ComboFix 11-09-30.01 - Roberto 2011-09-30  11:52:58.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.3327.2812 [GMT 2:00]
Uruchomiony z: G:\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
(((((((((((((((((((((((((((((((((((((((   Usuniêto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\Roberto\Recent\Thumbs.db
d:\documents and settings\Roberto\WINDOWS
d:\windows\$NtUninstallKB35191$
d:\windows\$NtUninstallKB35191$\1766627408
d:\windows\$NtUninstallKB35191$\4274686018\@
d:\windows\$NtUninstallKB35191$\4274686018\L\ruaegbei
d:\windows\$NtUninstallKB35191$\4274686018\U\$00000001
d:\windows\$NtUninstallKB35191$\4274686018\U\$000000c0
d:\windows\$NtUninstallKB35191$\4274686018\U\$000000cb
d:\windows\$NtUninstallKB35191$\4274686018\U\$000000cf
d:\windows\$NtUninstallKB35191$\4274686018\U\$80000000
d:\windows\$NtUninstallKB35191$\4274686018\U\$800000c0
d:\windows\$NtUninstallKB35191$\4274686018\U\$800000cb
d:\windows\$NtUninstallKB35191$\4274686018\U\$800000cf
d:\windows\1116261118
d:\windows\daemon.dll
d:\windows\IsUn0415.exe
d:\windows\system32\comct332.ocx
d:\windows\system32\d3d9caps.dat
d:\windows\system32\shimg.dll
.
Zainfekowana kopia d:\windows\system32\drivers\i8042prt.sys zosta³a znaleziona. Problem naprawiono 
Plik odzyskano z - The cat found it :) 
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Us³ugi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_feca8842
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-08-28 do 2011-09-30  )))))))))))))))))))))))))))))))
.
.
2011-09-30 10:05 . 2011-09-30 10:05	--------	d-----w-	d:\windows\system32\xircom
2011-09-30 10:05 . 2011-09-30 10:05	--------	d-----w-	d:\windows\system32\wbem\snmp
2011-09-30 10:05 . 2011-09-30 10:05	--------	d-----w-	d:\program files\microsoft frontpage
2011-09-30 09:22 . 2008-04-14 19:41	53248	----a-w-	d:\windows\system32\drivers\i8042prt.sys
2011-09-29 10:35 . 2011-09-29 10:35	--------	d-----w-	d:\program files\Malwarebytes' Anti-Malware
2011-09-29 10:35 . 2011-08-31 15:00	22216	----a-w-	d:\windows\system32\drivers\mbam.sys
2011-09-29 10:09 . 2011-09-29 10:35	41272	----a-w-	d:\windows\system32\drivers\mbamswissarmy.sys
2011-09-29 10:09 . 2011-09-29 10:09	--------	d-----w-	d:\documents and settings\Roberto\Dane aplikacji\Malwarebytes
2011-09-29 10:09 . 2011-09-29 10:09	--------	d-----w-	d:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2011-09-28 17:08 . 2011-09-29 10:11	--------	d-----w-	d:\program files\Anti-Trojan-55
2011-09-28 16:58 . 2011-09-28 16:58	--------	d-----w-	d:\documents and settings\All Users\Dane aplikacji\TEMP
2011-09-28 16:58 . 2006-06-19 11:01	69632	----a-w-	d:\windows\system32\ztvcabinet.dll
2011-09-28 16:58 . 2006-05-25 13:52	162304	----a-w-	d:\windows\system32\ztvunrar36.dll
2011-09-28 16:58 . 2005-08-25 23:50	77312	----a-w-	d:\windows\system32\ztvunace26.dll
2011-09-28 16:58 . 2003-02-02 18:06	153088	----a-w-	d:\windows\system32\UNRAR3.dll
2011-09-28 16:58 . 2002-03-05 23:00	75264	----a-w-	d:\windows\system32\unacev2.dll
2011-09-28 16:58 . 2011-09-28 16:58	--------	d-----w-	d:\program files\Trojan Remover
2011-09-28 16:58 . 2011-09-28 16:58	--------	d-----w-	d:\documents and settings\Roberto\Dane aplikacji\Simply Super Software
2011-09-28 16:58 . 2011-09-28 16:58	--------	d-----w-	d:\documents and settings\All Users\Dane aplikacji\Simply Super Software
2011-09-28 08:09 . 2011-09-28 08:09	--------	d-----w-	d:\windows\system32\wbem\Repository
2011-09-10 09:31 . 2011-09-17 10:40	--------	d-----w-	d:\documents and settings\Roberto\Dane aplikacji\.minecraft
2011-09-04 08:50 . 2011-09-04 08:50	--------	d-----w-	d:\documents and settings\Roberto\Dane aplikacji\Karate Panda
2011-09-04 08:50 . 2011-09-04 08:50	444952	----a-w-	d:\windows\system32\wrap_oal.dll
2011-09-04 08:50 . 2011-09-04 08:50	109080	----a-w-	d:\windows\system32\OpenAL32.dll
2011-09-04 08:50 . 2011-09-04 08:50	--------	d-----w-	d:\program files\OpenAL
2011-09-04 08:49 . 2011-09-04 08:49	--------	d-----w-	d:\program files\PLAY
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-13 06:34 . 2009-01-18 11:49	29712	----a-w-	d:\windows\system32\drivers\avgmfx86.sys
2011-09-07 07:25 . 2011-05-14 18:39	134104	----a-w-	d:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyœlne, prawid³owe wpisy nie s¹ pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"AdobeCS4ServiceManager"="d:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NeroFilterCheck"="d:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-30 16864768]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"AVG9_TRAY"="d:\progra~1\AVG\AVG9\avgtray.exe" [2011-09-13 2076512]
"BEWINTERNET-PL-IEWSessionManager"="d:\program files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe" [2009-10-14 140016]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"CardDetectorHUAWEI1752_1552"="d:\program files\CardDetector\HUAWEI1752_1552\CardDetector.exe" [2009-10-14 282624]
"AT-Watch"="d:\program files\Anti-Trojan-55\ATWatch.exe" [2002-09-08 26624]
"Anti-Trojan-Watch"="d:\program files\Anti-Trojan-55\ATWatch.exe" [2002-09-08 26624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-06-29 124928]
.
d:\documents and settings\Go˜†\Menu Start\Programy\Autostart\
OpenOffice.org 3.0.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
d:\documents and settings\MagdaS\Menu Start\Programy\Autostart\
OpenOffice.org 3.0.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
d:\documents and settings\Roberto\Menu Start\Programy\Autostart\
OpenOffice.org 3.0.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-11 09:33	12536	----a-w-	d:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 14:08	421160	----a-w-	d:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-01-15 07:19	1657376	----a-w-	d:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"cupxqwciism"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"TabletServicePen"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"iPod Service"=3 (0x3)
"getPlus(R) Helper"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"d:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"d:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"d:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\fpupdate.exe"=
"d:\\Documents and Settings\\Roberto\\Games\\Company of Heroes\\RelicCOH.exe"=
"d:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Program Files\\SoulseekNS\\slsk.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Documents and Settings\\Roberto\\Games\\Company of Heroes\\BugReport\\BugReport.exe"=
"d:\\Documents and Settings\\Roberto\\Games\\Company of Heroes\\Archive.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\OrangeBS\\BEWInternet-PL-IEW\\Connectivity\\ConnectivityManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
.
R0 d347bus;d347bus;d:\windows\system32\drivers\d347bus.sys [2010-07-06 155136]
R0 d347prt;d347prt;d:\windows\system32\drivers\d347prt.sys [2010-07-06 5248]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);d:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [2009-01-18 216400]
R1 AvgTdiX;AVG Free Network Redirector;d:\windows\system32\drivers\avgtdix.sys [2009-01-18 243152]
R2 avg9wd;AVG Free WatchDog;d:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-11 308136]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2011-09-29 22216]
S2 avg9emc;AVG Free E-mail Scanner;d:\program files\AVG\AVG9\avgemc.exe [2010-07-11 921952]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-29 366152]
S3 aaudstum;aaudstum;\??\d:\docume~1\Roberto\USTAWI~1\Temp\aaudstum.sys --> d:\docume~1\Roberto\USTAWI~1\Temp\aaudstum.sys [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;d:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 hwusbfake;Huawei DataCard USB Fake;d:\windows\system32\drivers\ewusbfake.sys [2011-01-21 102656]
S3 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\mbamswissarmy.sys [2011-09-29 41272]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;\??\d:\program files\MSI\Live Update 5\msibios32_100507.sys --> d:\program files\MSI\Live Update 5\msibios32_100507.sys [?]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\d:\program files\MSI\Live Update 5\NTIOLib.sys --> d:\program files\MSI\Live Update 5\NTIOLib.sys [?]
S3 Pcouffin;Low level access layer for CD devices;d:\windows\system32\Drivers\Pcouffin.sys --> d:\windows\system32\Drivers\Pcouffin.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;d:\windows\system32\drivers\wacmoumonitor.sys [2010-03-06 15144]
S3 ZTEusbnmeaext;ZTE NMEAExt Port;d:\windows\system32\drivers\ZTEusbnmeaext.sys [2010-05-17 103936]
S4 cupxqwciism;cupxqwciism;"d:\docume~1\Roberto\USTAWI~1\Temp\DAT76.tmp.exe" --SERVICE --> d:\docume~1\Roberto\USTAWI~1\Temp\DAT76.tmp.exe [?]
S4 TabletServicePen;TabletServicePen;d:\windows\system32\Pen_Tablet.exe [2010-03-06 3032360]
.
.
------- Skan uzupe³niaj¹cy -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZNfox000&ptb=F4t2LwJDZoys6Xar_jR3Ww
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - d:\documents and settings\Roberto\Dane aplikacji\Mozilla\Firefox\Profiles\4bd03v5y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ig
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNfox000&ptb=F4t2LwJDZoys6Xar_jR3Ww&ind=2011020218&ptnrS=ZNfox000&si=&n=77ddbbba&psa=&st=kwd&searchfor=
pref(dom.disable_open_during_load, true);
.
- - - - USUNIÊTO PUSTE WPISY - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-DAEMON Tools-1033 - d:\program files\D-Tools\daemon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-30 12:07
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyœlnie ukoñczone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-299502267-926492609-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:84,31,23,56,4b,07,11,0f,59,10,19,68,cd,81,a6,1f,f9,78,64,f1,f5,
   4c,06,93,1a,65,f7,f5,dd,37,0c,44,a9,54,fc,23,7c,dc,76,96,ed,97,dd,42,f4,f4,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- Pliki DLL ³adowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(3052)
d:\windows\system32\WININET.dll
d:\windows\system32\wpdshserviceobj.dll
d:\windows\system32\portabledevicetypes.dll
d:\windows\system32\portabledeviceapi.dll
d:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
d:\program files\K-Lite Codec Pack\Filters\vsfilter.dll
d:\windows\system32\wmpasf.dll
d:\windows\system32\DRMClien.DLL
d:\program files\Common Files\Ahead\DSFilter\NeVideo.ax
d:\program files\Common Files\Ahead\Lib\AdvrCntr2.dll
d:\program files\K-Lite Codec Pack\Filters\WavPackDSSplitter.ax
d:\program files\K-Lite Codec Pack\Real\RealMediaSplitter.ax
d:\program files\Adobe\Adobe Premiere Pro CS4\ad2dsh264.ax
d:\program files\Adobe\Adobe Premiere Pro CS4\ad2h264dec.dll
d:\program files\K-Lite Codec Pack\Filters\mmamr.ax
d:\program files\K-Lite Codec Pack\Filters\FLVSplitter.ax
d:\program files\Common Files\Ahead\DSFilter\NeMP4Splitter.ax
d:\program files\K-Lite Codec Pack\Filters\MP4Splitter.ax
d:\program files\K-Lite Codec Pack\Filters\mmmpcdmx.ax
d:\program files\Common Files\Ahead\DSFilter\NeSplitter.ax
d:\program files\Adobe\Adobe Premiere Pro CS4\ad2mcdsmpeg.ax
d:\program files\Adobe\Adobe Premiere Pro CS4\ad2mcmpgdec.dll
d:\program files\Adobe\Adobe Premiere Pro CS4\ad2mcac3dec.dll
d:\program files\Adobe\Adobe Premiere Pro CS4\ad2mcspmpeg.ax
d:\program files\Adobe\Adobe Premiere Pro CS4\ad2mpegin.dll
d:\program files\Adobe\Adobe Premiere Pro CS4\ad2mpgdmux.dll
.
------------------------ Pozosta³e uruchomione procesy ------------------------
.
d:\program files\AVG\AVG9\avgchsvx.exe
d:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\windows\system32\nvsvc32.exe
d:\program files\AVG\AVG9\avgnsx.exe
d:\windows\system32\wscntfy.exe
d:\windows\RTHDCPL.EXE
d:\windows\system32\RUNDLL32.EXE
d:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
d:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
d:\program files\OpenOffice.org 3\program\soffice.exe
d:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Czas ukoñczenia: 2011-09-30  12:12:43 - komputer zosta³ uruchomiony ponownie
ComboFix-quarantined-files.txt  2011-09-30 10:12
.
Przed: 64 582 184 960 bajtów wolnych
Po: 64 812 916 736 bajtów wolnych
.
- - End Of File - - 3416E78F7FF33529C9C73BE0C1CF086C