ComboFix 11-10-21.06 - Tramp-Tour 2011-10-22  11:47:52.5.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.446.192 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Tramp-Tour\Pulpit\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Tramp-Tour\Ustawienia lokalne\Dane aplikacji\a36f7020\U
c:\documents and settings\Tramp-Tour\Ustawienia lokalne\Dane aplikacji\a36f7020\U\80000000.@
c:\documents and settings\Tramp-Tour\Ustawienia lokalne\Dane aplikacji\a36f7020\U\800000cb.@
c:\windows\$NtUninstallKB11440$
c:\windows\$NtUninstallKB11440$\1731520989
c:\windows\$NtUninstallKB11440$\2741989408\@
c:\windows\$NtUninstallKB11440$\2741989408\L\dazhwkit
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\system32\ 
c:\windows\system32\c_91860.nls
c:\windows\system32\CF19215.exe
.
Zainfekowana kopia c:\windows\system32\drivers\afd.sys została znaleziona. Problem naprawiono 
Plik odzyskano z - The cat found it :) 
Zainfekowana kopia c:\windows\system32\userinit.exe została znaleziona. Problem naprawiono 
Plik odzyskano z - c:\windows\ServicePackFiles\i386\userinit.exe 
.
Zainfekowana kopia c:\program files\Java\jre6\bin\jqs.exe została znaleziona. Problem naprawiono 
Plik odzyskano z - c:\program files\Java\jre6\bin\  
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_a36f7020
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-09-22 do 2011-10-22  )))))))))))))))))))))))))))))))
.
.
2011-10-22 09:43 . 2011-08-17 13:49	138496	-c--a-w-	c:\windows\system32\dllcache\afd.sys
2011-10-22 09:43 . 2011-08-17 13:49	138496	----a-w-	c:\windows\system32\drivers\afd.sys
2011-10-22 09:19 . 2011-10-22 09:19	--------	d--h--w-	c:\windows\PIF
2011-10-21 14:30 . 2011-10-21 14:54	309320	----a-w-	c:\windows\system32\drivers\TrufosAlt.sys
2011-10-21 10:46 . 2011-10-21 10:52	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2011-10-21 10:39 . 2003-02-02 18:06	153088	----a-w-	c:\windows\system32\UNRAR3.dll
2011-10-21 09:49 . 2011-10-22 09:34	48016	--sha-w-	c:\windows\system32\c_91860.nl_
2011-10-20 23:23 . 2010-11-09 12:56	98392	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-10-20 23:23 . 2010-11-09 12:56	27984	----a-w-	c:\windows\system32\sbbd.exe
2011-10-20 22:18 . 2011-10-20 22:18	--------	d-----w-	c:\documents and settings\Tramp-Tour\Ustawienia lokalne\Dane aplikacji\Threat Expert
2011-10-20 22:12 . 2011-10-21 10:42	--------	d---a-w-	c:\documents and settings\All Users\Dane aplikacji\TEMP
2011-10-20 22:12 . 2011-10-20 22:23	--------	d-----w-	c:\program files\Common Files\PC Tools
2011-10-20 22:07 . 2011-10-20 22:22	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\PC Tools
2011-10-20 19:46 . 2011-10-20 19:47	--------	d-----w-	c:\documents and settings\Tramp-Tour\Dane aplikacji\14AAD
2011-10-16 19:01 . 2011-10-22 09:53	--------	d-sh--w-	c:\documents and settings\Tramp-Tour\Ustawienia lokalne\Dane aplikacji\a36f7020
2011-10-09 15:42 . 2011-10-09 15:54	--------	d-----w-	c:\documents and settings\Tramp-Tour\Ustawienia lokalne\Dane aplikacji\DOSBox
2011-10-09 15:32 . 2011-10-09 16:53	--------	d-----w-	C:\SWOS
2011-09-27 10:12 . 2008-04-13 18:45	26112	-c--a-w-	c:\windows\system32\dllcache\usbser.sys
2011-09-27 10:12 . 2008-04-13 18:45	26112	----a-w-	c:\windows\system32\drivers\usbser.sys
2011-09-27 10:11 . 2008-11-07 16:55	16928	------w-	c:\windows\system32\spmsgXP_2k3.dll
2011-09-27 09:52 . 2011-09-27 09:52	--------	d-----w-	c:\program files\Common Files\PCSuite
2011-09-27 09:51 . 2011-09-27 09:52	--------	d-----w-	c:\program files\Common Files\Nokia
2011-09-27 09:51 . 2008-08-26 08:26	18816	----a-w-	c:\windows\system32\drivers\pccsmcfd.sys
2011-09-27 09:51 . 2011-09-27 09:51	--------	d-----w-	c:\program files\PC Connectivity Solution
2011-09-27 09:50 . 2011-05-18 08:12	8192	----a-w-	c:\windows\system32\drivers\usbser_lowerfltj.sys
2011-09-27 09:50 . 2011-05-18 08:12	8192	----a-w-	c:\windows\system32\drivers\usbser_lowerflt.sys
2011-09-27 09:50 . 2011-05-18 08:12	23168	----a-w-	c:\windows\system32\drivers\ccdcmbo.sys
2011-09-27 09:50 . 2011-05-18 08:13	123904	----a-w-	c:\windows\system32\ccdcmbwu.dll
2011-09-27 09:50 . 2011-05-18 08:13	605696	----a-w-	c:\windows\system32\nmwcdcocls.dll
2011-09-27 09:50 . 2011-05-18 08:12	18176	----a-w-	c:\windows\system32\drivers\ccdcmb.sys
2011-09-27 09:50 . 2011-05-18 08:09	1461992	----a-w-	c:\windows\system32\wdfcoinstaller01009.dll
2011-09-26 09:41 . 2011-09-26 09:41	614400	------w-	c:\windows\system32\uiautomationcore.dll
2011-09-23 11:35 . 2001-10-26 15:29	5632	----a-w-	c:\windows\system32\ptpusb.dll
2011-09-23 11:35 . 2008-04-14 17:20	159232	----a-w-	c:\windows\system32\ptpusd.dll
2011-09-23 10:55 . 2011-09-23 10:55	--------	d-sh--w-	c:\documents and settings\Tramp-Tour\Phone Browser
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-22 09:32 . 2011-10-22 09:32	138496	----a-w-	c:\windows\system32\drivers\afd.sys.org
2011-10-21 18:18 . 2004-08-04 12:00	42112	----a-w-	c:\windows\system32\drivers\imapi.sys
2011-10-21 14:52 . 2004-08-04 12:00	40448	----a-w-	c:\windows\system32\drivers\intelppm.sys
2011-10-21 14:33 . 2008-01-04 13:04	73728	----a-w-	c:\windows\system32\HPZipm12.exe
2011-10-21 14:31 . 2007-02-21 18:21	405504	----a-w-	c:\windows\system32\ati2evxx.exe
2011-10-21 11:18 . 2004-08-04 12:00	62976	----a-w-	c:\windows\system32\drivers\cdrom.sys
2011-10-21 10:06 . 2007-02-21 18:35	58880	----a-w-	c:\windows\system32\drivers\redbook.sys
2011-10-15 16:56 . 2011-05-26 08:32	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2004-08-04 12:00	23040	----a-w-	c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2004-08-04 12:00	220160	----a-w-	c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2004-08-04 12:00	602624	----a-w-	c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2005-10-06 03:10	1859200	----a-w-	c:\windows\system32\win32k.sys
2011-08-22 23:40 . 2004-08-04 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2011-08-22 23:40 . 2004-08-04 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-08-22 23:40 . 2004-08-04 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-08-22 11:58 . 2004-08-04 12:00	385024	----a-w-	c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-20 761946]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"Wbutton"="c:\program files\Launch Manager\WButton.exe" [2005-07-25 81920]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-07-28 57344]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.1\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 137216]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\windows\system32\config\systemprofile\Menu Start\Programy\Autostart\
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^OpenOffice.org 2.1.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\OpenOffice.org 2.1.lnk
backup=c:\windows\pss\OpenOffice.org 2.1.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tramp-Tour^Menu Start^Programy^Autostart^OpenOffice.org 2.1.lnk]
path=c:\documents and settings\Tramp-Tour\Menu Start\Programy\Autostart\OpenOffice.org 2.1.lnk
backup=c:\windows\pss\OpenOffice.org 2.1.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59	937920	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58	37296	----a-w-	c:\program files\Adobe\Reader 9.1\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 17:43	69632	----a-w-	c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 17:41	45056	----a-w-	c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 17:21	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24	54840	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
2005-07-25 12:36	32768	----a-w-	c:\program files\Launch Manager\LaunchAp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
2005-07-25 09:45	241664	----a-w-	c:\program files\Launch Manager\OSDCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrVolOSD]
2005-03-16 12:52	204800	----a-w-	c:\program files\Launch Manager\OSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:21	1695232	--sh--w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2011-06-16 13:21	1500160	----a-w-	d:\programs\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-18 13:27	16207872	----a-w-	c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2005-11-10 02:44	557056	----a-w-	c:\windows\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43	248040	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
2005-07-25 12:34	81920	----a-w-	c:\program files\Launch Manager\WButton.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programs\\Gadu-Gadu\\gg.exe"=
"d:\\Programs\\InterVideo WinDVD\\WinDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programs\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Documents and Settings\\Tramp-Tour\\Dane aplikacji\\14AAD\\51E20.exe"=
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-21 98392]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WLAN(WLAN);802.11b+g USB Wireless LAN Adapter Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2007-02-26 248320]
.
Zawartość folderu 'Zaplanowane zadania'
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://ui.skype.com/ui/0/1.4.11.78/pl/faq
uInternet Settings,ProxyServer = http=127.0.0.1:56970
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
SafeBoot-03410287.sys
SafeBoot-19224106.sys
SafeBoot-46123311.sys
SafeBoot-51398465.sys
SafeBoot-52164607.sys
SafeBoot-97214466.sys
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-22 11:56
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?07??\??????|x??|????q??|?j?wQj?w????????,??? ???????????????d??????|????????p?????@??i?????????????s???????s???sx??s@??????????????|h??st??????????s?????????????????C?sc"?sx??s???????w??@?N'?sdE9??6@?pE9???????? 
  Wbutton = c:\program files\Launch Manager\WButton.exe??C??\??????|x??|????q??|?j?wQj?w????????(??? ???????????????d??????|????????p?????@????????????????s???????s???sx??s@??????????????|h??st??????????s?????????????????C?sc"?sx??s??????7~??@?N'?s\E9??6@?hE9???????? 
  LaunchAp = c:\program files\Launch Manager\LaunchAp.exe?@??\??????|H??|????A??|>j?wwj?w????????0??? ???????????????d???y??|????????p?????@??u?????????????s???????s???sx??s@???????????v??|h??st??????????s?????????????????C?sc"?sx??s??????7~??@?N'?s?A:??6@??A:???????? 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(464)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2584)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2011-10-22  12:00:02 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2011-10-22 09:59
.
Przed: 10,201,505,792 bajtów wolnych
Po: 10,167,685,120 bajtów wolnych
.
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 9A15ADC328A94FE66EC1D104A9C56A30