ComboFix 16-08-21.02 - Ewa 2016-08-27  20:54:23.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1250.48.1045.18.1014.252 [GMT 2:00]
Uruchomiony z: c:\users\Ewa\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2016-07-27 do 2016-08-27  )))))))))))))))))))))))))))))))
.
.
2016-08-27 19:05 . 2016-08-27 19:05	--------	dc----w-	c:\users\Default\AppData\Local\temp
2016-08-27 18:01 . 2016-08-27 18:24	--------	dc----w-	C:\FRST
2016-08-27 17:32 . 2016-08-27 17:32	--------	dc----w-	c:\users\Ewa\AppData\Local\AVG Web TuneUp
2016-08-27 17:31 . 2016-08-27 17:31	--------	dc----w-	c:\program files\Common Files\AVG Secure Search
2016-08-27 17:31 . 2016-08-27 17:32	--------	dc----w-	c:\programdata\AVG Web TuneUp
2016-08-27 17:31 . 2016-08-27 17:31	--------	dc----w-	c:\program files\AVG Web TuneUp
2016-08-27 17:19 . 2016-08-27 17:19	--------	dc----w-	c:\users\Ewa\AppData\Roaming\AVG
2016-08-27 17:15 . 2016-08-27 17:15	--------	dc----w-	c:\users\Ewa\AppData\Roaming\TuneUp Software
2016-08-27 17:13 . 2016-08-27 17:13	--------	dc----w-	C:\$AVG
2016-08-27 17:08 . 2016-08-27 17:25	--------	dc----w-	c:\programdata\MFAData
2016-08-27 17:08 . 2016-08-27 17:08	--------	dc----w-	c:\users\Ewa\AppData\Local\MFAData
2016-08-27 17:02 . 2016-08-27 17:11	--------	dc----w-	c:\program files\AVG
2016-08-27 17:00 . 2016-08-27 17:13	--------	dc----w-	c:\programdata\Avg
2016-08-27 17:00 . 2016-08-27 17:00	--------	dc-h--w-	c:\programdata\Common Files
2016-08-27 17:00 . 2016-08-27 17:19	--------	dc----w-	c:\users\Ewa\AppData\Local\Avg
2016-08-27 16:43 . 2016-08-27 16:44	--------	dc----w-	c:\program files\CCleaner
2016-08-27 16:23 . 2016-08-27 16:23	2264	-c--a-w-	c:\windows\system32\.tmp
2016-08-04 22:42 . 2016-08-04 22:42	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B255BD2B-BEDF-4334-85F3-82F6D3380FCB}\offreg.5392.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-20 20:36 . 2015-06-07 20:23	95808	-c--a-w-	c:\windows\system32\WindowsAccessBridge.dll
2016-07-19 10:28 . 2016-07-19 10:28	201472	-c--a-w-	c:\windows\system32\drivers\avgmfx86.sys
2016-07-14 17:38 . 2012-03-31 07:11	796352	-c--a-w-	c:\windows\system32\FlashPlayerApp.exe
2016-07-14 17:38 . 2011-05-31 11:28	142528	-c--a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2016-07-12 14:12 . 2016-07-12 14:12	231168	-c--a-w-	c:\windows\system32\drivers\avgtdix.sys
2016-07-02 14:43 . 2016-07-02 14:44	921280	-c--a-w-	c:\windows\ucrtbase.dll
2016-06-30 12:46 . 2016-06-30 12:46	259328	-c--a-w-	c:\windows\system32\drivers\avgidsdriverx.sys
2016-06-20 13:17 . 2016-06-20 13:17	65280	-c--a-w-	c:\windows\system32\drivers\avgunivx.sys
2016-06-01 11:29 . 2016-06-01 11:29	212736	-c--a-w-	c:\windows\system32\drivers\avgldx86.sys
2016-06-01 11:28 . 2016-06-01 11:28	201472	-c--a-w-	c:\windows\system32\drivers\avgidshx.sys
2016-06-01 11:16 . 2016-06-01 11:16	47360	-c--a-w-	c:\windows\system32\drivers\avgrkx86.sys
2014-01-16 21:12 . 2014-01-16 21:12	50063360	-c--a-w-	c:\program files\GUT866E.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2016-08-27 17:30	2260040	-c--a-w-	c:\program files\AVG Web TuneUp\4.3.4.122\AVG Web TuneUp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-07-29 07:34	575448	-c--a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-07-29 07:34	575448	-c--a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-07-29 07:34	575448	-c--a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-08-05 6854360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0400Ext.ax"="c:\windows\system32\V0400Ext.ax" [X]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-05 480608]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-11-10 738616]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-06-22 598552]
"AvgUi"="c:\program files\AVG\Framework\Common\avguirnx.exe" [2016-08-18 187152]
"AVG_UI"="c:\program files\AVG\Av\avuirunnerx.exe" [2016-07-28 32528]
"vProt"="c:\program files\AVG Web TuneUp\vprot.exe" [2016-08-27 2178120]
.
c:\users\Ewa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Powiadomienia monitorowania tuszu - HP DeskJet 2130 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP DeskJet 2130 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN6214816M065V;CONNECTION=USB;MONITOR=1; [2009-7-14 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\Av\avgidsagent.exe [2016-07-28 4097280]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2012-01-22 8192]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312]
R3 AvgAMPS;AvgAMPS;c:\program files\AVG\Av\avgamps.exe [2016-07-28 674552]
R3 cpuz134;cpuz134;c:\users\Ewa\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
R3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\DRIVERS\V0400Vid.sys [2010-01-04 192096]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2016-06-01 201472]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2016-02-16 287008]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2016-06-01 47360]
S0 Avgunivx;AVG Universal Driver;c:\windows\system32\DRIVERS\avgunivx.sys [2016-06-20 65280]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2016-05-13 134912]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2016-06-30 259328]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2015-11-20 31664]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2016-06-01 212736]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2016-07-12 231168]
S2 avgsvc;AVG Service;c:\program files\AVG\Framework\Common\avgsvcx.exe [2016-08-18 911120]
S2 avgwd;AVG WatchDog;c:\program files\AVG\Av\avgwdsvcx.exe [2016-07-28 632632]
S2 ReimageRealTimeProtector;Reimage Real Time Protector;c:\program files\Reimage\Reimage Protector\ReiGuard.exe [2016-08-18 6487408]
S2 vToolbarUpdater40.3.4;vToolbarUpdater40.3.4;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.4\ToolbarUpdater.exe [2016-08-27 1347144]
S2 WtuSystemSupport;WtuSystemSupport;c:\program files\AVG Web TuneUp\WtuSystemSupport.exe [2016-08-27 980040]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-19 7168]
S3 netw5v32;Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows Vista w wersji 32-bitowej;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - AVGDISKX
*NewlyCreated* - AVGIDSDRIVER
*NewlyCreated* - AVGIDSHX
*NewlyCreated* - AVGIDSSHIM
*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGLOGX
*NewlyCreated* - AVGMFX86
*NewlyCreated* - AVGRKX86
*NewlyCreated* - AVGTDIX
*NewlyCreated* - AVGUNIVX
*NewlyCreated* - UXRIIPOW
*Deregistered* - uxriipow
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-08-27 17:03	1262408	-c--a-w-	c:\program files\Google\Chrome\Application\52.0.2743.116\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-06-30 11:55	322232	-c--a-w-	c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Zawartość folderu 'Zaplanowane zadania'
.
2016-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:38]
.
2016-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-12 00:16]
.
2016-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-12 00:16]
.
.
------- Skan uzupełniający -------
.
uStart Page = https://mysearch.avg.com/?cid={E20BE4CD-DBBB-4246-8437-476C18E0590F}&mid=12b8357ba28a47cf8a90d14a3c0ab557-a8f6caf071006f95fd9a7d08687481a55c5de26f&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-08-27 17:31&v=4.3.4.122&pid=wtu&sg=&sap=hp
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Wyślij &do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 62.179.1.60 62.179.1.61
FF - ProfilePath - c:\users\Ewa\AppData\Roaming\Mozilla\Firefox\Profiles\grbrgg7s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search
FF - prefs.js: browser.startup.homepage - hxxp://www.wp.pl/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2016-08-27  21:10:14
ComboFix-quarantined-files.txt  2016-08-27 19:10
.
Przed: 29 572 399 104 bajtów wolnych
Po: 29 708 611 584 bajtów wolnych
.
- - End Of File - - 1861143AC50957D55320EFC10753E960
A36C5E4F47E84449FF07ED3517B43A31