ComboFix 12-01-15.01 - Piotr 2012-01-16   0:15.2.2 - x86
Microsoft Windows 7 Enterprise   6.1.7601.1.1250.48.1033.18.3063.1962 [GMT 1:00]
Uruchomiony z: c:\users\Piotr\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
Zainfekowana kopia c:\windows\system32\userinit.exe została znaleziona. Problem naprawiono
Plik odzyskano z - c:\windows\ERDNT\cache\userinit.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-12-15 do 2012-01-15  )))))))))))))))))))))))))))))))
.
.
2012-01-15 23:22 . 2012-01-15 23:25    --------    d-----w-    c:\users\Piotr\AppData\Local\temp
2012-01-15 23:22 . 2012-01-15 23:22    --------    d-----w-    c:\users\Public\AppData\Local\temp
2012-01-15 23:22 . 2012-01-15 23:22    --------    d-----w-    c:\users\postgres\AppData\Local\temp
2012-01-15 23:22 . 2012-01-15 23:22    --------    d-----w-    c:\users\Default\AppData\Local\temp
2012-01-15 23:22 . 2012-01-15 23:22    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2012-01-11 12:53 . 2011-11-17 05:38    1288472    ----a-w-    c:\windows\system32\ntdll.dll
2012-01-11 12:53 . 2011-11-19 14:01    67072    ----a-w-    c:\windows\system32\packager.dll
2012-01-11 12:53 . 2011-10-26 04:32    514560    ----a-w-    c:\windows\system32\qdvd.dll
2012-01-11 12:53 . 2011-10-26 04:32    1328128    ----a-w-    c:\windows\system32\quartz.dll
2012-01-03 16:47 . 2012-01-03 16:47    --------    d-----w-    C:\$AVG
2012-01-02 13:27 . 2012-01-02 13:38    --------    d-----w-    c:\users\Piotr\AppData\Roaming\NapiProjekt
2011-12-30 21:20 . 2011-12-30 21:26    --------    d-----w-    c:\program files\RealTemp
2011-12-30 16:49 . 2012-01-15 21:27    --------    d-----w-    c:\program files\SpeedFan
2011-12-19 10:41 . 2011-12-19 10:41    --------    d-----w-    c:\users\Piotr\AppData\Local\Apple
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-05 21:26 . 2011-05-19 07:57    414368    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-13 20:07 . 2011-12-13 20:06    1530550    ----a-w-    c:\windows\system32\~.tmp
2011-12-02 20:42 . 2011-12-02 20:42    101720    ----a-w-    c:\windows\system32\drivers\SBREDrv.sys
2011-11-24 04:25 . 2011-12-15 16:26    2342912    ----a-w-    c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2011-12-02 09:54    6823496    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{932D4174-EBD3-4B8C-8F57-37CF9B83FBB3}\mpengine.dll
2011-11-05 04:26 . 2011-12-15 16:26    2048    ----a-w-    c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-15 16:48    1798144    ----a-w-    c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-15 16:47    1427456    ----a-w-    c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 16:48    1127424    ----a-w-    c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-15 16:48    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2011-10-26 08:30 . 2010-12-13 21:12    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2011-10-26 04:47 . 2011-12-15 16:26    3967856    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:47 . 2011-12-15 16:26    3912560    ----a-w-    c:\windows\system32\ntoskrnl.exe
2011-10-26 04:28 . 2011-12-15 16:26    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2011-10-24 13:29 . 2011-10-24 13:29    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29    69632    ----a-w-    c:\windows\system32\QuickTime.qts
2011-10-18 17:07 . 2011-10-18 17:07    121337    ----a-w-    c:\windows\File Renamer - Basic Uninstaller.exe
2011-01-30 17:36 . 2011-01-30 17:36    1123840    ----a-w-    c:\program files\BESTplayer.exe
2011-12-21 08:04 . 2012-01-15 21:28    121816    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages    REG_MULTI_SZ       kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55    937920    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 16:42    499608    ------w-    c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 06:08    1523360    ----a-w-    c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57    406992    ----a-w-    c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22    59240    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-08-12 10:18    205336    ----a-w-    c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 13:11    287800    ----a-r-    c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06    254696    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37    517096    ----a-w-    c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R0 tpcdrdrv;tpcdrdrv;c:\windows\system32\DRIVERS\tpcdrdrv.sys [x]
R1 MpKsl2ba401e5;MpKsl2ba401e5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B61ED4BB-FC46-43E4-ABD8-B4EA619A2ED1}\MpKsl2ba401e5.sys [x]
R1 MpKsl37c77c17;MpKsl37c77c17;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0126997-8186-494D-9DD8-A67BC86A7AE1}\MpKsl37c77c17.sys [x]
R1 MpKsl3cb250b6;MpKsl3cb250b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0D8A303-F6E7-462A-9010-306E266246D4}\MpKsl3cb250b6.sys [x]
R1 MpKsl3ce6a387;MpKsl3ce6a387;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0126997-8186-494D-9DD8-A67BC86A7AE1}\MpKsl3ce6a387.sys [x]
R1 MpKsl580df4b6;MpKsl580df4b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E522AA0-D1EB-4B1E-BEB3-86E6F10D1C93}\MpKsl580df4b6.sys [x]
R1 MpKslc925b34f;MpKslc925b34f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76985B0D-A8EA-427F-BE31-16A1C45457C5}\MpKslc925b34f.sys [x]
R1 MpKsle9cd4a95;MpKsle9cd4a95;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0D8A303-F6E7-462A-9010-306E266246D4}\MpKsle9cd4a95.sys [x]
R1 MpKslff263b70;MpKslff263b70;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7036B52-27D1-41B6-A462-1596A6A05745}\MpKslff263b70.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x]
R3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [2008-11-18 16640]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-07-24 9472]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-22 1343400]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-07 691696]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - WS2IFSL
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4073640991-1843344588-3602607747-1001Core.job
- c:\users\Piotr\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-24 21:09]
.
2012-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4073640991-1843344588-3602607747-1001UA.job
- c:\users\Piotr\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-24 21:09]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 80.193.72.145:80
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\hvbo4gom.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-AdobeBridge - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Czas ukończenia: 2012-01-16  00:30:24 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-01-15 23:30
.
Przed: 13 797 883 904 bytes free
Po: 13 606 854 656 bytes free
.
- - End Of File - - A6FBC0A21E16EADBA796665C3E99A0A6