ComboFix 12-11-08.01 - user 2012-11-08  18:35:07.2.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.3070.1659 [GMT 1:00]
Uruchomiony z: c:\users\user\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\users\user\AppData\Local\TempDIR
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-10-08 do 2012-11-08  )))))))))))))))))))))))))))))))
.
.
2012-11-08 17:40 . 2012-11-08 17:40	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-11-08 17:40 . 2012-11-08 17:40	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-11-08 17:40 . 2012-11-08 17:40	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-08 15:46 . 2012-11-08 15:46	--------	d-----w-	c:\program files\Ask.com
2012-11-08 15:46 . 2012-11-08 15:46	--------	d-----w-	c:\users\user\AppData\Roaming\Carambis
2012-11-08 15:46 . 2012-11-08 15:46	--------	d-----w-	c:\program files\Carambis
2012-11-08 15:14 . 2012-11-08 15:14	--------	d-----w-	c:\users\user\AppData\Roaming\FixZeroAccess
2012-11-08 15:13 . 2012-11-08 15:13	35752	----a-w-	c:\windows\system32\drivers\FixZeroAccess.sys
2012-11-08 14:50 . 2012-11-08 14:55	--------	d-----w-	c:\windows\system32\DBBK
2012-11-06 23:34 . 2012-11-06 23:34	12872	----a-w-	c:\windows\system32\bootdelete.exe
2012-11-06 23:29 . 2012-11-06 23:34	--------	d-----w-	c:\programdata\HitmanPro
2012-11-06 22:24 . 2012-11-06 22:24	--------	d-----w-	c:\users\user\AppData\Local\AVG Secure Search
2012-11-06 22:24 . 2012-11-06 22:24	--------	d-----w-	c:\programdata\AVG Secure Search
2012-11-06 22:24 . 2012-11-06 22:24	26984	----a-w-	c:\windows\system32\drivers\avgtpx86.sys
2012-11-06 22:24 . 2012-11-06 22:24	--------	d-----w-	c:\program files\Common Files\AVG Secure Search
2012-11-06 22:24 . 2012-11-06 22:24	--------	d-----w-	c:\program files\AVG Secure Search
2012-11-06 22:02 . 2012-11-06 22:02	--------	d-----w-	c:\program files\Enigma Software Group
2012-11-06 22:01 . 2012-11-06 22:32	--------	d-----w-	c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-11-06 20:24 . 2012-11-06 20:24	--------	d-----w-	c:\users\user\AppData\Roaming\Malwarebytes
2012-11-06 20:24 . 2012-11-06 20:24	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-06 20:24 . 2012-09-29 18:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-06 19:58 . 2012-10-12 05:56	6918632	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{711A2B85-C8E1-4D44-9909-C93223837747}\mpengine.dll
2012-11-04 09:25 . 2012-11-04 09:26	--------	d-----w-	c:\program files\CCleaner
2012-10-16 13:35 . 2012-10-16 13:35	331908	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-10-16 13:35 . 2012-10-16 13:35	200836	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-10-16 13:35 . 2005-04-03 21:02	753664	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-10-16 13:35 . 2005-04-03 21:02	69714	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-10-16 13:35 . 2005-04-03 21:01	274432	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-10-16 13:35 . 2005-04-03 21:00	184320	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-10-16 13:35 . 2005-04-03 20:59	5632	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-10-16 13:14 . 2012-10-16 13:14	--------	d-----w-	c:\programdata\Electronic Arts
2012-10-16 13:14 . 2012-10-16 13:14	--------	d-----w-	c:\programdata\EA Core
2012-10-16 12:28 . 2012-10-16 12:28	--------	d-----w-	c:\programdata\Solidshield
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 19:30 . 2012-08-13 13:09	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-09 19:30 . 2011-07-27 08:37	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-01 15:19 . 2012-09-01 15:19	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-09-01 15:19 . 2012-09-01 15:19	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-01 15:19 . 2010-09-13 10:36	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-30 19:13 . 2012-09-28 16:10	888168	----a-w-	c:\windows\system32\nvdispgenco32.dll
2012-08-30 19:13 . 2012-09-28 16:10	6109032	----a-w-	c:\windows\system32\nvopencl.dll
2012-08-30 19:13 . 2012-09-28 16:10	19828584	----a-w-	c:\windows\system32\nvoglv32.dll
2012-08-30 19:13 . 2012-09-28 16:10	10790760	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-08-30 19:13 . 2012-09-28 16:10	1009512	----a-w-	c:\windows\system32\nvdispco32.dll
2012-08-30 19:13 . 2012-09-28 16:10	7626088	----a-w-	c:\windows\system32\nvcuda.dll
2012-08-30 19:13 . 2012-09-28 16:10	2573672	----a-w-	c:\windows\system32\nvcuvid.dll
2012-08-30 19:13 . 2012-09-28 16:10	1866088	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-08-30 19:13 . 2012-09-28 16:10	17559912	----a-w-	c:\windows\system32\nvcompiler.dll
2012-08-30 19:13 . 2012-09-28 16:10	15291752	----a-w-	c:\windows\system32\nvd3dum.dll
2012-08-30 19:13 . 2009-07-14 18:54	2422120	----a-w-	c:\windows\system32\nvapi.dll
2012-08-30 19:13 . 2009-07-14 18:54	12465512	----a-w-	c:\windows\system32\nvwgf2um.dll
2012-08-30 15:57 . 2010-07-09 15:37	645992	----a-w-	c:\windows\system32\nvvsvc.exe
2012-08-30 15:57 . 2012-09-28 16:10	2557288	----a-w-	c:\windows\system32\nvsvcr.dll
2012-08-30 15:57 . 2010-07-09 15:37	62312	----a-w-	c:\windows\system32\nvshext.dll
2012-08-30 15:57 . 2010-07-09 15:37	108392	----a-w-	c:\windows\system32\nvmctray.dll
2012-08-30 15:57 . 2010-07-09 15:37	3963240	----a-w-	c:\windows\system32\nvcpl.dll
2012-08-30 15:57 . 2010-07-09 15:37	2836840	----a-w-	c:\windows\system32\nvsvc.dll
2012-08-30 08:40 . 2012-08-30 08:40	429416	----a-w-	c:\windows\system32\nvStreaming.exe
2012-08-24 06:59 . 2012-09-22 15:36	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-22 15:36	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-22 15:36	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 15:36	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 15:36	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-22 15:36	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-12 10:48	1292144	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 10:48	712048	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 10:48	240496	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 10:48	187760	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-26 10:05	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-10-29 07:59 . 2012-10-14 09:29	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-17 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-06 22:24	1796552	----a-w-	c:\program files\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-11-17 18:29	1515688	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll" [2012-11-06 1796552]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-17 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AQQ"="c:\programy\WapSter\WAPSTE~1\AQQ.exe" [2012-07-16 10354176]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"Steam"="c:\program files\Steam\Steam.exe" [2012-08-04 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"ORAHSSSessionManager"="c:\program files\Livebox\SessionManager\SessionManager.exe" [2008-06-10 107248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\programy\QuickTime\QTTask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-06 997320]
"ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-11-06 1020512]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-11-17 901800]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GIGABYTE Gamer HUD Lite.lnk - c:\program files\GIGABYTE\Gamer HUD Lite\HUD.exe [2009-6-30 1678848]
Rejestracja Need for Speed™ Undercover.lnk - e:\gry\EA Games\Need for Speed Undercover\Support\EAregister.exe [N/A]
Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02	37296	----a-w-	c:\programy\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]
S0 pavboot;Panda Boot Driver;c:\windows\system32\drivers\pavboot.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\programy\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-13 19:30]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=15838
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\h0eh8p1p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15838
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100482&babsrc=adbartrp&mntrId=a8c130a4000000000000001c256fa872&q=
FF - ExtSQL: 2012-11-06 23:24; avg@toolbar; c:\programdata\AVG Secure Search\FireFoxExt\13.2.0.4
FF - ExtSQL: !HIDDEN! 2009-12-07 17:26; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100482
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a8c130a4000000000000001c256fa872
FF - user.js: extensions.BabylonToolbar_i.hardId - a8c130a4000000000000001c256fa872
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15356
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:58
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
AddRemove-HijackThis - l:\tools\HijackThis.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2871383845-20140808-1513811140-1000\Software\SecuROM\License information*]
"datasecu"=hex:0e,fd,40,a4,71,4d,a3,62,44,82,86,34,39,03,5a,c9,0c,59,50,d9,e1,
   af,40,cd,b0,13,19,5d,5c,d2,e0,f9,74,cf,48,14,7d,c6,5e,fd,f4,b0,36,57,a0,dc,\
"rkeysecu"=hex:40,85,f6,d4,d7,6b,86,a3,32,3d,a5,c4,98,f9,ec,bd
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2012-11-08  18:42:33
ComboFix-quarantined-files.txt  2012-11-08 17:42
ComboFix2.txt  2011-08-04 10:23
.
Przed: 57 039 163 392 bajtów wolnych
Po: 56 729 903 104 bajtów wolnych
.
- - End Of File - - 84106FD37D97FB991049E59E1123E533