ComboFix 10-09-01.04 - Marek 2010-09-03   8:57.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1250.48.1045.18.3068.1950 [GMT 2:00]
Uruchomiony z: c:\users\Marek\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Usuniêto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Marek\AppData\Roaming\avdrn.dat
c:\users\Marek\mecz.exe
c:\users\Marek\narty 2009 (1).exe
c:\users\Marek\narty 2009.exe

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Us³ugi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_usnjsvc


(((((((((((((((((((((((((   Pliki utworzone od 2010-08-03 do 2010-09-03  )))))))))))))))))))))))))))))))
.

2010-09-03 07:08 . 2010-09-03 07:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-02 14:26 . 2010-09-01 08:53	574976	----a-w-	C:\OTL.exe
2010-09-02 14:26 . 2010-09-01 11:30	80384	----a-w-	C:\MBRCheck.exe
2010-09-02 14:26 . 2010-09-01 08:56	293376	----a-w-	C:\bew6bp2v.exe
2010-09-02 14:26 . 2010-09-01 09:03	869051	----a-w-	C:\SecurityCheck.exe
2010-09-01 13:18 . 2010-09-01 13:18	--------	d-----w-	c:\users\Marek\AppData\Local\ESET
2010-09-01 13:14 . 2010-09-01 13:14	--------	d-----w-	c:\program files\ESET
2010-08-11 17:01 . 2010-06-08 17:35	3600768	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-08-11 17:01 . 2010-06-08 17:35	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-08-11 17:01 . 2010-06-11 16:15	1248768	----a-w-	c:\windows\system32\msxml3.dll
2010-08-11 16:59 . 2010-06-18 15:04	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-11 16:59 . 2010-06-18 15:04	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-08-11 16:59 . 2010-06-16 16:04	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-08-10 20:47 . 2010-08-10 20:47	423656	----a-w-	c:\windows\system32\deployJava1.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-03 07:13 . 2008-12-25 19:30	--------	d-----w-	c:\users\Marek\AppData\Roaming\Skype
2010-09-03 07:13 . 2008-09-26 23:44	286707	----a-w-	c:\programdata\nvModes.dat
2010-09-03 07:10 . 2008-09-26 23:10	2140	----a-w-	c:\windows\bthservsdp.dat
2010-09-03 06:47 . 2008-07-03 07:27	662056	----a-w-	c:\windows\system32\perfh015.dat
2010-09-03 06:47 . 2008-07-03 07:27	126908	----a-w-	c:\windows\system32\perfc015.dat
2010-09-01 11:37 . 2008-12-27 16:56	680	----a-w-	c:\users\Marek\AppData\Local\d3d9caps.dat
2010-08-21 13:28 . 2009-04-01 21:19	1	----a-w-	c:\users\Marek\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-08-21 13:28 . 2009-03-30 15:45	--------	d-----w-	c:\users\Marek\AppData\Roaming\OpenOffice.org2
2010-08-16 16:00 . 2008-12-25 19:37	--------	d-----w-	c:\users\Marek\AppData\Roaming\skypePM
2010-08-12 01:00 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-08-10 20:48 . 2008-07-02 23:02	--------	d-----w-	c:\program files\Common Files\Java
2010-08-10 20:47 . 2008-07-02 23:02	--------	d-----w-	c:\program files\Java
2010-08-09 18:25 . 2008-09-26 23:49	--------	d-----w-	c:\programdata\CyberLink
2010-08-09 18:25 . 2008-12-25 10:16	--------	d-----w-	c:\users\Marek\AppData\Roaming\CyberLink
2010-07-29 11:31 . 2010-07-29 11:31	41336	----a-w-	c:\windows\system32\drivers\epfwwfp.sys
2010-07-29 11:31 . 2010-07-29 11:31	32608	----a-w-	c:\windows\system32\drivers\epfwndis.sys
2010-07-29 11:31 . 2010-07-29 11:31	136632	----a-w-	c:\windows\system32\drivers\eamonm.sys
2010-07-29 11:31 . 2010-07-29 11:31	134512	----a-w-	c:\windows\system32\drivers\epfw.sys
2010-07-29 11:31 . 2010-07-29 11:31	115008	----a-w-	c:\windows\system32\drivers\ehdrv.sys
2010-07-21 18:43 . 2008-12-25 19:28	--------	d-----r-	c:\program files\Skype
2010-07-21 18:43 . 2010-07-21 18:43	--------	d-----w-	c:\program files\Common Files\Skype
2010-07-21 18:43 . 2008-12-25 19:28	--------	d-----w-	c:\programdata\Skype
2010-06-26 06:05 . 2010-08-11 17:02	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 17:02	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 17:02	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 17:02	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-11 17:02	2037760	----a-w-	c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-11 17:02	36864	----a-w-	c:\windows\system32\rtutils.dll
2010-06-11 16:16 . 2010-08-11 17:02	274944	----a-w-	c:\windows\system32\schannel.dll
2008-07-03 07:29 . 2008-07-03 07:29	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyœlne, prawid³owe wpisy nie s¹ pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-30 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ALLUpdate"="d:\recovery\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-23 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-15 442433]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"iPlusManager"="c:\program files\iPlus\iPlusChecker.exe" [2009-12-21 446464]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]

c:\users\Go˜†\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):1e,75,b9,e0,f0,4b,ca,01

R1 hudpktmn;hudpktmn;c:\windows\system32\drivers\hudpktmn.sys [x]
R2 OC0CLPT;OC0CLPT;c:\windows\system32\OC0CLPT.SYS [2002-06-11 54488]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2008-04-23 39408]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe [2008-02-12 73728]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-08-22 361808]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-26 595248]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
S3 NETw5v32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-23 43552]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-26 40752]


--- Inne Us³ugi/Sterowniki w Pamiêci ---

*Deregistered* - scdsfzct

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Zawartoœæ folderu 'Zaplanowane zadania'

2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 07:38]

2010-08-02 c:\windows\Tasks\HPCeeScheduleForMarek.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-07-02 13:14]

2010-09-03 c:\windows\Tasks\User_Feed_Synchronization-{F10621C6-DA38-4BDE-A1B1-5746A6ACD7B0}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Skan uzupe³niaj¹cy -------
.
uStart Page = hxxp://www.interia.pl/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb
IE: &Wyszukiwarka na pasku narzêdzi AOL - c:\programdata\AOL\ieToolbar\resources\pl-PL\local\search.html
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Wyœlij obraz do urz¹dzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Wyœlij stronê do urz¹dzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\lcf0zc0k.default\
FF - component: c:\users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\lcf0zc0k.default\extensions\{9c9d2aaa-ae26-4447-a7a1-633a32b19dde}\components\ttext.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\Marek\AppData\Roaming\Mozilla\plugins\npPxPlay.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX - SPOSÓB POSTÊPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-03 09:14
Windows 6.0.6002 Service Pack 2 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyœlnie ukoñczone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\scdsfzct]

.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Pliki DLL ³adowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(752)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(5928)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Pozosta³e uruchomione procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe
c:\windows\system32\rundll32.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Photodex\ProShowProducer\ScsiAccess.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Czas ukoñczenia: 2010-09-03  09:22:06 - komputer zosta³ uruchomiony ponownie
ComboFix-quarantined-files.txt  2010-09-03 07:22

Przed: 100 918 128 640 bajtów wolnych
Po: 101 937 274 880 bajtów wolnych

- - End Of File - - A024B48C5FF0103ECB9628A3F3F79477