ComboFix 11-10-29.03 - usero 2011-10-29  18:49:19.1.2 - x86 MINIMAL
Uruchomiony z: H:\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\windows\system32\CddbCdda.dll
d:\windows\system32\setup.ini
.
Zainfekowana kopia d:\windows\System32\autochk.exe została znaleziona. Problem naprawiono 
Plik odzyskano z - d:\windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe 
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-09-28 do 2011-10-29  )))))))))))))))))))))))))))))))
.
.
2011-10-29 14:49 . 2011-10-29 12:55	--------	d-----w-	D:\bd_logs
2011-10-29 10:03 . 2011-08-17 04:24	465408	----a-w-	d:\windows\system32\psisdecd.dll
2011-10-29 10:03 . 2011-08-17 04:19	75776	----a-w-	d:\windows\system32\psisrndr.ax
2011-10-29 10:01 . 2011-09-06 02:28	2334720	----a-w-	d:\windows\system32\win32k.sys
2011-10-17 16:40 . 2011-10-29 13:27	58288	----a-w-	d:\windows\system32\rpcnet.dll
2011-10-17 16:40 . 2011-10-17 16:40	58288	------w-	d:\windows\system32\rpcnet.exe
2011-10-17 16:40 . 2011-10-17 16:40	13160	----a-w-	d:\windows\system32\Upgrd.exe
2011-10-17 16:36 . 2011-10-17 16:36	17408	----a-w-	d:\windows\system32\rpcnetp.dll
2011-10-17 16:35 . 2011-10-29 13:27	17408	----a-w-	d:\windows\system32\rpcnetp.exe
2011-10-04 17:02 . 2011-09-06 20:37	320856	----a-w-	d:\windows\system32\drivers\aswSP.sys
2011-10-04 17:02 . 2011-09-06 20:36	20568	----a-w-	d:\windows\system32\drivers\aswFsBlk.sys
2011-10-04 17:02 . 2011-09-06 20:36	34392	----a-w-	d:\windows\system32\drivers\aswRdr.sys
2011-10-04 17:02 . 2011-09-06 20:36	52568	----a-w-	d:\windows\system32\drivers\aswTdi.sys
2011-10-04 17:02 . 2011-09-06 20:38	442200	----a-w-	d:\windows\system32\drivers\aswSnx.sys
2011-10-04 17:01 . 2011-09-06 20:36	54616	----a-w-	d:\windows\system32\drivers\aswMonFlt.sys
2011-10-04 17:00 . 2011-09-06 20:45	41184	----a-w-	d:\windows\avastSS.scr
2011-10-04 17:00 . 2011-09-06 20:45	199304	----a-w-	d:\windows\system32\aswBoot.exe
2011-10-02 17:04 . 2011-10-02 17:04	--------	d-----w-	d:\users\usero\AppData\Local\Knowledge Solutions
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar]
2007-03-21 15:29	167936	----a-w-	d:\windows\System32\stmctrl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"PCSuiteTrayApplication"=d:\programy\Nokia PC Suite 6\LaunchApplication.exe -startup
"hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;d:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
R3 netw5v32;Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows Vista w wersji 32-bitowej;d:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 Stmatm;ATM/ADSL miniport;d:\windows\system32\DRIVERS\stmatm.sys [2007-01-22 60533]
R3 TaurusUsb;ADSL Modem USB Service;d:\windows\system32\DRIVERS\torususb.sys [2007-04-13 688864]
R3 TsUsbFlt;TsUsbFlt;d:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;d:\windows\system32\Wat\WatAdminSvc.exe [2011-09-06 1343400]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Zawartość folderu 'Zaplanowane zadania'
.
.
------- Skan uzupełniający -------
.
mLocal Page = c:\windows\System32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
------- Skojarzenia plików -------
.
JSEFile=c:\windows\System32\WScript.exe "%1" %*
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShell.dll
HKCU-Run-Sidebar - c:\program files\Windows Sidebar\Sidebar.exe
HKCU-RunOnce-mctadmin - c:\windows\System32\mctadmin.exe
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-avast - c:\program files\AVAST Software\Avast\avastUI.exe
MSConfigStartUp-NvCplDaemon - c:\windows\system32\NvCpl.dll
MSConfigStartUp-NvMediaCenter - c:\windows\system32\NvMcTray.dll
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-Sidebar - c:\program files\Windows Sidebar\Sidebar.exe
HKLM_ActiveSetup-{89820200-ECBD-11cf-8B85-00AA005B4383} - c:\windows\System32\ie4uinit.exe
HKLM_ActiveSetup-{89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\windows\system32\Rundll32.exe
AddRemove-0C5EDC3653FED5B121F464339EAC12534D253B25 - c:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-4077F884D1BB007055BDB83B621D87220A73F30F - c:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-Adobe AIR - c:\program files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil10n_Plugin.exe
AddRemove-Ashampoo Burning Studio 2010_is1 - d:\programy\Ashampoo Burning Studio 2010\unins000.exe
AddRemove-avast - c:\program files\AVAST Software\Avast\aswRunDll.exe
AddRemove-B726756F5B5A5AA9D798B399386FC6205A45F19E - c:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-CCleaner - c:\program files\CCleaner\uninst.exe
AddRemove-CD8424B9400BFF7D34AA18F816C71322AC4BDAA7 - c:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-ENTERPRISE - c:\program files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe
AddRemove-Gadu-Gadu - d:\programy\Gadu-Gadu\Setup.exe
AddRemove-Glary Utilities_is1 - d:\programy\Glary Utilities\unins000.exe
AddRemove-HP Imaging Device Functions - c:\program files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe
AddRemove-HP Photosmart Essential - c:\program files\HP\Digital Imaging\PhotosmartEssential\hpzscr01.exe
AddRemove-HP Solution Center & Imaging Support Tools - c:\program files\HP\Digital Imaging\eSupport\hpzscr01.exe
AddRemove-HPExtendedCapabilities - c:\program files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe
AddRemove-Microsoft .NET Framework 4 Client Profile - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
AddRemove-Microsoft .NET Framework 4 Client Profile PLK Language Pack - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe
AddRemove-Mozilla Firefox (3.6.23) - c:\program files\Mozilla Firefox\uninstall\helper.exe
AddRemove-Nokia PC Suite - c:\programdata\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_EA.exe
AddRemove-The KMPlayer - d:\programy\The KMPlayer\uninstall.exe
AddRemove-uTorrent - d:\programy\uTorrent.exe
AddRemove-Winamp - d:\programy\Winamp\UninstWA.exe
AddRemove-WinRAR archiver - c:\program files\WinRAR\uninstall.exe
AddRemove-ZTE ZXDSL852 - c:\program files\ZTE Corporation\ZXDSL852\setup.exe
AddRemove-{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe
AddRemove-{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{4B97502B-795A-4E12-9A93-E824772156A7} - c:\program files\HP\Digital Imaging\{4B97502B-795A-4E12-9A93-E824772156A7}\setup\hpzscr01.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
d:\windows\system32\conhost.exe
d:\windows\System32\dinotify.exe
d:\windows\helppane.exe
d:\\?\d:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Czas ukończenia: 2011-10-29  19:03:22 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2011-10-29 17:03
.
Przed: 37 165 797 376 bajtów wolnych
Po: 37 062 144 000 bajtów wolnych
.
- - End Of File - - CD6BB4DB941F788520480F98150FF8B8