ComboFix 12-07-27.01 - Edzio 2012-07-26  16:03:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1250.48.1045.18.3582.2395 [GMT 2:00]
Uruchomiony z: c:\users\Edzio\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Edzio\16750187-0001-1100245
c:\users\Edzio\16750187-0001-1100245\svcsrv.exe
c:\windows\msvcr71.dll
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-06-26 do 2012-07-26  )))))))))))))))))))))))))))))))
.
.
2012-07-26 14:12 . 2012-07-26 14:12	--------	d-----w-	c:\users\Edzio\AppData\Local\temp
2012-07-26 14:12 . 2012-07-26 14:12	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-07-26 14:12 . 2012-07-26 14:12	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-26 14:12 . 2012-07-26 14:12	--------	d-----w-	c:\users\AppData\AppData\Local\temp
2012-07-26 13:47 . 2012-03-06 23:03	337880	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-07-26 13:47 . 2012-03-06 23:01	20696	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-07-26 13:46 . 2012-03-06 23:04	112984	----a-w-	c:\windows\system32\drivers\aswFW.sys
2012-07-26 13:46 . 2012-03-06 23:03	196440	----a-w-	c:\windows\system32\drivers\aswNdis2.sys
2012-07-26 13:46 . 2012-03-06 23:02	35672	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2012-07-26 13:46 . 2012-03-06 23:01	53848	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-07-26 13:46 . 2012-03-06 23:03	612184	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-07-26 13:46 . 2012-03-06 23:01	57688	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-07-26 13:46 . 2012-03-06 22:44	12112	----a-w-	c:\windows\system32\drivers\aswNdis.sys
2012-07-26 13:46 . 2012-03-06 23:15	41184	----a-w-	c:\windows\avastSS.scr
2012-07-26 13:46 . 2012-03-06 23:15	201352	----a-w-	c:\windows\system32\aswBoot.exe
2012-07-26 13:45 . 2012-07-26 13:45	--------	d-----w-	c:\program files\AVAST Software
2012-07-26 13:45 . 2012-06-29 08:44	6891424	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA870256-6FB0-40FD-8D85-AF4451554267}\mpengine.dll
2012-07-26 11:03 . 2012-07-26 11:03	54016	----a-w-	c:\windows\system32\drivers\lifenspb.sys
2012-07-26 10:08 . 2012-07-26 10:08	--------	d-----w-	c:\users\Edzio\AppData\Roaming\Malwarebytes
2012-07-26 10:08 . 2012-07-26 10:08	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-26 10:08 . 2012-07-26 10:08	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-07-26 10:08 . 2012-07-03 11:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-19 15:40 . 2012-07-19 15:41	--------	d-----w-	c:\users\Edzio\AppData\Local\Windows Live Writer
2012-07-19 15:40 . 2012-07-19 15:40	--------	d-----w-	c:\users\Edzio\AppData\Roaming\Windows Live Writer
2012-07-17 16:53 . 2012-07-17 16:53	--------	d-----w-	c:\users\Edzio\Tracing
2012-07-17 14:45 . 2012-07-17 14:45	--------	d-----w-	c:\windows\pl
2012-07-17 14:42 . 2012-03-08 16:32	39272	----a-w-	c:\windows\system32\drivers\fssfltr.sys
2012-07-15 08:45 . 2012-06-13 13:40	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-07-13 15:10 . 2012-06-05 16:47	1401856	----a-w-	c:\windows\system32\msxml6.dll
2012-07-13 15:10 . 2012-06-05 16:47	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-07-13 15:10 . 2012-06-05 16:47	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-07-13 15:04 . 2012-06-04 15:26	440704	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-07-13 15:04 . 2012-06-02 00:04	278528	----a-w-	c:\windows\system32\schannel.dll
2012-07-13 15:04 . 2012-06-02 00:03	204288	----a-w-	c:\windows\system32\ncrypt.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-26 13:54 . 2009-09-01 09:15	45056	----a-w-	c:\windows\system32\acovcnt.exe
2012-07-17 14:33 . 2011-03-28 16:36	19736	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-21 17:11	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 17:11	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 17:11	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 17:11	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 17:11	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 17:11	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 17:11	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 17:10	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 17:10	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2012-03-25 10:16	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-05-01 14:03 . 2012-06-14 16:02	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-07-26 12:43 . 2012-03-25 10:50	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	123536	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-03-28 10029672]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-04-21 540576]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-09-30 237568]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-04-17 1593344]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-10-01 851968]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-24 1833504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-16 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-16 92704]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"aswasOutExt.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2012-03-06 39424]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-04-11 217088]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-12-03 00:34	35184	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2009-09-01 09:11	47672	----a-w-	c:\windows\AsScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 02:52	104936	----a-w-	c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-03 11:23	17417392	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-09-01 08:51	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2009-05-20 05:16	222504	----a-w-	c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-12-04 05:15	218408	----a-w-	c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-25 10:51]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-25 10:51]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://easy-google-search.blogspot.com
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Edzio\AppData\Roaming\Mozilla\Firefox\Profiles\ebwpbhyx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.pl
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-Microsoft® Windows System - c:\users\Edzio\16750187-0001-1100245\svcsrv.exe
MSConfigStartUp-IndexSearch - c:\program files\ScanSoft\PaperPort\IndexSearch.exe
MSConfigStartUp-PaperPort PTD - c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-26 16:12
Windows 6.0.6002 Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  Sidebar = c:\program files\Windows Sidebar\sidebar.exe /autoRun?????????????????????????????????????????????????x?????????????????l?%Program 
.
skanowanie ukrytych plików ...  
.
.
c:\users\Edzio\AppData\Local\Temp\catchme.dll 53248 bytes executable
C:\ADSM_PData_0150
C:\avast! sandbox
.
skanowanie pomyślnie ukończone
ukryte pliki: 3
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'lsass.exe'(636)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
Czas ukończenia: 2012-07-26  16:18:35
ComboFix-quarantined-files.txt  2012-07-26 14:18
ComboFix2.txt  2012-05-17 16:44
.
Przed: 39 427 809 280 bajtów wolnych
Po: 40 381 382 656 bajtów wolnych
.
- - End Of File - - 749FA9FC048A7EF7154D06BFEE2231BA