ComboFix 10-09-27.05 - Admin 2010-09-29   1:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1250.48.1045.18.3230.2055 [GMT 2:00]
Uruchomiony z: c:\users\Admin\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\KBL.LOG

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_usnjsvc


(((((((((((((((((((((((((   Pliki utworzone od 2010-08-28 do 2010-09-29  )))))))))))))))))))))))))))))))
.

2010-09-29 00:00 . 2010-09-29 00:06	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2010-09-29 00:00 . 2010-09-29 00:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-28 22:12 . 2010-09-28 22:12	--------	dc----w-	c:\windows\system32\DRVSTORE
2010-09-28 22:12 . 2009-07-03 14:49	64160	----a-w-	c:\windows\system32\drivers\Lbd.sys
2010-09-28 22:07 . 2010-09-28 22:07	--------	dc-h--w-	c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2010-09-28 22:07 . 2010-09-28 22:12	--------	d-----w-	c:\programdata\Lavasoft
2010-09-28 22:07 . 2010-09-28 22:07	--------	d-----w-	c:\program files\Lavasoft
2010-09-28 21:24 . 2010-09-28 21:25	--------	d-----w-	c:\users\Admin\AppData\Roaming\Tibia
2010-09-25 20:11 . 2010-09-25 20:11	--------	d-----w-	c:\program files\Ventrilo Mix 1.0
2010-09-23 11:46 . 2010-09-28 20:05	--------	d-----w-	c:\program files\Asprate
2010-09-15 05:36 . 2010-04-16 16:46	502272	----a-w-	c:\windows\system32\usp10.dll
2010-09-15 05:36 . 2010-08-17 14:11	128000	----a-w-	c:\windows\system32\spoolsv.exe
2010-09-15 05:36 . 2010-04-05 17:02	317952	----a-w-	c:\windows\system32\MP4SDECD.DLL
2010-09-15 05:36 . 2010-05-27 20:08	739328	----a-w-	c:\windows\system32\inetcomm.dll
2010-09-11 17:02 . 2010-09-11 17:02	--------	d-----w-	c:\users\Admin\AppData\Roaming\Media Player Classic
2010-09-05 13:50 . 2005-05-26 13:34	2297552	----a-w-	c:\windows\system32\d3dx9_26.dll
2010-09-02 11:20 . 2010-09-28 20:27	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-09-02 11:20 . 2010-09-02 11:55	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-09-01 15:28 . 2010-09-01 22:09	--------	d-----w-	c:\users\Admin\AppData\Roaming\Tibiacast
2010-09-01 15:05 . 2010-09-23 21:05	--------	d-----w-	c:\program files\Tibiacast

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 00:05 . 2009-07-18 07:40	--------	d-----w-	c:\program files\Steam
2010-09-29 00:02 . 2007-12-26 02:24	3204	----a-w-	c:\windows\bthservsdp.dat
2010-09-28 19:27 . 2009-07-15 15:08	27335	----a-w-	c:\users\Admin\AppData\Roaming\nvModes.dat
2010-09-28 18:25 . 2009-07-16 07:50	1	----a-w-	c:\users\Admin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-27 16:55 . 2010-02-17 18:59	--------	d-----w-	c:\users\Admin\AppData\Roaming\Winamp
2010-09-25 20:07 . 2010-07-09 07:05	--------	d-----w-	c:\users\Admin\AppData\Roaming\Gadu-Gadu 10
2010-09-25 12:32 . 2010-02-17 16:38	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-09-19 15:33 . 2010-07-14 17:56	--------	d-----w-	c:\users\Admin\AppData\Roaming\Mumble
2010-09-18 06:40 . 2009-07-18 07:40	--------	d-----w-	c:\program files\Common Files\Steam
2010-09-16 01:56 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-09-16 01:03 . 2010-04-20 11:32	--------	d-----w-	c:\programdata\Microsoft Help
2010-09-03 19:49 . 2007-11-22 11:23	662056	----a-w-	c:\windows\system32\perfh015.dat
2010-09-03 19:49 . 2007-11-22 11:23	126908	----a-w-	c:\windows\system32\perfc015.dat
2010-09-02 10:03 . 2010-03-04 11:32	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-08-25 23:41 . 2009-10-28 18:04	--------	d-----w-	c:\program files\Ganymede
2010-08-25 23:40 . 2007-12-26 02:40	--------	d-----w-	c:\program files\HP
2010-08-25 23:40 . 2007-11-22 02:45	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-08-13 07:40 . 2009-07-15 11:15	--------	d-----w-	c:\program files\Microsoft Works
2010-08-02 12:42 . 2010-07-09 07:04	--------	d-----w-	c:\program files\Gadu-Gadu 10
2010-07-30 12:39 . 2010-07-14 18:04	25256	----a-w-	c:\users\Admin\AppData\Roaming\Mumble\Plugins\gmod.dll
2010-07-30 12:39 . 2010-07-14 18:04	25256	----a-w-	c:\users\Admin\AppData\Roaming\Mumble\Plugins\css.dll
2010-07-30 12:39 . 2010-07-14 18:04	25256	----a-w-	c:\users\Admin\AppData\Roaming\Mumble\Plugins\dods.dll
2010-07-30 12:39 . 2010-07-14 18:04	25256	----a-w-	c:\users\Admin\AppData\Roaming\Mumble\Plugins\tf2.dll
2010-07-30 12:39 . 2010-07-14 18:04	21160	----a-w-	c:\users\Admin\AppData\Roaming\Mumble\Plugins\l4d2.dll
2010-07-30 12:39 . 2010-07-14 18:04	21160	----a-w-	c:\users\Admin\AppData\Roaming\Mumble\Plugins\bfbc2.dll
2010-07-30 12:39 . 2010-07-14 18:04	21160	----a-w-	c:\users\Admin\AppData\Roaming\Mumble\Plugins\bf2.dll
2010-07-30 12:39 . 2010-07-14 18:04	21160	----a-w-	c:\users\Admin\AppData\Roaming\Mumble\Plugins\arma2.dll
2010-07-25 16:18 . 2009-07-19 06:05	680	----a-w-	c:\users\Admin\AppData\Local\d3d9caps.dat
2010-07-15 02:08 . 2009-07-15 11:17	74984	----a-w-	c:\users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-07 08:46 . 2010-07-07 08:46	393216	----a-w-	c:\programdata\Gadu-Gadu 10\_userdata\ggbho.3.dll
2010-07-01 13:46 . 2010-03-20 17:47	426	----a-w-	c:\users\Admin\AppData\Roaming\wklnhst.dat
2008-01-14 16:17 . 2009-07-15 11:59	22	--sha-w-	c:\windows\SMINST\HPCD.SYS
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-07-21 12477024]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2009-07-31 2674488]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2009-06-04 869888]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001

R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2010-04-06 24504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-04-02 691696]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-22 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-07-15 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-22 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-22 297752]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-28 1029456]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 BTHprint;Klasa drukarki Microsoft Bluetooth;c:\windows\system32\DRIVERS\bthprint.sys [2009-04-11 29696]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Zawartość folderu 'Zaplanowane zadania'

2010-09-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 22:32]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=81&bd=Pavilion&pf=laptop
IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - USUNIĘTO PUSTE WPISY - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-29 02:04
Windows 6.0.6002 Service Pack 2 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(696)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(5168)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Common Files\Steam\SteamService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Czas ukończenia: 2010-09-29  02:15:39 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2010-09-29 00:15

Przed: 145 448 116 224 bajtów wolnych
Po: 145 089 040 384 bajtów wolnych

- - End Of File - - E2A19AB0D233A25CD67331F3DC3B6490