ComboFix 17-05-16.01 - Dawid 2017-06-01 12:50:47.2.4 - x64 Microsoft Windows 8 6.2.9200.0.1250.48.1045.18.3962.2706 [GMT 2:00] Uruchomiony z: c:\users\Dawid\Downloads\ComboFix.exe AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\wininit.ini . . ((((((((((((((((((((((((( Pliki utworzone od 2017-05-01 do 2017-06-01 ))))))))))))))))))))))))))))))) . . 2017-06-01 10:54 . 2017-06-01 10:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2017-06-01 10:54 . 2017-06-01 10:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2017-06-01 10:54 . 2017-06-01 10:54 -------- d-----w- c:\users\Dawid\AppData\Local\temp 2017-06-01 10:49 . 2017-06-01 10:49 44928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D3BE9A1-69BF-459D-91F7-2DA61455ABF8}\MpKsl0101f1a1.sys 2017-06-01 10:41 . 2017-05-07 15:50 322504 ----a-w- c:\program files (x86)\Mozilla Firefox\tobedeleted\moz857E.tmp 2017-06-01 10:20 . 2017-06-01 10:45 -------- d-----w- C:\FRST 2017-06-01 10:18 . 2017-06-01 10:18 -------- d-----w- c:\users\TEMP 2017-06-01 10:16 . 2017-06-01 10:16 -------- d-----w- c:\programdata\Macrovision 2017-05-31 20:51 . 2017-05-31 20:51 -------- d-----w- c:\programdata\PRICache 2017-05-31 20:24 . 2017-05-23 17:54 13020000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D3BE9A1-69BF-459D-91F7-2DA61455ABF8}\mpengine.dll 2017-05-28 16:54 . 2017-05-28 16:54 -------- d-----w- c:\programdata\MathWorks 2017-05-13 17:39 . 2017-05-13 17:40 -------- d-----w- c:\program files (x86)\Google 2017-05-13 17:39 . 2017-05-13 17:47 -------- d-----w- c:\users\Dawid\AppData\Local\Google 2017-05-13 14:09 . 2017-05-13 14:09 -------- d-----w- c:\users\Dawid\AppData\Local\Programs . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2017-04-25 21:53 . 2017-04-25 21:53 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2017-04-07 22:06 . 2016-10-29 22:43 532136 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-10-17 27011712] "Akamai NetSession Interface"="c:\users\Dawid\AppData\Local\Akamai\netsession_win.exe" [2015-09-10 4691384] "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2016-02-02 1283112] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2012-07-25 508656] "331BigDog"="c:\program files (x86)\USB Camera\VM331STI.EXE" [2012-05-02 548864] "YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2012-07-27 136488] "YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2012-07-27 167024] "UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-04-18 217088] "RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432] "GrooveMonitor"="g:\office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "Autodesk Desktop App"="c:\program files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" [2016-07-01 721856] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2017-03-15 587288] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2016-02-02 1283112] . c:\users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Arduino Create Agent.lnk - g:\arduino plugin web\Arduino_Create_Bridge.exe [2017-4-30 13299200] Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - g:\office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632] . c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\ Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2012-9-6 1346936] SolidWorks Pobieracz w tle.lnk - c:\program files (x86)\Common Files\Menedżer instalacji SolidWorks\BackgroundDownloading\sldBgDwld.exe /launch_from 0 [2016-11-27 2740264] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) "ConsentPromptBehaviorUser"= 3 (0x3) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 ew_usbccgpfilter;HwHandSet_CompositeFilter;c:\windows\System32\drivers\ew_usbccgpfilter.sys;c:\windows\SYSNATIVE\drivers\ew_usbccgpfilter.sys [x] R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x] R3 vm331avs;Digital Camera 1;c:\windows\System32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x] S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 MpKsl0101f1a1;MpKsl0101f1a1;c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D3BE9A1-69BF-459D-91F7-2DA61455ABF8}\MpKsl0101f1a1.sys;c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D3BE9A1-69BF-459D-91F7-2DA61455ABF8}\MpKsl0101f1a1.sys [x] S2 AdAppMgrSvc;Autodesk Desktop App Service;c:\program files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe ;c:\program files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [x] S2 BcmBtRSupport;Bluetooth Radio Control Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x] S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x] S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:\program files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe;c:\program files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 mitsijm2017;Menedżer zadań programu Autodesk Simulation Moldflow MITSI 2017;g:\inventor\Inventor 2017\Moldflow\bin\mitsijm.exe;g:\inventor\Inventor 2017\Moldflow\bin\mitsijm.exe [x] S2 UGS License Server (ugslmd);UGS License Server (ugslmd);g:\nx\UGS\UGSLicensing\lmgrd.exe;g:\nx\UGS\UGSLicensing\lmgrd.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys;c:\windows\SYSNATIVE\drivers\AcpiVpc.sys [x] S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x] S3 BthLEEnum;Sterownik funkcji Bluetooth Low Energy;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x] S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] S3 IntcDAud;Audio dla wyświetlaczy Intel(R);c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x] S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x] S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-06-13 1647616] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-06-14 887968] "Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-11-15 17080376] "EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-11-15 191544] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-25 170304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-25 398656] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-25 441152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = IE: E&ksportuj do programu Microsoft Excel - g:\office\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.100.40.4 FF - ProfilePath - c:\users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\1x2xcmp2.default\ . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) SafeBoot-51198878.sys ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll HKLM-Run-SynLenovoGestureMgr - c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . Czas ukończenia: 2017-06-01 12:56:33 ComboFix-quarantined-files.txt 2017-06-01 10:56 ComboFix2.txt 2017-05-30 19:58 . Przed: 19 234 787 328 bytes free Po: 19 182 997 504 bytes free . - - End Of File - - CBE2C446C06EE38A776AC22ED9608DF1