ComboFix 12-03-18.04 - Marcin 2012-03-19  17:16:05.1.2 - x86 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.3327.2780 [GMT 1:00]
Uruchomiony z: c:\users\Marcin\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB34655$
c:\windows\$NtUninstallKB34655$\195809264
c:\windows\$NtUninstallKB34655$\558474774\@
c:\windows\$NtUninstallKB34655$\558474774\cfg.ini
c:\windows\$NtUninstallKB34655$\558474774\Desktop.ini
c:\windows\$NtUninstallKB34655$\558474774\L\xadqgnnk
c:\windows\$NtUninstallKB34655$\558474774\twl.dll
c:\windows\$NtUninstallKB34655$\558474774\U\00000001.@
c:\windows\$NtUninstallKB34655$\558474774\U\00000002.@
c:\windows\$NtUninstallKB34655$\558474774\U\00000004.@
c:\windows\$NtUninstallKB34655$\558474774\U\80000000.@
c:\windows\$NtUninstallKB34655$\558474774\U\80000004.@
c:\windows\$NtUninstallKB34655$\558474774\U\80000032.@
c:\windows\$NtUninstallKB34655$\558474774\version
c:\windows\IsUn0415.exe
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\dnserver32.dll
c:\windows\system32\Fd16_700.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\se59obex.dll
c:\windows\system32\thinkpadmodemservice.dll
.
Zainfekowana kopia c:\windows\system32\drivers\netbt.sys została znaleziona. Problem naprawiono 
Plik odzyskano z - The cat found it :) 
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_GoProto
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-02-19 do 2012-03-19  )))))))))))))))))))))))))))))))
.
.
2012-03-18 16:54 . 2012-03-18 21:45	335504	----a-w-	c:\windows\system32\drivers\TrufosAlt.sys
2012-03-16 07:09 . 2012-02-08 06:03	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{12B3701F-24F9-44FA-A1FF-4E6428341C3C}\mpengine.dll
2012-03-14 16:48 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-14 16:48 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 16:47 . 2012-02-03 03:54	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 16:47 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 16:39 . 2012-01-25 05:32	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 16:39 . 2012-01-25 05:27	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 16:39 . 2012-01-25 05:32	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 16:39 . 2012-02-17 05:34	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 16:39 . 2012-02-17 04:14	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-14 16:39 . 2012-02-17 04:13	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-10 11:42 . 2012-03-10 11:42	--------	d-----w-	c:\program files\iPod
2012-03-05 08:31 . 2012-03-05 08:32	--------	d-----w-	c:\program files\CCleaner
2012-02-24 12:17 . 2012-02-24 12:17	--------	d-----w-	c:\program files\Common Files\Java
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 12:16 . 2011-08-07 15:14	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-02-23 08:18 . 2010-11-24 17:15	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-15 10:01 . 2012-02-15 10:01	4547944	----a-w-	c:\windows\system32\usbaaplrc.dll
2012-02-15 10:01 . 2012-02-15 10:01	43520	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2012-02-15 09:44 . 2012-02-09 18:23	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-01-04 08:58 . 2012-02-15 09:54	442880	----a-w-	c:\windows\system32\ntshrui.dll
2011-12-30 05:27 . 2012-02-15 09:55	478720	----a-w-	c:\windows\system32\timedate.cpl
2012-02-17 15:27 . 2011-03-27 17:44	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-04 19:20	1514152	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2009-04-09 237568]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 497536]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-17 1474560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2009-10-07 939272]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-09-08 888488]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe [2010-11-24 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-18 18:52	104936	------w-	c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 09:16	2363392	----a-w-	c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-13 17:11	210216	------w-	c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 36000]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-09-29 809736]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 284672]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-12-15 463824]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 136176]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-04-07 99896]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 25600]
R3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 136176]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2010-03-05 17408]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1066496]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-24 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-25 721904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-06-12 91136]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-06-05 27320]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
EKECioCtl
Defrag32b
pcradminserver
qcmerced
CADlink
belgium_id_card_service
CnxTrLan
GoProto
konfig
rpskt
atixsaudio
generichidservice
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 13:19]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 13:19]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.asus.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 213.156.98.141 150.254.173.3
FF - ProfilePath - c:\users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\3n2qtuwr.default\
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-SuperMemo UX - Angielski. No problem!+ 1 - c:\windows\IsUn0415.exe
AddRemove-SuperMemo UX - Angielski. No problem!+ 2 - c:\windows\IsUn0415.exe
AddRemove-SuperMemo UX - Angielski. No problem!+ 3 - c:\windows\IsUn0415.exe
AddRemove-_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\conhost.exe
c:\windows\helppane.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Czas ukończenia: 2012-03-19  17:29:26 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-03-19 16:29
.
Przed: 138 952 040 448 bajtów wolnych
Po: 138 550 124 544 bajtów wolnych
.
- - End Of File - - D7E25C109713E34BD30E25C7D6642EBF