ComboFix 16-03-01.01 - Łukasz 2016-03-03  10:08:53.1.2 - x86
Microsoft Windows 7 Home Basic   6.1.7600.0.1250.48.1045.18.3070.1766 [GMT 1:00]
Uruchomiony z: c:\users\úukasz\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0415.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2016-02-03 do 2016-03-03  )))))))))))))))))))))))))))))))
.
.
2016-03-03 09:18 . 2016-03-03 09:18	--------	d-----w-	c:\users\Default\AppData\Local\temp
2016-03-03 09:14 . 2016-03-03 09:14	--------	d-----w-	c:\users\Łukasz\AppData\Local\TempTaskUpdateDetection24613394-5DF8-47AA-8E9A-7F7A2A3DC433
2016-03-01 09:33 . 2016-03-02 15:31	--------	d-----w-	C:\FRST
2016-02-25 16:50 . 2016-02-25 16:50	--------	d-----w-	c:\programdata\boost_interprocess
2016-02-20 16:02 . 2016-02-20 16:02	--------	d-----w-	c:\users\Łukasz\AppData\Local\Bluestacks
2016-02-20 14:40 . 2016-02-20 14:48	--------	d-----w-	c:\programdata\BlueStacksSetup
2016-02-18 11:02 . 2016-02-18 11:02	--------	d-----w-	c:\program files\SprgFiles
2016-02-02 13:18 . 2016-02-02 13:20	--------	d-----w-	c:\users\Łukasz\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-03 08:29 . 2013-03-23 07:47	16608	----a-w-	c:\windows\gdrv.sys
2016-02-24 15:40 . 2015-04-14 17:08	641304	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2016-02-10 13:13 . 2013-03-13 12:02	796864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2016-02-10 13:13 . 2013-03-13 12:02	142528	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 10:52	23520	----a-w-	c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-08-28 3907152]
"uTorrent"="c:\users\Łukasz\AppData\Roaming\uTorrent\uTorrent.exe" [2016-02-20 2065944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-12-13 11734240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-10-06 597040]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-10-13 2585744]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2015-10-13 1278920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R1 {d0a750c7-0e2e-4426-8c72-dd49c6e52785}Gw;{d0a750c7-0e2e-4426-8c72-dd49c6e52785}Gw;c:\windows\system32\drivers\{d0a750c7-0e2e-4426-8c72-dd49c6e52785}Gw.sys [x]
R2 HiSuiteOuc.exe;HiSuiteOuc.exe;c:\programdata\HiSuiteOuc\HiSuiteOuc.exe [2015-05-20 117552]
R2 HuaweiHiSuiteService.exe;HuaweiHiSuiteService.exe;c:\programdata\HandSetService\HuaweiHiSuiteService.exe [2015-05-20 154928]
R3 HWHandSet;HWUSBSERSP;c:\windows\system32\DRIVERS\hw_quusbmdm.sys [2015-05-07 195200]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-06-24 243128]
S2 ClickToRunSvc;Usługa Szybka instalacja pakietu Microsoft Office;c:\program files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2016-01-19 1904368]
S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2008-07-17 80392]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-10-13 915600]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-06-12 123968]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-10-13 1706128]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-10-13 19775632]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-10-13 18576]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2015-10-13 32912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-12-27 614624]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Zawartość folderu 'Zaplanowane zadania'
.
2016-03-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 13:13]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google/
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Ściągnij przez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Ściągnij wszystkie linki przez IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: mks.com.pl\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Łukasz\AppData\Roaming\Mozilla\Firefox\Profiles\t4af1uqf.default-1436599264032\
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKLM-Run-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
HKLM-Run-BlueStacks Agent - c:\program files\BlueStacks\HD-Agent.exe
AddRemove-Nero - Burning Rom!UninstallKey - c:\program files\Nero\Nero 7\\nero\uninstall\UNNERO.exe
AddRemove-NeroMediaHome!UninstallKey - c:\windows\UNNeroMediaHome.exe
AddRemove-NeroRecode!UninstallKey - c:\windows\UNRecode.exe
AddRemove-NeroShowTime!UninstallKey - c:\windows\UNNeroShowTime.exe
AddRemove-NeroVision!UninstallKey - c:\windows\UNNeroVision.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8664889D-ED18-4713-918F-E2BB69D8452B}"=hex:51,66,7a,6c,4c,1d,38,12,f3,8b,77,
   82,2a,a3,7d,02,ee,99,a1,fb,6c,86,01,3f
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46,
   04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
   02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:3a,de,cb,5f,3b,f0,ce,01
.
[HKEY_USERS\S-1-5-21-3215043942-3594844569-900473125-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C5D00856-AA91-5D20-BEBE-2A48AA64055E}*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3215043942-3594844569-900473125-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:64,14,24,50,a4,ef,8a,a4,d0,04,f4,72,41,ab,b2,3d,a1,99,4d,db,62,7e,ad,
   75,40,17,bb,24,2c,10,aa,30,45,70,f0,dc,57,5c,d2,1f,79,ef,46,85,4f,62,c7,e8,\
"??"=hex:ba,46,a0,c7,20,5a,ce,3c,01,31,14,48,89,db,93,93
.
[HKEY_USERS\S-1-5-21-3215043942-3594844569-900473125-1000\Software\SecuROM\License information*]
"datasecu"=hex:54,5d,71,8c,0d,a1,a6,b5,c1,93,9a,3e,54,c4,41,7f,bd,3b,a2,4b,19,
   6e,c2,09,d6,b6,c0,3e,22,c6,db,62,e6,bc,37,11,10,f4,48,04,ee,90,3c,36,d0,b4,\
"rkeysecu"=hex:0c,6e,f7,bd,fa,86,49,42,3f,7a,5f,62,f8,45,61,75
.
[HKEY_USERS\S-1-5-21-3215043942-3594844569-900473125-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):16,58,21,ac,0b,3d,f5,62,83,9c,6a,36,70,b3,85,d1,8e,99,ce,c6,b2,
   b2,20,fc,3a,81,9b,aa,61,8f,1b,6f,bc,1b,18,32,75,ee,83,ea,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3215043942-3594844569-900473125-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):88,ad,8e,3b,3c,ae,1b,cd,59,ff,01,e6,9f,dc,10,bf,e5,08,98,cc,db,
   84,7b,46,90,2e,c4,ad,87,60,f2,5f,75,9d,2d,93,35,20,47,4b,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3215043942-3594844569-900473125-1000_Classes\CLSID\{acc33d3d-bb4f-40a4-bd97-2d3fb409d986}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000b6
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\
.
[HKEY_USERS\S-1-5-21-3215043942-3594844569-900473125-1000_Classes\CLSID\{c53ca74d-6374-467a-9356-6a9d28a4ca56}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000125
"Therad"=dword:0000000f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2016-03-03  10:20:28
ComboFix-quarantined-files.txt  2016-03-03 09:20
.
Przed: 16 026 628 096 bajtów wolnych
Po: 15 781 773 312 bajtów wolnych
.
- - End Of File - - D0F19229B0EF1AE79F70EC79C7A5C711
A36C5E4F47E84449FF07ED3517B43A31