Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 02.01.2018 Uruchomiony przez Waldek (administrator) DV6 (02-01-2018 16:30:16) Uruchomiony z C:\Users\Waldek\Downloads\Programs Załadowane profile: Waldek (Dostępne profile: Waldek) Platform: Windows 8.1 Pro (Update) (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (ESET) C:\Program Files\ESET\ESET Security\ekrn.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe () C:\Windows\AutoKMS\AutoKMS.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe (ESET) C:\Program Files\ESET\ESET Security\egui.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Corporation) C:\Windows\System32\netsh.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [324352 2017-12-28] (ESET) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] () HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-3143409620-2237551117-509473781-1001\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [5027008 2017-10-26] (Disc Soft Ltd) HKU\S-1-5-21-3143409620-2237551117-509473781-1001\...\MountPoints2: {6554145c-e159-11e7-8266-00238ba7012c} - "G:\setup.exe" -a HKU\S-1-5-21-3143409620-2237551117-509473781-1001\...\MountPoints2: {65541cb7-e159-11e7-8266-00238ba7012c} - "G:\Install.exe" HKU\S-1-5-21-3143409620-2237551117-509473781-1001\...\MountPoints2: {7bba9a26-d293-11e7-8260-00238ba7012c} - "G:\setup.exe" BootExecute: autocheck autochk * BootDefrag.exe GroupPolicy: Ograniczenia - Chrome <==== UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\Parameters: [DhcpNameServer] 62.179.1.63 62.179.1.62 Tcpip\..\Interfaces\{77D3C311-8E16-438F-B516-BEC4EB4F5627}: [DhcpNameServer] 62.179.1.63 62.179.1.62 Internet Explorer: ================== HKU\S-1-5-21-3143409620-2237551117-509473781-1001\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-3143409620-2237551117-509473781-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-09-22] (Internet Download Manager, Tonec Inc.) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-09-22] (Internet Download Manager, Tonec Inc.) FireFox: ======== FF DefaultProfile: t1lm6npp.default-1513777746354 FF ProfilePath: C:\Users\Waldek\AppData\Roaming\Mozilla\Firefox\Profiles\t1lm6npp.default-1513777746354 [2017-12-31] FF Homepage: Mozilla\Firefox\Profiles\t1lm6npp.default-1513777746354 -> moz-extension://feab6e42-83b6-4ecc-92fb-70e9c42f6ab8/newtab.html FF NetworkProxy: Mozilla\Firefox\Profiles\t1lm6npp.default-1513777746354 -> type", 4 FF NewTabOverride: Mozilla\Firefox\Profiles\t1lm6npp.default-1513777746354 -> Enabled: pavel.sherbakov@gmail.com FF Extension: (MegaBonus - up to 40% cash back) - C:\Users\Waldek\AppData\Roaming\Mozilla\Firefox\Profiles\t1lm6npp.default-1513777746354\Extensions\ext@alibonus.com.xpi [2017-12-23] FF Extension: (To Google Translate) - C:\Users\Waldek\AppData\Roaming\Mozilla\Firefox\Profiles\t1lm6npp.default-1513777746354\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2017-12-20] FF Extension: (New Tab Page) - C:\Users\Waldek\AppData\Roaming\Mozilla\Firefox\Profiles\t1lm6npp.default-1513777746354\Extensions\pavel.sherbakov@gmail.com.xpi [2017-12-20] FF Extension: (LastPass: Free Password Manager) - C:\Users\Waldek\AppData\Roaming\Mozilla\Firefox\Profiles\t1lm6npp.default-1513777746354\Extensions\support@lastpass.com.xpi [2017-12-20] FF Extension: (uBlock Origin) - C:\Users\Waldek\AppData\Roaming\Mozilla\Firefox\Profiles\t1lm6npp.default-1513777746354\Extensions\uBlock0@raymondhill.net.xpi [2017-12-20] FF Extension: (Screengrab!) - C:\Users\Waldek\AppData\Roaming\Mozilla\Firefox\Profiles\t1lm6npp.default-1513777746354\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2017-12-20] FF HKU\S-1-5-21-3143409620-2237551117-509473781-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi FF Extension: (Brak nazwy) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-10-06] FF HKU\S-1-5-21-3143409620-2237551117-509473781-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Waldek\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\Waldek\AppData\Roaming\IDM\idmmzcc5 [2017-11-11] [Przestarzałe] [Brak podpisu cyfrowego] FF HKU\S-1-5-21-3143409620-2237551117-509473781-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26] [Przestarzałe] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Brak pliku] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Brak pliku] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Brak pliku] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Brak pliku] FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 11\npnitromozilla.dll [2017-07-16] (Nitro Software, Inc.) FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2017-11-12] ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-24] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-24] (Google Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems) Chrome: ======= CHR NewTab: Default -> Active:"chrome-extension://llaficoajjainaijghjlofdfmbjpebpa/newtab.html" CHR DefaultSearchKeyword: Default -> lp CHR Profile: C:\Users\Waldek\AppData\Local\Google\Chrome\User Data\Default [2018-01-02] CHR Extension: (Screenshot stron www - Screenshot Extension) - C:\Users\Waldek\AppData\Local\Google\Chrome\User Data\Default\Extensions\akgpcdalpfphjmfifkmfbpdmgdmeeaeo [2017-11-28] CHR Extension: (Dysk Google) - C:\Users\Waldek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-11] CHR Extension: (MEGA) - C:\Users\Waldek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-12-31] CHR Extension: (YouTube) - C:\Users\Waldek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-11] CHR Extension: (uBlock Origin) - C:\Users\Waldek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-12-20] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Waldek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-11-17] CHR Extension: (prognoza pogody) - C:\Users\Waldek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilplgkffabihgbaidmhnhdfaoagddccn [2017-11-13] CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\Waldek\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2017-11-11] CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Waldek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2018-01-02] CHR Extension: (IDM Integration Module) - C:\Users\Waldek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-12-28] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Waldek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-11] CHR Extension: (Gmail) - C:\Users\Waldek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-11] CHR Extension: (Chrome Media Router) - C:\Users\Waldek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-12] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-10-06] CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-10-06] CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated) R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) [Brak podpisu cyfrowego] R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated) R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122728 2017-09-04] (AOMEI Tech Co., Ltd.) R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [Brak podpisu cyfrowego] S3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe [5680320 2017-10-26] (Disc Soft Ltd) R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1940584 2017-12-28] (ESET) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) S3 NitroUpdateService; C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe [420040 2017-07-16] (Nitro Software, Inc.) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2013-12-04] (IDT, Inc.) [Brak podpisu cyfrowego] R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269912 2017-08-24] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-08-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-08-30] (Microsoft Corporation) S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate(CPC)\Transfer\DriverInstall.exe [89088 2017-11-06] (Wondershare) [Brak podpisu cyfrowego] S3 FoxitReaderService; "C:\Program Files (x86)\Foxit Reader\FoxitConnectedPDFService.exe" [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2016-12-21] () R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [171952 2016-12-21] () R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [38320 2017-09-01] () R0 BootDefragDriver; C:\WINDOWS\System32\drivers\BootDefragDriver.sys [17600 2017-11-17] (Glarysoft Ltd) R3 dtultrascsibus; C:\WINDOWS\System32\drivers\dtultrascsibus.sys [30264 2017-11-11] (Disc Soft Ltd) R3 dtultrausbbus; C:\WINDOWS\System32\drivers\dtultrausbbus.sys [47672 2017-11-11] (Disc Soft Ltd) R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [134368 2017-12-04] (ESET) R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107328 2017-12-04] (ESET) S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15392 2017-10-09] (ESET) R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180088 2017-12-04] (ESET) R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50744 2017-12-04] (ESET) R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [81880 2017-12-04] (ESET) R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [106304 2017-12-04] (ESET) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-12-25] () R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2017-12-31] (Glarysoft Ltd) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.) S3 johci; C:\WINDOWS\System32\drivers\johci.sys [26208 2012-07-16] (JMicron Technology Corp.) S3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-31] (Malwarebytes) S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-31] (Malwarebytes) S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-31] (Malwarebytes) R1 NetworkX; C:\WINDOWS\system32\ckldrv.sys [28664 2008-03-17] () R1 NetworkX; C:\Windows\SysWOW64\ckldrv.sys [31846 2006-01-10] () [Brak podpisu cyfrowego] R3 VCSVADHWSer; C:\WINDOWS\system32\DRIVERS\vcsvad.sys [29320 2015-10-01] (AVSOFT Corp.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-08-30] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-08-30] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-08-30] (Microsoft Corporation) S3 AndnetBus; \SystemRoot\System32\drivers\lgandnetbus64.sys [X] S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X] S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X] S3 ohci1394; \SystemRoot\System32\drivers\ohci1394.sys [X] S2 WCMVCAM; \SystemRoot\system32\DRIVERS\wcmvcam64.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-01-02 16:29 - 2018-01-02 16:30 - 000000000 ____D C:\FRST 2018-01-02 16:23 - 2018-01-02 16:31 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3143409620-2237551117-509473781-1001 2018-01-02 16:10 - 2018-01-02 16:24 - 000000000 ____D C:\AdwCleaner 2018-01-02 16:02 - 2018-01-02 16:02 - 000000266 __RSH C:\Users\Waldek\ntuser.pol 2018-01-02 15:58 - 2018-01-02 16:04 - 000000000 ____D C:\Disk 2018-01-02 15:58 - 2018-01-02 15:58 - 000024706 _____ C:\WINDOWS\System32\Tasks\{0E0B0F47-7878-0A0D-7811-7F090D7D110D} 2018-01-02 15:58 - 2018-01-02 15:58 - 000000000 ____D C:\Windat 2018-01-02 15:57 - 2018-01-02 15:57 - 000140800 _____ C:\Users\Waldek\AppData\Local\installer.dat 2018-01-02 15:57 - 2018-01-02 15:57 - 000015872 _____ () C:\Users\Waldek\AppData\Roaming\U8XHNAE.exe 2018-01-02 15:57 - 2018-01-02 15:57 - 000007680 _____ (Magic Partition Manager NFTS) C:\Users\Waldek\AppData\Roaming\7AU26RM.exe 2018-01-02 15:57 - 2018-01-02 15:57 - 000001810 _____ C:\Users\Waldek\AppData\Roaming\U8XHNAE.exe.config 2018-01-02 15:57 - 2018-01-02 15:57 - 000001810 _____ C:\Users\Waldek\AppData\Roaming\7AU26RM.exe.config 2018-01-02 15:57 - 2018-01-02 15:57 - 000000000 ____D C:\Program Files (x86)\Multitimer 2018-01-02 15:56 - 2018-01-02 15:56 - 000000000 ____D C:\Program Files (x86)\Microsoft Toolkit Final 2018-01-02 12:42 - 2018-01-02 16:23 - 000003754 _____ C:\WINDOWS\System32\Tasks\AutoKMS 2018-01-02 12:42 - 2018-01-02 12:50 - 000000000 ____D C:\WINDOWS\AutoKMS 2018-01-02 12:40 - 2018-01-02 12:40 - 000000000 ____D C:\ProgramData\Microsoft Toolkit 2018-01-02 12:38 - 2016-04-14 14:14 - 005631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_40.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 005554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 005425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_41.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 005081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 005073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 004992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_39.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 004991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_38.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 004910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_37.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 004496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 004494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 004398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 003977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 003927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 003830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 003823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 003815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 003807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 003767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 003544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 002605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 002582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 002526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 002475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_42.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 002430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 002401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_43.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 001942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 001941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 001907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 001860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_2.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll 2018-01-02 12:38 - 2016-04-14 14:14 - 000016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 005501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 004379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_40.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 004178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_41.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 003851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_39.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 003850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_38.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 003786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_37.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 003734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 003727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 003497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 003495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 003426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 002414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 002388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 002337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 002332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 002323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 002319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 002297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 002222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 002106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 002036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 002006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcompiler_36.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 001998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_43.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 001985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcompiler_35.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 001974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 001892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_42.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 001846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 001493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 001491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 001420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 001401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcompiler_34.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 001400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcompiler_33.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 001374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcompiler_36.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 001358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcompiler_35.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 001124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcompiler_34.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 001123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcompiler_33.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_2.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll 2018-01-02 12:37 - 2016-04-14 14:14 - 000014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll 2018-01-02 10:17 - 2018-01-02 10:17 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign6a7f3269515fdf62 2018-01-02 10:16 - 2018-01-02 10:16 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsignfbc5714c77c10fb5 2018-01-02 10:14 - 2018-01-02 10:14 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsigndb263cc16b27858b 2018-01-02 10:09 - 2018-01-02 10:09 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsigndc0f8e40f181d8dc 2018-01-02 10:09 - 2018-01-02 10:09 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign6dcf3838f82e026b 2018-01-02 10:09 - 2018-01-02 10:09 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign20496a4a43bf78d4 2018-01-02 09:34 - 2018-01-02 09:34 - 000000000 ____D C:\Users\Waldek\AppData\Local\Nuance 2018-01-02 09:34 - 2018-01-02 09:34 - 000000000 ____D C:\Users\Waldek\AppData\Local\MS 2018-01-02 09:34 - 2018-01-02 09:34 - 000000000 ____D C:\Users\Waldek\AppData\Local\Investintech.com Inc 2018-01-02 09:34 - 2018-01-02 09:34 - 000000000 ____D C:\ProgramData\Nuance 2018-01-02 09:21 - 2018-01-02 09:30 - 000000000 ____D C:\Program Files (x86)\MSECache 2018-01-01 00:45 - 2018-01-01 00:45 - 000000000 ___HD C:\$WINDOWS.~BT 2017-12-31 23:12 - 2018-01-01 00:44 - 000000000 ____D C:\Users\Waldek\Desktop\NET 2017-12-31 22:39 - 2017-12-31 22:40 - 000000000 ____D C:\sources 2017-12-31 22:31 - 2017-12-31 22:57 - 000000000 __RHD C:\ESD 2017-12-31 21:01 - 2017-12-31 21:02 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-12-31 21:01 - 2017-12-31 21:01 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-12-31 21:01 - 2017-12-31 21:01 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-12-31 17:17 - 2017-12-31 17:17 - 000000000 ____D C:\ProgramData\GlarySoft 2017-12-31 17:14 - 2017-12-15 10:55 - 000124920 _____ (Glarysoft Ltd) C:\WINDOWS\system32\BootDefrag.exe 2017-12-31 17:14 - 2017-11-17 11:57 - 000017600 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\BootDefragDriver.sys 2017-12-31 16:56 - 2018-01-01 19:08 - 000000000 ____D C:\Users\Waldek\AppData\Roaming\DiskDefrag 2017-12-31 16:56 - 2017-12-31 17:16 - 000000000 ____D C:\Users\Waldek\AppData\Roaming\GlarySoft 2017-12-31 16:56 - 2017-12-31 16:56 - 000020160 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUBootStartup.sys 2017-12-31 16:56 - 2017-12-31 16:56 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 2017-12-31 16:54 - 2017-12-31 16:54 - 000000000 ____D C:\Users\Waldek\Downloads\Glary Utilities Pro 5.90.0.111 RePack (& Portable) by elchupacabra 2017-12-31 16:19 - 2017-12-31 16:19 - 000000000 ____D C:\Users\Waldek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder 2017-12-31 14:33 - 2017-12-31 19:31 - 000000000 ____D C:\Program Files (x86)\4dots Software 2017-12-31 14:25 - 2017-12-31 14:25 - 000001021 _____ C:\Users\Public\Desktop\UltraISO.lnk 2017-12-31 14:25 - 2017-12-31 14:25 - 000000000 ____D C:\Users\Waldek\Documents\My ISO Files 2017-12-31 14:25 - 2017-12-31 14:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO 2017-12-31 14:25 - 2017-12-31 14:25 - 000000000 ____D C:\Program Files (x86)\UltraISO 2017-12-31 13:55 - 2017-12-31 13:55 - 000000000 ____D C:\Program Files\DVDVideoMedia 2017-12-31 13:50 - 2017-12-31 13:50 - 000000000 ____D C:\Users\Waldek\AppData\Roaming\Thinstall 2017-12-31 13:50 - 2017-12-31 13:50 - 000000000 ____D C:\Users\Waldek\AppData\Local\Thinstall 2017-12-31 12:06 - 2017-12-31 12:06 - 000000000 ____D C:\Users\Waldek\AppData\Roaming\Xilisoft 2017-12-31 11:56 - 2017-12-31 11:56 - 000000000 ____D C:\Users\Waldek\AppData\Local\Meltytech 2017-12-31 11:32 - 2017-12-31 11:32 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign72514c15c0dea71b 2017-12-31 11:32 - 2017-12-31 11:32 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign17bf1925e0ceb835 2017-12-31 11:31 - 2017-12-31 11:31 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign94c43a6c0c331e0d 2017-12-31 11:31 - 2017-12-31 11:31 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign15f69d6f1bb3c60b 2017-12-31 11:24 - 2017-12-31 11:25 - 065429535 _____ C:\Users\Waldek\Downloads\1602967.mp4 2017-12-31 11:24 - 2017-12-31 11:24 - 000000000 ____D C:\Users\Waldek\Downloads\VideoHive - Happy New Year 2017-12-30 09:09 - 2017-12-30 09:09 - 000000000 ____D C:\Users\Waldek\AppData\Roaming\HD Tune Pro 2017-12-30 09:08 - 2017-12-31 19:29 - 000000000 ____D C:\Program Files (x86)\HD Tune Pro 2017-12-30 09:07 - 2017-12-30 09:09 - 000000000 ____D C:\Users\Waldek\Downloads\HD Tune Pro 5.70 Retai RU_EN 2017-12-28 22:34 - 2017-12-31 16:57 - 000000000 ____D C:\Users\Waldek\AppData\Roaming\uTorrent 2017-12-28 21:46 - 2017-12-28 21:46 - 000000000 ____D C:\ProgramData\Isolated Storage 2017-12-28 21:37 - 2017-12-28 21:43 - 000000000 ____D C:\Users\Waldek\Desktop\Vivid WorkshopData 2017-12-28 20:23 - 2017-12-28 20:23 - 000001962 _____ C:\Users\Waldek\Desktop\ekAzek Download.lnk 2017-12-28 14:36 - 2017-12-28 14:36 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign4193080c085dd7f6 2017-12-28 14:35 - 2017-12-28 14:35 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsigna6e6653cd65b54c6 2017-12-28 14:35 - 2017-12-28 14:35 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign24c17a7eccbee8de 2017-12-28 10:48 - 2017-12-28 10:48 - 000000000 ____D C:\Users\Waldek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\nodongle.biz 2017-12-28 10:48 - 2017-12-28 10:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nodongle.biz 2017-12-27 23:23 - 2006-09-22 00:33 - 000069632 _____ (CrypKey (Canada) Ltd.) C:\WINDOWS\SysWOW64\Crypserv.exe 2017-12-27 23:23 - 2006-01-10 03:47 - 000031846 _____ C:\WINDOWS\SysWOW64\Ckldrv.sys 2017-12-26 19:47 - 2017-12-28 14:19 - 000000000 ____D C:\Users\Waldek\AppData\Roaming\LG Electronics 2017-12-26 19:41 - 2017-12-28 14:19 - 000000000 ____D C:\Users\Waldek\AppData\Local\LG Electronics 2017-12-25 12:49 - 2017-12-26 19:52 - 000001024 ____H C:\SYSTAG.BIN 2017-12-25 12:48 - 2018-01-02 16:26 - 000000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat 2017-12-25 12:48 - 2017-12-25 13:57 - 000000000 ____D C:\ProgramData\AomeiBR 2017-12-25 12:48 - 2017-12-25 12:48 - 000001075 _____ C:\Users\Public\Desktop\AOMEI Backupper Professional.lnk 2017-12-25 12:48 - 2017-12-25 12:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper 2017-12-25 12:47 - 2018-01-02 16:26 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper 2017-12-25 12:47 - 2017-09-01 18:12 - 000038320 _____ C:\WINDOWS\system32\amwrtdrv.sys 2017-12-25 12:47 - 2016-12-21 22:54 - 000051120 _____ C:\WINDOWS\system32\ambakdrv.sys 2017-12-25 12:47 - 2016-12-21 22:52 - 000171952 _____ C:\WINDOWS\system32\ammntdrv.sys 2017-12-25 10:16 - 2017-12-25 10:19 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-12-25 10:16 - 2017-12-25 10:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-12-25 10:16 - 2017-12-25 10:16 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-12-25 10:16 - 2017-12-25 10:16 - 000000000 ____D C:\Program Files\Malwarebytes 2017-12-25 09:33 - 2017-12-26 19:52 - 000000032 _____ C:\WINDOWS\SysWOW64\Eu(13-20171201).OD 2017-12-25 09:33 - 2017-12-25 09:33 - 000000000 ____D C:\ProgramData\SystemAcCrux 2017-12-25 09:13 - 2017-12-25 09:13 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsigna75663a21cbaf8d3 2017-12-25 09:12 - 2017-12-25 09:12 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign010800f62487184e 2017-12-25 09:11 - 2017-12-25 09:11 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign602de24f291b8d85 2017-12-25 09:11 - 2017-12-25 09:11 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign1a607dd557c5957d 2017-12-24 22:35 - 2018-01-02 16:06 - 000002295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-12-24 22:01 - 2017-12-24 22:01 - 000000000 ____D C:\Users\Waldek\AppData\Roaming\Obsidium 2017-12-24 17:14 - 2017-12-24 17:14 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsigne42a8a4d57b36cfa 2017-12-24 17:14 - 2017-12-24 17:14 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign50a96df104ce1339 2017-12-24 17:14 - 2017-12-24 17:14 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign06a0c7d38adb8e76 2017-12-24 16:59 - 2017-12-24 16:59 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign41c46d75af2398e2 2017-12-24 16:55 - 2017-12-24 16:55 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign5a631898f8bf9501 2017-12-24 16:54 - 2017-12-24 16:54 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsignd954a529fcc9ce60 2017-12-24 16:54 - 2017-12-24 16:54 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign97347ac5346b0dd7 2017-12-23 20:35 - 2017-12-23 20:35 - 000000000 ____D C:\Users\Waldek\Documents\Audacity 2017-12-23 20:28 - 2017-12-31 13:49 - 000000000 ____D C:\Users\Waldek\AppData\Roaming\audacity 2017-12-23 20:28 - 2017-12-23 20:28 - 000001033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2017-12-23 20:28 - 2017-12-23 20:28 - 000000000 ____D C:\Users\Waldek\AppData\Local\Audacity 2017-12-23 20:27 - 2017-12-23 20:28 - 000000000 ____D C:\Program Files (x86)\Audacity 2017-12-23 20:14 - 2017-12-23 20:14 - 000000000 ____D C:\Users\Waldek\AppData\Roaming\Avnex 2017-12-23 20:13 - 2015-10-01 18:22 - 000029320 _____ (AVSOFT Corp.) C:\WINDOWS\system32\Drivers\vcsvad.sys 2017-12-23 20:07 - 2017-12-23 20:08 - 001594700 _____ C:\Users\Waldek\Documents\RecordMorphOutput.wav 2017-12-23 19:52 - 2017-12-24 20:32 - 000000000 ____D C:\Users\Waldek\AppData\Roaming\Screaming Bee 2017-12-23 19:52 - 2017-12-24 20:32 - 000000000 ____D C:\ProgramData\Screaming Bee 2017-12-23 19:40 - 2017-12-30 13:22 - 000000000 ____D C:\Users\Waldek\Desktop\Nowy folder (3) 2017-12-23 09:28 - 2018-01-02 16:10 - 000003968 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{32289869-2E54-42D9-B220-EB53E1560B70} 2017-12-22 13:55 - 2018-01-02 15:59 - 000004584 __RSH C:\ProgramData\ntuser.pol 2017-12-22 13:55 - 2017-12-22 13:55 - 000967800 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Waldek\Downloads\rufus-2.18.exe 2017-12-22 13:49 - 2017-12-22 13:49 - 000000000 ____D C:\Users\Waldek\Documents\Ashampoo Burning Studio 18 2017-12-21 22:20 - 2017-12-21 22:41 - 000000000 ____D C:\Users\Waldek\Desktop\Nowy folder (2) 2017-12-20 14:49 - 2018-01-02 16:06 - 000000950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-12-20 14:48 - 2017-12-20 14:49 - 000000000 ____D C:\Program Files\Mozilla Firefox 2017-12-20 14:48 - 2017-12-20 14:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-12-20 09:42 - 2017-12-27 23:23 - 000000201 _____ C:\WINDOWS\Crypkey.ini 2017-12-20 09:42 - 2011-01-28 21:06 - 000000000 ____D C:\ProgramData\organiser 2017-12-20 09:42 - 2008-05-08 00:29 - 000122880 _____ (CrypKey (Canada) Ltd.) C:\WINDOWS\system32\Crypserv.exe 2017-12-20 09:42 - 2008-03-17 18:12 - 000028664 _____ C:\WINDOWS\system32\Ckldrv.sys 2017-12-20 09:42 - 1999-06-18 22:49 - 000165888 _____ (Kenonic Controls) C:\WINDOWS\Ckconfig.exe 2017-12-20 09:42 - 1996-05-03 18:21 - 000027648 ____R C:\WINDOWS\Setup_ck.exe 2017-12-20 09:42 - 1996-05-03 16:36 - 000018432 _____ C:\WINDOWS\Setup_ck.dll 2017-12-20 09:42 - 1995-07-04 19:33 - 000011776 _____ C:\WINDOWS\Ckrfresh.exe 2017-12-20 09:37 - 2017-12-20 09:42 - 000000000 ___HD C:\Program Files (x86)\Zero G Registry 2017-12-20 09:36 - 2017-12-20 09:36 - 000000000 ___HD C:\Users\Waldek\InstallAnywhere 2017-12-19 17:02 - 2017-12-19 17:02 - 000000000 ____D C:\Users\Waldek\AppData\Local\Letty 2017-12-17 16:40 - 2017-12-17 16:40 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Motousbnet_01007.Wdf 2017-12-17 16:40 - 2017-12-17 16:40 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_motfilt_01007.Wdf 2017-12-17 16:39 - 2017-12-17 16:39 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2017-12-17 16:39 - 2017-12-17 16:39 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_motmodem_01007.Wdf 2017-12-17 16:37 - 2017-12-17 16:37 - 000000000 ____D C:\Program Files\Common Files\Motorola Shared 2017-12-15 08:15 - 2017-12-15 08:15 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign6f2a25279fabe182 2017-12-15 08:15 - 2017-12-15 08:15 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign6da65a6c9452cf93 2017-12-15 08:15 - 2017-12-15 08:15 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign699fd37b8f70046c 2017-12-14 08:43 - 2017-12-14 08:43 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsignead1f046f1c05cab 2017-12-14 08:43 - 2017-12-14 08:43 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign36bde569a8e9c0bd 2017-12-14 08:42 - 2017-12-14 08:42 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsignfb924dc92465ad61 2017-12-14 08:42 - 2017-12-14 08:42 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsigneae4bd5e0247c596 2017-12-14 08:26 - 2017-12-23 20:08 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2017-12-14 08:26 - 2017-12-22 15:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2017-12-14 08:26 - 2017-12-22 15:08 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2017-12-13 19:31 - 2017-11-14 04:57 - 025731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-12-13 19:31 - 2017-11-14 04:25 - 005925888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-12-13 19:31 - 2017-11-14 04:20 - 000817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2017-12-13 19:31 - 2017-11-14 03:48 - 015267328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-12-13 19:31 - 2017-11-14 03:27 - 001544192 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-12-13 19:31 - 2017-11-14 02:37 - 013679616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-12-13 19:31 - 2017-11-14 02:10 - 020269056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-12-13 19:31 - 2017-11-07 21:39 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2017-12-13 19:31 - 2017-11-07 21:27 - 004509696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-12-13 19:31 - 2017-11-07 21:01 - 001313280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-12-13 19:31 - 2017-10-14 08:23 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2017-12-13 19:31 - 2017-10-14 08:17 - 003717632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-12-13 19:31 - 2017-10-14 07:19 - 000780800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2017-12-13 19:30 - 2017-11-17 16:37 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2017-12-13 19:30 - 2017-11-14 04:30 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-12-13 19:30 - 2017-11-14 03:55 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2017-12-13 19:30 - 2017-11-14 03:48 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2017-12-13 19:30 - 2017-11-14 03:39 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-12-13 19:30 - 2017-11-14 03:16 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2017-12-13 19:30 - 2017-11-14 01:32 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2017-12-13 19:30 - 2017-11-08 16:55 - 000032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys 2017-12-13 19:30 - 2017-11-07 22:15 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll 2017-12-13 19:30 - 2017-11-07 21:49 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll 2017-12-13 19:30 - 2017-11-07 21:46 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll 2017-12-13 19:30 - 2017-11-07 21:29 - 001080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2017-12-13 19:30 - 2017-11-07 21:27 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll 2017-12-13 19:30 - 2017-11-07 21:22 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2017-12-13 19:30 - 2017-11-07 21:18 - 000694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2017-12-13 19:30 - 2017-11-07 21:08 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2017-12-13 19:30 - 2017-11-07 21:04 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-12-13 19:30 - 2017-11-07 21:02 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2017-12-13 19:30 - 2017-11-07 20:58 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2017-12-13 19:30 - 2017-10-18 18:14 - 000136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2017-12-13 19:30 - 2017-10-14 08:55 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2017-12-13 19:30 - 2017-10-14 08:29 - 001436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-12-13 19:30 - 2017-10-14 07:41 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2017-12-13 19:30 - 2017-10-10 17:39 - 001192960 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2017-12-13 19:30 - 2017-10-10 17:29 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2017-12-13 19:30 - 2017-10-10 16:42 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2017-12-13 19:30 - 2017-10-10 15:58 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2017-12-12 09:16 - 2017-12-12 09:16 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign6cc04b01b77d0650 2017-12-12 09:16 - 2017-12-12 09:16 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign55327716835032bf 2017-12-12 09:16 - 2017-12-12 09:16 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign1b0646def5b36ef8 2017-12-12 09:14 - 2017-12-12 09:14 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign9a0c8ad84968dc2b 2017-12-12 09:14 - 2017-12-12 09:14 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign84bdeb08c2032880 2017-12-12 09:13 - 2017-12-12 09:13 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign0f8895ec85ce4031 2017-12-12 09:11 - 2017-12-12 09:11 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsigne12c186152f6e7a9 2017-12-12 09:11 - 2017-12-12 09:11 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsigndfbd4cb249b9adbe 2017-12-12 09:11 - 2017-12-12 09:11 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsignd9aebba2ab8262e7 2017-12-12 09:11 - 2017-12-12 09:11 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsignabb556d4a1c56a00 2017-12-12 09:11 - 2017-12-12 09:11 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign52a256e1a66d9205 2017-12-12 09:02 - 2017-12-12 09:02 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsignb497982345065656 2017-12-12 09:01 - 2017-12-12 09:01 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign1155013866a678c9 2017-12-12 08:51 - 2017-12-12 08:51 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsignf4774fa05c416699 2017-12-12 08:50 - 2017-12-12 08:50 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign9884d4ee27d28cf9 2017-12-12 08:49 - 2017-12-12 08:49 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsignf7199bba833b8f7c 2017-12-12 08:49 - 2017-12-12 08:49 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign8c8f1e637e02c372 2017-12-08 15:02 - 2017-12-08 15:02 - 000000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2017-12-08 15:02 - 2017-12-08 15:02 - 000000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2017-12-08 09:26 - 2017-12-08 09:38 - 000000000 ____D C:\Users\Waldek\Downloads\Desktop Wallpapers Full HD. Part (110) 2017-12-06 13:09 - 2017-12-06 13:09 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsignfa8d1113e4153296 2017-12-06 13:09 - 2017-12-06 13:09 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsigndd97d80644862329 2017-12-06 13:09 - 2017-12-06 13:09 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign9e2aa274c7c872b5 2017-12-06 13:09 - 2017-12-06 13:09 - 000000000 ____D C:\Users\Waldek\AppData\Local\Tempzxpsign753a3256767782d4 2017-12-04 18:21 - 2017-12-04 18:21 - 000000000 _____ C:\Users\Waldek\AppData\Local\{78EB34F4-F705-4D40-8086-50A50829798A} ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2018-01-02 16:30 - 2017-11-11 19:09 - 000000000 ____D C:\Users\Waldek\AppData\Roaming\DMCache 2018-01-02 16:26 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-01-02 16:02 - 2017-11-11 17:33 - 000000000 ____D C:\Users\Waldek 2018-01-02 16:00 - 2013-08-22 16:20 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-01-02 15:58 - 2013-08-22 16:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2018-01-02 15:56 - 2017-11-01 11:16 - 000000000 ____D C:\Users\Waldek\Downloads\Compressed 2018-01-02 12:49 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf 2018-01-02 10:56 - 2014-11-21 05:46 - 002441572 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-01-02 10:56 - 2014-11-21 05:07 - 001123058 _____ C:\WINDOWS\system32\perfh015.dat 2018-01-02 10:56 - 2014-11-21 05:07 - 000267994 _____ C:\WINDOWS\system32\perfc015.dat 2018-01-01 21:28 - 2017-11-01 11:16 - 000000000 ____D C:\Users\Waldek\Downloads\Video 2018-01-01 00:45 - 2017-11-11 17:33 - 000001908 _____ C:\WINDOWS\diagwrn.xml 2018-01-01 00:45 - 2017-11-11 17:33 - 000001908 _____ C:\WINDOWS\diagerr.xml 2018-01-01 00:25 - 2017-11-11 19:09 - 000000000 ____D C:\Users\Waldek\AppData\Roaming\IDM 2017-12-31 19:46 - 2017-11-17 11:06 - 000000000 ____D C:\ProgramData\TEMP 2017-12-31 17:05 - 2017-11-13 10:52 - 000000000 ____D C:\Users\Waldek\AppData\Roaming\AIMP 2017-12-31 11:30 - 2017-11-13 10:52 - 000000000 ____D C:\Users\Waldek\AppData\Roaming\MiniLyrics 2017-12-31 09:23 - 2017-11-11 21:38 - 000000000 ____D C:\Users\Waldek\AppData\Local\Adobe 2017-12-28 21:36 - 2008-01-01 09:53 - 000008400 _____ C:\WINDOWS\system32\esnecil.ind 2017-12-28 21:36 - 2008-01-01 09:53 - 000000004 _____ C:\WINDOWS\vx86036.dat 2017-12-28 20:23 - 2017-11-27 16:28 - 000000000 ____D C:\Users\Waldek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ekAzek Download 2017-12-28 20:23 - 2017-11-27 16:28 - 000000000 ____D C:\Users\Waldek\AppData\Roaming\ekAzek Download 2017-12-28 20:23 - 2017-11-27 16:28 - 000000000 ____D C:\Program Files (x86)\ekAzek Download 2017-12-28 14:28 - 2017-11-27 09:00 - 000000000 ____D C:\Users\Waldek\Downloads\RTL Ski Jumping 2007 PL (CraCk) 2017-12-25 09:33 - 2017-11-19 22:24 - 000000000 ____D C:\Users\Waldek\AppData\LocalLow\Mozilla 2017-12-24 22:35 - 2017-11-11 17:55 - 000000000 ____D C:\Program Files (x86)\Google 2017-12-24 21:48 - 2017-11-27 07:47 - 000000000 ____D C:\ProgramData\DAEMON Tools Pro 2017-12-24 20:30 - 2017-11-17 17:11 - 000000000 ____D C:\ProgramData\Package Cache 2017-12-23 08:06 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\NDF 2017-12-22 15:24 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-12-22 13:55 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2017-12-22 10:26 - 2013-08-22 14:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI 2017-12-21 19:30 - 2017-11-11 20:45 - 000000000 ____D C:\ProgramData\Ashampoo 2017-12-19 14:34 - 2017-11-18 18:33 - 000000000 ____D C:\Users\Waldek\AppData\Local\ElevatedDiagnostics 2017-12-15 08:18 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\rescache 2017-12-15 06:34 - 2013-08-22 15:44 - 000585784 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-12-14 14:15 - 2017-11-11 23:17 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-12-14 14:10 - 2017-11-11 23:17 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2017-12-14 14:10 - 2017-11-11 23:17 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-12-12 08:14 - 2013-08-22 16:36 - 000000000 ___HD C:\Program Files\WindowsApps 2017-12-08 15:02 - 2017-11-17 17:07 - 000000000 ____D C:\Program Files (x86)\Adobe 2017-12-08 15:02 - 2017-11-11 21:40 - 000000000 ____D C:\ProgramData\Adobe 2017-12-08 15:02 - 2017-11-11 17:39 - 000000000 ____D C:\Users\Waldek\AppData\Roaming\Adobe 2017-12-08 09:51 - 2017-11-11 20:29 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-12-06 16:17 - 2017-11-27 10:25 - 000000000 ____D C:\Program Files (x86)\Skijumping 2007 2017-12-04 17:23 - 2014-11-21 10:04 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-12-04 17:23 - 2014-11-21 10:04 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-12-04 11:45 - 2017-11-02 09:02 - 000134368 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys 2017-12-04 11:45 - 2017-10-09 16:49 - 000180088 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys 2017-12-04 11:45 - 2017-09-19 09:05 - 000107328 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys 2017-12-04 11:45 - 2017-09-19 09:05 - 000106304 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys 2017-12-04 11:45 - 2017-09-19 09:05 - 000081880 _____ (ESET) C:\WINDOWS\system32\Drivers\epfw.sys 2017-12-04 11:45 - 2017-09-19 09:05 - 000050744 _____ (ESET) C:\WINDOWS\system32\Drivers\ekbdflt.sys ==================== Pliki w katalogu głównym wybranych folderów ======= 2018-01-02 15:57 - 2018-01-02 15:57 - 000007680 _____ (Magic Partition Manager NFTS) C:\Users\Waldek\AppData\Roaming\7AU26RM.exe 2018-01-02 15:57 - 2018-01-02 15:57 - 000001810 _____ () C:\Users\Waldek\AppData\Roaming\7AU26RM.exe.config 2018-01-02 15:57 - 2018-01-02 15:57 - 000015872 _____ () C:\Users\Waldek\AppData\Roaming\U8XHNAE.exe 2018-01-02 15:57 - 2018-01-02 15:57 - 000001810 _____ () C:\Users\Waldek\AppData\Roaming\U8XHNAE.exe.config 2018-01-02 15:57 - 2018-01-02 15:57 - 000140800 _____ () C:\Users\Waldek\AppData\Local\installer.dat 2017-12-04 18:21 - 2017-12-04 18:21 - 000000000 _____ () C:\Users\Waldek\AppData\Local\{78EB34F4-F705-4D40-8086-50A50829798A} Niektóre pliki w TEMP: ==================== 2018-01-02 12:37 - 2018-01-02 12:37 - 033629283 _____ (Microsoft Corporation ) C:\Users\Waldek\AppData\Local\Temp\DirectX.exe 2018-01-02 12:38 - 2018-01-02 12:38 - 026447107 _____ (Microsoft Corporation) C:\Users\Waldek\AppData\Local\Temp\VBCRedist.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-12-30 20:37 ==================== Koniec FRST.txt ============================