a-w-	c:\windows\system32\QuickTime.qts
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51	3911776	----a-w-	c:\program files\uTorrentBar\tbuTor.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WLSS"="c:\program files\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 190000]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
C-Pen 20.lnk - c:\windows\Installer\{ED10A1F7-C0D9-44F4-AA62-E6EACFE9188C}\_16AADC784156_41D0_AEDC_3EF01AE1E211.exe [2010-12-9 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-26 136176]
R3 CPen20;CPen20;c:\windows\system32\Drivers\CPen20.sys [2009-03-24 18560]
R3 pendfu;PenDfu (pendfu.sys);c:\windows\system32\Drivers\pendfu.sys [2008-01-31 39008]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-04 1343400]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2007-03-14 9856]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-09 691696]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 MicroGuard;MicroGuard Copy Protection;c:\windows\system32\drivers\mgnt.sys [1998-03-03 40480]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
Zawartość folderu 'Zaplanowane zadania'

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-26 18:54]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-26 18:54]
.
.
------- Skan uzupełniający -------
.
uStart Page = 
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\luki\AppData\Roaming\Mozilla\Firefox\Profiles\984orp77.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.qooqlle.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Fast Dial: fastdial@telega.phpnet.us - %profile%\extensions\fastdial@telega.phpnet.us
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Ad blocker: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C} - %profile%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
FF - Ext: SwitchProxy Tool: {27A2FD41-CB23-4518-AB5C-C25BAFFDE531} - %profile%\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
.
.
------- Skojarzenia plików -------
.
.scr=AutoCADScriptFile
.
- - - - USUNIĘTO PUSTE WPISY - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Tlen.pl - c:\program files\Tlen7\tlen7.exe
AddRemove-Autodesk DWF Viewer - c:\progra~1\Autodesk\AUTODE~1\Setup.exe


.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2011-02-20  11:12:10
ComboFix-quarantined-files.txt  2011-02-20 10:12

Przed: 9 466 232 832 bajtów wolnych
Po: 9 384 075 264 bajtów wolnych

- - End Of File - - B481BFBE38B5C9F3318249C58219A98E