ComboFix 11-03-01.03 - Olaf 2011-03-02  11:15:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1250.48.1045.18.3000.1802 [GMT 1:00]
Uruchomiony z: c:\users\Olaf\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Rezydentny antywirus jest aktywny

.

(((((((((((((((((((((((((((((((((((((((   Usuniêto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Burn4Free DB Toolbar\tbHElper.dll

.
(((((((((((((((((((((((((   Pliki utworzone od 2011-02-02 do 2011-03-02  )))))))))))))))))))))))))))))))
.

2011-03-02 10:38 . 2011-03-02 10:40	--------	d-----w-	c:\users\Olaf\AppData\Local\temp
2011-03-02 10:38 . 2011-03-02 10:38	--------	d-----w-	c:\users\W³adzia\AppData\Local\temp
2011-03-02 10:38 . 2011-03-02 10:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-03-02 10:38 . 2011-03-02 10:38	--------	d-----w-	c:\users\Internet\AppData\Local\temp
2011-03-02 10:38 . 2011-03-02 10:38	--------	d-----w-	c:\users\Internet.Olaf-PC\AppData\Local\temp
2011-03-01 21:33 . 2011-03-01 21:33	--------	d-----w-	c:\program files\Google
2011-03-01 21:33 . 2011-03-01 21:33	--------	d-----w-	c:\users\Olaf\AppData\Local\Google
2011-03-01 21:23 . 2011-03-01 21:23	--------	d-----w-	c:\program files\Driver Cleaner
2011-03-01 19:52 . 2011-03-01 19:52	--------	d-----w-	C:\DAEMON Tools Lite
2011-03-01 18:34 . 2011-03-01 18:34	--------	d-----w-	c:\program files\Ask.com
2011-03-01 18:34 . 2011-03-01 19:59	--------	d-----w-	c:\program files\Wise Registry Cleaner
2011-03-01 17:53 . 2011-02-11 06:54	5943120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F867655-6A1E-4313-845C-69F5369EFC09}\mpengine.dll
2011-02-24 12:04 . 2009-10-09 21:56	2048	----a-w-	c:\windows\system32\winrsmgr.dll
2011-02-24 12:04 . 2009-10-09 21:56	12800	----a-w-	c:\windows\system32\wsmprovhost.exe
2011-02-24 12:04 . 2009-10-09 21:56	20480	----a-w-	c:\windows\system32\winrshost.exe
2011-02-24 12:04 . 2009-10-09 21:56	40448	----a-w-	c:\windows\system32\winrs.exe
2011-02-24 12:04 . 2009-10-09 21:56	10240	----a-w-	c:\windows\system32\wsmplpxy.dll
2011-02-24 12:04 . 2009-10-09 21:56	10240	----a-w-	c:\windows\system32\winrssrv.dll
2011-02-24 12:04 . 2009-10-09 21:56	41472	----a-w-	c:\windows\system32\pwrshplugin.dll
2011-02-24 12:04 . 2009-10-09 21:55	79872	----a-w-	c:\windows\system32\wecutil.exe
2011-02-24 12:04 . 2009-10-09 21:55	54272	----a-w-	c:\windows\system32\WsmRes.dll
2011-02-24 12:04 . 2009-10-09 21:55	146944	----a-w-	c:\windows\system32\wecsvc.dll
2011-02-24 12:04 . 2009-10-09 21:55	81408	----a-w-	c:\windows\system32\wevtfwd.dll
2011-02-24 12:04 . 2009-10-09 21:55	56320	----a-w-	c:\windows\system32\wecapi.dll
2011-02-24 12:03 . 2009-08-01 06:27	201184	----a-w-	c:\windows\system32\winrm.vbs
2011-02-24 12:03 . 2009-10-09 21:56	214016	----a-w-	c:\windows\system32\WsmWmiPl.dll
2011-02-24 12:03 . 2009-10-09 21:56	241152	----a-w-	c:\windows\system32\winrscmd.dll
2011-02-24 12:03 . 2009-10-09 21:56	145408	----a-w-	c:\windows\system32\WsmAuto.dll
2011-02-24 12:03 . 2009-10-09 21:55	252416	----a-w-	c:\windows\system32\WSManMigrationPlugin.dll
2011-02-24 12:03 . 2009-10-09 21:56	1181696	----a-w-	c:\windows\system32\WsmSvc.dll
2011-02-24 12:03 . 2009-10-09 21:56	246272	----a-w-	c:\windows\system32\WSManHTTPConfig.exe
2011-02-08 19:39 . 2010-12-31 13:25	2038784	----a-w-	c:\windows\system32\win32k.sys
2011-02-08 19:39 . 2010-10-15 13:48	1205080	----a-w-	c:\windows\system32\ntdll.dll
2011-02-08 19:39 . 2010-10-15 14:08	3548048	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-02-08 19:39 . 2010-10-15 14:08	3600272	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-02-08 19:39 . 2011-01-06 10:51	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-02-05 12:01 . 2011-02-05 12:01	--------	d-----w-	c:\windows\system32\x64

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-01 18:21 . 2008-10-18 21:23	6520	----a-w-	c:\windows\system32\drivers\ghstwall.sys
2011-02-02 16:11 . 2009-10-03 11:21	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-01-27 20:13 . 2011-01-27 20:13	218688	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2010-12-28 14:57 . 2011-01-12 10:39	409600	----a-w-	c:\windows\system32\odbc32.dll
2010-12-14 15:49 . 2011-01-12 10:39	1169408	----a-w-	c:\windows\system32\sdclt.exe
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyœlne, prawid³owe wpisy nie s¹ pokazane  
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44	1400712	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Komunikator"="d:\program files\Tlen.pl\tlen.exe" [2009-01-17 5853672]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Gadu-Gadu"="d:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-08 6139904]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 809480]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Acrobat Assistant 8.0"="d:\program files\Photoshop\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="d:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

c:\users\Wˆadzia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tworzenie wycink¢w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Olaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - d:\gry\Medal of Honor Pacyfic Assault\Xfire\Xfire.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "d:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Olaf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2008-04-10 14:30	147456	------w-	c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-06 20:42	34040	----a-w-	c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20	1305408	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-05-14 15:05	526896	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2008-04-30 17:02	397312	----a-w-	c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
2008-03-20 10:04	2127296	----a-w-	d:\program files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu 10]
2010-09-08 07:48	12653152	----a-w-	d:\program files\Gadu-Gadu\Gadu-Gadu 10\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostWall]
2005-09-29 14:28	217088	----a-w-	c:\program files\GhostWall\ghostwall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 19:52	49152	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
2010-11-30 16:25	18635264	----a-w-	c:\program files\ipla\ipla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-02-10 17:00	1937408	------w-	c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-11-02 08:38	167936	----a-w-	d:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-08 21:26	68640	------w-	c:\program files\Cyberlink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07	2260480	--sha-r-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02	36352	----a-w-	d:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-10-16 717296]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 61424]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 ghstwall;ghstwall;c:\windows\system32\drivers\ghstwall.sys [2011-03-01 6520]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-11-24 88176]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-27 218688]


--- Inne Us³ugi/Sterowniki w Pamiêci ---

*Deregistered* - uoslupep

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Zawartoœæ folderu 'Zaplanowane zadania'

2010-09-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-10 11:32]

2010-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-10-10 11:32]

2011-02-20 c:\windows\Tasks\Norton Security Scan for Olaf.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-11 11:50]

2011-03-01 c:\windows\Tasks\User_Feed_Synchronization-{8A601DB9-5F28-4BB1-8CD9-109EF68BBEE5}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Skan uzupe³niaj¹cy -------
.
uStart Page = hxxp://www.ask.com?o=13760&l=dis
mStart Page = hxxp://www.bigseekpro.com/burn4free/{00B4942A-DE66-4797-B34B-EE28BC7AABD5}
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - d:\program files\Photoshop\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - d:\program files\Photoshop\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\Photoshop\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\Photoshop\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\Photoshop\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\Photoshop\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\Photoshop\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\Photoshop\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\0mfarngi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=WCV5&o=13757&locale=en_US&apn_uid=7AE79939-8645-4765-80DD-229926466C31&apn_ptnrs=W3&apn_sauid=24BC6C40-D37B-4390-90C2-FFB7713EFC13&apn_dtid=YYYYYYYYPL&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-02 11:39
Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyœlnie ukoñczone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uoslupep]

.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Czas ukoñczenia: 2011-03-02  11:47:40
ComboFix-quarantined-files.txt  2011-03-02 10:47

Przed: 23 454 392 320 bajtów wolnych
Po: 23 360 405 504 bajtów wolnych

- - End Of File - - EC80659E879964AACD756747502C6CBE