ComboFix 13-09-28.02 - robert 2013-09-29  23:48:35.1.2 - x86 MINIMAL
Microsoft Windows 7 Professional   6.1.7601.1.1250.48.1045.18.3572.2744 [GMT 2:00]
Uruchomiony z: F:\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\robert\AppData\Roaming\data.dat
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2013-08-28 do 2013-09-29  )))))))))))))))))))))))))))))))
.
.
2013-09-29 21:52 . 2013-09-29 21:52	--------	d-----w-	c:\users\robert\AppData\Local\temp
2013-09-29 21:52 . 2013-09-29 21:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-09 23:34 . 2013-09-09 23:34	22328	----a-w-	c:\windows\system32\drivers\avgidsshimx.sys
2013-09-04 23:43 . 2013-09-04 23:43	39224	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-16 21:42 . 2013-01-23 18:09	37664	----a-w-	c:\windows\system32\drivers\avgtpx86.sys
2013-07-25 08:57 . 2013-08-13 21:22	1620992	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-19 23:51 . 2013-07-19 23:51	246072	----a-w-	c:\windows\system32\drivers\avglogx.sys
2013-07-19 23:50 . 2013-07-19 23:50	60216	----a-w-	c:\windows\system32\drivers\avgidshx.sys
2013-07-19 23:50 . 2013-07-19 23:50	208184	----a-w-	c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-19 23:50 . 2013-07-19 23:50	171320	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2013-07-19 01:41 . 2013-08-13 21:17	2048	----a-w-	c:\windows\system32\tzres.dll
2013-07-17 23:01 . 2012-12-02 12:49	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-17 23:01 . 2012-12-02 12:49	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-07-09 05:03 . 2013-08-18 20:27	3968960	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-07-09 05:03 . 2013-08-18 20:27	3913664	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-07-09 04:53 . 2013-08-18 20:27	1289096	----a-w-	c:\windows\system32\ntdll.dll
2013-07-09 04:52 . 2013-08-13 21:25	175104	----a-w-	c:\windows\system32\wintrust.dll
2013-07-09 04:50 . 2013-08-13 21:25	652800	----a-w-	c:\windows\system32\rpcrt4.dll
2013-07-09 04:46 . 2013-08-13 21:25	1166848	----a-w-	c:\windows\system32\crypt32.dll
2013-07-09 04:46 . 2013-08-13 21:25	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-07-09 04:46 . 2013-08-13 21:25	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-07-06 05:05 . 2013-08-13 21:22	1293760	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-08-16 21:42	3122864	----a-w-	c:\program files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll" [2013-08-16 3122864]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-07-09 2119104]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PIconStartup.exe" [2010-02-04 111640]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-11-18 1657448]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-11-20 87144]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-08-16 2314416]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06	958576	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-04-03 00:27	1234216	----a-w-	c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04	252848	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-07-19 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-09-09 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-07-19 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-03-21 182072]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2013-07-04 4939312]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2013-07-23 283136]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
R2 PLAY ONLINE. RunOuc;PLAY ONLINE. OUC;c:\program files\PLAY ONLINE\UpdateDog\ouc.exe [2012-12-02 246112]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2010-02-04 2058776]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-08-16 1643184]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2011-07-05 39656]
R3 e1yexpress;Sterownik kart Intel(R) Gigabit Network Connection;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-12-02 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-12-02 11136]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-12-02 95616]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-12-02 27520]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-12-02 195072]
R3 netw5v32;Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows Vista w wersji 32-bitowej;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-02 1343400]
R4 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
R4 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [2012-11-22 1522312]
R4 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [2012-11-22 905864]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-07-19 60216]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-07-19 246072]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-09-04 39224]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-08-16 37664]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-12-02 76544]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-02 23:01]
.
2013-01-24 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-23 21:16]
.
.
------- Skan uzupełniający -------
.
uStart Page = https://www.google.pl/
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{0E5DA33C-361B-4E2B-9B8D-FEC972C1ABA5}: NameServer = 193.41.112.14 193.41.112.18
TCP: Interfaces\{241243FE-B4EC-4A9E-8E9C-519A83F16864}: NameServer = 193.41.112.14 193.41.112.18
TCP: Interfaces\{32FE4637-BC93-4BEA-AD83-031F94BE0E9C}: NameServer = 193.41.112.14 193.41.112.18
TCP: Interfaces\{9EED20B1-404D-42FD-97D0-71FF9EBAE7FD}: NameServer = 193.41.112.14 193.41.112.18
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2013-09-29  23:53:19
ComboFix-quarantined-files.txt  2013-09-29 21:53
.
Przed: 104 653 860 864 bajtów wolnych
Po: 104 998 821 888 bajtów wolnych
.
- - End Of File - - 87174BE75F819799EEB4A27DF67AF21A
A36C5E4F47E84449FF07ED3517B43A31