ComboFix 11-12-01.03 - Tomi 2011-12-01  20:32:06.1.4 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1250.48.1045.18.3326.2612 [GMT 1:00]
Uruchomiony z: c:\users\Tomi\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tomi\AppData\Local\unins000.exe
c:\users\Tomi\AppData\Roaming\1BC2.tmp
c:\users\Tomi\AppData\Roaming\2521.tmp
c:\users\Tomi\AppData\Roaming\2EE0.tmp
c:\users\Tomi\AppData\Roaming\378B.tmp
c:\users\Tomi\AppData\Roaming\3BFE.tmp
c:\users\Tomi\AppData\Roaming\40A6.tmp
c:\users\Tomi\AppData\Roaming\4187.tmp
c:\users\Tomi\AppData\Roaming\4D51.tmp
c:\users\Tomi\AppData\Roaming\523A.tmp
c:\users\Tomi\AppData\Roaming\61D5.tmp
c:\users\Tomi\AppData\Roaming\696F.tmp
c:\users\Tomi\AppData\Roaming\6D93.tmp
c:\users\Tomi\AppData\Roaming\81B1.tmp
c:\users\Tomi\AppData\Roaming\81D3.tmp
c:\users\Tomi\AppData\Roaming\945E.tmp
c:\users\Tomi\AppData\Roaming\948C.tmp
c:\users\Tomi\AppData\Roaming\AFD4.tmp
c:\users\Tomi\AppData\Roaming\B7E.tmp
c:\users\Tomi\AppData\Roaming\BB44.tmp
c:\users\Tomi\AppData\Roaming\D321.tmp
c:\users\Tomi\AppData\Roaming\DABE.tmp
c:\users\Tomi\AppData\Roaming\ECD.tmp
c:\users\Tomi\AppData\Roaming\EE99.tmp
c:\users\Tomi\AppData\Roaming\F09A.tmp
c:\users\Tomi\AppData\Roaming\FEB8.tmp
c:\users\Tomi\AppData\Roaming\i6hLyKdLM16y
c:\users\Tomi\AppData\Roaming\windows.exe
c:\users\Tomi\wevtapi.dll
c:\windows\$NtUninstallKB29054$
c:\windows\$NtUninstallKB29054$\3496923886
c:\windows\$NtUninstallKB29054$\769612961\@
c:\windows\$NtUninstallKB29054$\769612961\bckfg.tmp
c:\windows\$NtUninstallKB29054$\769612961\cfg.ini
c:\windows\$NtUninstallKB29054$\769612961\Desktop.ini
c:\windows\$NtUninstallKB29054$\769612961\keywords
c:\windows\$NtUninstallKB29054$\769612961\kwrd.dll
c:\windows\$NtUninstallKB29054$\769612961\L\xadqgnnk
c:\windows\$NtUninstallKB29054$\769612961\U\00000001.@
c:\windows\$NtUninstallKB29054$\769612961\U\00000002.@
c:\windows\$NtUninstallKB29054$\769612961\U\00000004.@
c:\windows\$NtUninstallKB29054$\769612961\U\80000000.@
c:\windows\$NtUninstallKB29054$\769612961\U\80000004.@
c:\windows\$NtUninstallKB29054$\769612961\U\80000032.@
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
Zainfekowana kopia c:\windows\system32\drivers\afd.sys została znaleziona. Problem naprawiono 
Plik odzyskano z - The cat found it :) 
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-11-01 do 2011-12-01  )))))))))))))))))))))))))))))))
.
.
2011-11-27 21:51 . 2011-11-27 21:51	--------	d-----w-	c:\program files\SkanerOnline
2011-11-20 21:59 . 2011-11-20 21:59	--------	d-----w-	c:\programdata\AVAST Software
2011-11-20 21:59 . 2011-11-20 21:59	--------	d-----w-	c:\program files\AVAST Software
2011-11-15 17:10 . 2011-11-22 08:08	--------	d-----w-	c:\users\Tomi\AppData\Roaming\Ogru
2011-11-15 17:10 . 2011-11-21 20:31	--------	d-----w-	c:\users\Tomi\AppData\Roaming\Xele
2011-11-05 00:40 . 2011-11-23 10:34	--------	d-----w-	c:\users\Tomi\AppData\Roaming\Qeidzu
2011-11-05 00:40 . 2011-11-22 20:27	--------	d-----w-	c:\users\Tomi\AppData\Roaming\Wuetam
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-06 10:19 . 2011-06-24 15:19	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 03:06 . 2011-08-03 14:37	472808	----a-w-	c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]
"Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-10-07 12661344]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-07-15 102400]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-12-04 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-30 136176]
R3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-30 136176]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-01-19 22504]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-07-15 233472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-04-07 5430272]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-07 157184]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-07-15 36608]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-30 10:28]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-30 10:28]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://redirectsite.net/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/pi/components/bph/SignActivX.cab
FF - ProfilePath - c:\users\Tomi\AppData\Roaming\Mozilla\Firefox\Profiles\taddl619.default\
FF - prefs.js: browser.startup.homepage - hxxp://redirectsite.net/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Regedit32 - c:\windows\system32\regedit.exe
HKLM-Run-NPSStartup - (no file)
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
AddRemove-{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1 - c:\users\Tomi\AppData\Local\unins000.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Czas ukończenia: 2011-12-01  20:40:45 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2011-12-01 19:40
.
Przed: 2 129 813 504 bajtów wolnych
Po: 2 267 430 912 bajtów wolnych
.
- - End Of File - - 355763A6C7E022A5FB98044BBF7F500F