ComboFix 11-10-05.02 - M-D 2011-10-06   0:55.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1023.677 [GMT 2:00]
Uruchomiony z: c:\documents and settings\M-D\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\M-D\Pulpit\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-09-05 do 2011-10-05  )))))))))))))))))))))))))))))))
.
.
2011-10-04 18:11 . 2011-10-04 18:11	--------	d-----w-	c:\systemxp\tmp
2011-10-03 16:27 . 2011-10-03 16:30	--------	d-----w-	c:\program files\hp deskjet 990c series
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-23 15:50 . 2011-05-13 18:57	404640	----a-w-	c:\systemxp\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2008-04-15 12:00	602624	----a-w-	c:\systemxp\system32\crypt32.dll
2011-07-15 13:29 . 2008-04-15 12:00	456320	----a-w-	c:\systemxp\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-15 12:00	10496	----a-w-	c:\systemxp\system32\drivers\ndistapi.sys
2011-09-30 18:45 . 2011-05-06 20:35	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2002-02-05 155648]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-07-11 176128]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
"NvCplDaemon"="c:\systemxp\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\systemxp\system32\NvMcTray.dll" [2006-10-22 86016]
"Adobe Reader Speed Launcher"="d:\programy\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"HPDJ Taskbar Utility"="c:\systemxp\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-10 196608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\systemxp\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=c:\systemxp\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2007-12-22 23:03	916240	----a-w-	c:\program files\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 10:22	7700480	----a-w-	c:\systemxp\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programy\\Tlen\\tlen.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\SYSTEMXP\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Programy\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\systemxp\system32\drivers\sptd.sys [2009-03-21 691696]
R1 ehdrv;ehdrv;c:\systemxp\system32\drivers\ehdrv.sys [2009-02-06 108792]
R1 epfwtdir;epfwtdir;c:\systemxp\system32\drivers\epfwtdir.sys [2009-02-06 96408]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\systemxp\system32\drivers\Msikbd2k.sys [2009-03-19 6656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-11 735960]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2009-03-19 28672]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\systemxp\system32\drivers\Amps2prt.sys [2009-03-16 9344]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
FF - ProfilePath - c:\documents and settings\M-D\Dane aplikacji\Mozilla\Firefox\Profiles\35b4r02n.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=  
.
.
------- Skojarzenia plików -------
.
txtfile=d:\programy\EditPad\EditPad.exe "%1"
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-06 01:00
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(4088)
c:\program files\Netropa\Multimedia Keyboard\nhkdll.dll
c:\systemxp\system32\webcheck.dll
.
Czas ukończenia: 2011-10-06  01:02:20
ComboFix-quarantined-files.txt  2011-10-05 23:02
ComboFix2.txt  2011-10-05 21:29
.
Przed: 290 353 152 bajtów wolnych
Po: 280 715 264 bajtów wolnych
.
- - End Of File - - B9C1BFFEBB4274B0F928043D78BED6A5