Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:09-12-2015 Uruchomiony przez Barłomiej Adamczyk (administrator) BARTEK (09-12-2015 17:17:16) Uruchomiony z C:\Users\Franciszek\Desktop\Pobrane\Nowy folder (3)\Nowy folder Załadowane profile: Barłomiej Adamczyk (Dostępne profile: Barłomiej Adamczyk) Platform: Windows 8.1 Pro (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Rsupport Co., Ltd.) C:\Program Files (x86)\Samsung\Remote PC\rvagent.exe (TFuns LIMITED) C:\ProgramData\2WdM2\WdMan.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Rsupport Co., Ltd.) C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe (Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe (Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\3.20.35\LogiOptionsMgr.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc. ) C:\Program Files (x86)\EgisTec MyWinLocker\MWLTSR.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-23] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-06] (IDT, Inc.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [PrnStatusMX] => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1553528 2015-09-01] (Logitech, Inc.) HKLM-x32\...\Run: [BEWINTERNET-PL-IEWSessionManager] => "C:\Program Files (x86)\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe" HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [RemoteView5 Tray] => C:\Program Files (x86)\Samsung\Remote PC\rvagtray.exe [2615704 2014-05-08] (Rsupport Co., Ltd.) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [418672 2011-06-22] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-06-22] (Egis Technology Inc.) HKLM-x32\...\Run: [MWLTSR] => C:\Program Files (x86)\EgisTec MyWinLocker\MWLTSR.exe [126320 2011-07-22] (Egis Technology Inc. ) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe /start HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd) HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\MountPoints2: {07acc18e-b756-11e3-8261-806e6f6e6963} - "G:\AutoRun.exe" HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\MountPoints2: {07acc248-b756-11e3-8261-685d43531cbc} - "G:\AutoRun.exe" HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\MountPoints2: {07acc4e5-b756-11e3-8261-685d43531cbc} - "G:\AutoRun.exe" HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\MountPoints2: {07acc4ff-b756-11e3-8261-685d43531cbc} - "G:\AutoRun.exe" HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\MountPoints2: {27833a19-6a65-11e4-828c-685d43531cbc} - "G:\LaunchU3.exe" -a HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\MountPoints2: {2fa79870-8756-11e4-8290-685d43531cbc} - "G:\Startme.exe" HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\MountPoints2: {43df2339-b754-11e3-825f-806e6f6e6963} - "G:\AutoRun.exe" HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\MountPoints2: {43df23e2-b754-11e3-825f-685d43531cbc} - "G:\AutoRun.exe" HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\MountPoints2: {6d60cf75-d52a-11e4-8297-685d43531cbc} - "G:\auto.exe" HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\MountPoints2: {7f0e0cb7-b418-11e3-825c-685d43531cbc} - "G:\AutoRun.exe" HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\MountPoints2: {7f0e0cf1-b418-11e3-825c-685d43531cbc} - "G:\AutoRun.exe" HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\MountPoints2: {7f0e0d3e-b418-11e3-825c-685d43531cbc} - "G:\AutoRun.exe" HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\MountPoints2: {7f0e0fdf-b418-11e3-825c-685d43531cbc} - "G:\AutoRun.exe" HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\MountPoints2: {7f0e1160-b418-11e3-825c-685d43531cbc} - "G:\AutoRun.exe" HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\MountPoints2: {8bfd4948-b752-11e3-825e-685d43531cbc} - "G:\AutoRun.exe" HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\MountPoints2: {b223e64f-b754-11e3-8260-685d43531cbc} - "G:\AutoRun.exe" HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\MountPoints2: {b60735fd-dabe-11e4-8298-685d43531cbc} - "H:\Startme.exe" HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\MountPoints2: {bfd37734-b748-11e3-825d-685d43531cbc} - "G:\AutoRun.exe" HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\MountPoints2: {bfd3788c-b748-11e3-825d-685d43531cbc} - "G:\AutoRun.exe" HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\...\MountPoints2: {db0afe76-1409-11e4-8273-5cf9dd47b36c} - "K:\DTLplus_Launcher.exe" HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{17553E82-C8FA-4731-BFB2-E8CA578A5425}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{9B675F9B-3C7C-4FED-9572-F94AA7544DDB}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{C3374F6D-65AF-4CF1-ADB3-78FDA3C9511C}: [DhcpNameServer] 80.238.112.12 80.238.112.13 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449661832&z=5212dc954539de1aaece063g6zezet9q4qagdbdg6t&from=ient07021&uid=SAMSUNGXSSDX830XSeries_S0Z3NEAC875951 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449661832&z=5212dc954539de1aaece063g6zezet9q4qagdbdg6t&from=ient07021&uid=SAMSUNGXSSDX830XSeries_S0Z3NEAC875951 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449661832&z=5212dc954539de1aaece063g6zezet9q4qagdbdg6t&from=ient07021&uid=SAMSUNGXSSDX830XSeries_S0Z3NEAC875951&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449661832&z=5212dc954539de1aaece063g6zezet9q4qagdbdg6t&from=ient07021&uid=SAMSUNGXSSDX830XSeries_S0Z3NEAC875951 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449661832&z=5212dc954539de1aaece063g6zezet9q4qagdbdg6t&from=ient07021&uid=SAMSUNGXSSDX830XSeries_S0Z3NEAC875951 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449661832&z=5212dc954539de1aaece063g6zezet9q4qagdbdg6t&from=ient07021&uid=SAMSUNGXSSDX830XSeries_S0Z3NEAC875951&q={searchTerms} HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449661832&z=5212dc954539de1aaece063g6zezet9q4qagdbdg6t&from=ient07021&uid=SAMSUNGXSSDX830XSeries_S0Z3NEAC875951&q={searchTerms} HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449661832&z=5212dc954539de1aaece063g6zezet9q4qagdbdg6t&from=ient07021&uid=SAMSUNGXSSDX830XSeries_S0Z3NEAC875951 HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449661832&z=5212dc954539de1aaece063g6zezet9q4qagdbdg6t&from=ient07021&uid=SAMSUNGXSSDX830XSeries_S0Z3NEAC875951 HKU\S-1-5-21-3644742391-2186993713-3904842162-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449661832&z=5212dc954539de1aaece063g6zezet9q4qagdbdg6t&from=ient07021&uid=SAMSUNGXSSDX830XSeries_S0Z3NEAC875951&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Franciszek\AppData\Roaming\Mozilla\Firefox\Profiles\pw09x6bp.default FF DefaultSearchEngine: yoursites123 FF SelectedSearchEngine: yoursites123 FF Homepage: hxxp://google.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-12] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-12] () FF Plugin-x32: @ganymede/GanymedeNetPlugin,version=1.0 -> C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll [2013-07-15] ( ) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npganymedenet.dll [2013-07-15] ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Extension: Modify Headers - C:\Users\Franciszek\AppData\Roaming\Mozilla\Firefox\Profiles\pw09x6bp.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2015-05-29] FF Extension: Flashblock - C:\Users\Franciszek\AppData\Roaming\Mozilla\Firefox\Profiles\pw09x6bp.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-11-30] FF Extension: Adblock Plus - C:\Users\Franciszek\AppData\Roaming\Mozilla\Firefox\Profiles\pw09x6bp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-25] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-03-24] [Brak podpisu cyfrowego] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-03-24] [Brak podpisu cyfrowego] StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449661832&z=5212dc954539de1aaece063g6zezet9q4qagdbdg6t&from=ient07021&uid=SAMSUNGXSSDX830XSeries_S0Z3NEAC875951 Chrome: ======= CHR HomePage: Default -> hxxp://www.yoursites123.com/?type=hp&ts=1449661832&z=5212dc954539de1aaece063g6zezet9q4qagdbdg6t&from=ient07021&uid=SAMSUNGXSSDX830XSeries_S0Z3NEAC875951 CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1449661832&z=5212dc954539de1aaece063g6zezet9q4qagdbdg6t&from=ient07021&uid=SAMSUNGXSSDX830XSeries_S0Z3NEAC875951" CHR DefaultSearchURL: Default -> hxxp://szukaj.onet.pl/wyniki.html?qt={searchTerms} CHR DefaultSearchKeyword: Default -> onet.pl CHR Profile: C:\Users\Franciszek\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\Franciszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-04] CHR Extension: (NPSignPluginPEKAO) - C:\Users\Franciszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\adkiamfckgcmblbpmbeehfhijlajckdd [2015-11-09] CHR Extension: (Dokumenty Google) - C:\Users\Franciszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-04] CHR Extension: (Dysk Google) - C:\Users\Franciszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-04] CHR Extension: (YouTube) - C:\Users\Franciszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-04] CHR Extension: (Google Search) - C:\Users\Franciszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04] CHR Extension: (Arkusze Google) - C:\Users\Franciszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-04] CHR Extension: (Dokumenty Google offline) - C:\Users\Franciszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Franciszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-04] CHR Extension: (Gmail) - C:\Users\Franciszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-04] CHR HKLM-x32\...\Chrome\Extension: [adkiamfckgcmblbpmbeehfhijlajckdd] - C:\Users\Franciszek\AppData\Local\Google\Chrome\User Data\Default\Extensions\NPSignPluginPEKAO.crx [2013-09-16] StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1449661832&z=5212dc954539de1aaece063g6zezet9q4qagdbdg6t&from=ient07021&uid=SAMSUNGXSSDX830XSeries_S0Z3NEAC875951 Opera: ======= StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe hxxp://www.yoursites123.com/?type=sc&ts=1449661832&z=5212dc954539de1aaece063g6zezet9q4qagdbdg6t&from=ient07021&uid=SAMSUNGXSSDX830XSeries_S0Z3NEAC875951 ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated) R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-23] (NVIDIA Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Brak podpisu cyfrowego] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-23] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-23] (NVIDIA Corporation) R2 RemotePC Agent; C:\Program Files (x86)\Samsung\Remote PC\rvagent.exe [813448 2014-05-07] (Rsupport Co., Ltd.) R2 WdMan; C:\ProgramData\2WdM2\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.) R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-28] (Disc Soft Ltd) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET) S4 epfw; C:\Windows\system32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET) S4 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET) S3 FlashUSB; C:\Windows\System32\drivers\FlashUSB.sys [19968 2014-04-11] (Intel Mobile Communications) S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-12-19] (Sony Mobile Communications) U0 ledhxv; C:\Windows\System32\drivers\kvxnql.sys [79064 2015-12-09] (Malwarebytes) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation) S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2012-09-22] (CACE Technologies, Inc.) S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2012-09-22] (CACE Technologies, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-23] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation) S3 rssasnt; C:\Program Files (x86)\Samsung\Remote PC\rssas64.sys [18184 2013-08-22] (Rsupport Co.,Ltd) S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2015-04-25] (Microsoft Corporation) R1 vrvd5; C:\Windows\system32\DRIVERS\vrvd5.sys [13344 2014-07-20] (Rsupport Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 clwvd6; \SystemRoot\system32\DRIVERS\clwvd6.sys [X] S3 CV2K1; \SystemRoot\system32\DRIVERS\cv2k1.sys [X] S3 ewusbmbb; \SystemRoot\system32\DRIVERS\ewusbwwan.sys [X] S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X] S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X] S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X] S3 pccsmcfd; \SystemRoot\system32\DRIVERS\pccsmcfdx64.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-12-09 17:15 - 2015-12-09 17:17 - 00000000 ____D C:\FRST 2015-12-09 17:07 - 2015-12-09 17:15 - 00000000 ____D C:\Users\Franciszek\Desktop\mbar 2015-12-09 17:07 - 2015-12-09 17:15 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-12-09 17:04 - 2015-12-09 17:04 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\kvxnql.sys 2015-12-09 12:50 - 2015-12-09 12:52 - 00000000 ____D C:\ProgramData\2WdM2 2015-12-09 12:50 - 2015-12-09 12:50 - 00000000 ____D C:\ProgramData\nWdMn 2015-12-07 15:31 - 2015-12-07 15:31 - 00003348 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings 2015-12-07 01:23 - 2015-12-09 12:50 - 00002125 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-12-07 01:23 - 2015-12-07 01:23 - 00000000 ____D C:\Users\Franciszek\AppData\Roaming\Opera 2015-12-07 01:23 - 2015-12-07 01:23 - 00000000 ____D C:\Users\Franciszek\AppData\Local\Opera 2015-12-07 01:23 - 2015-12-07 01:23 - 00000000 ____D C:\Program Files\Opera x64 2015-12-07 01:23 - 2015-12-07 01:23 - 00000000 ____D C:\Program Files (x86)\Opera x64 2015-12-05 00:23 - 2015-12-05 00:23 - 00003806 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d12eeace4791e0 2015-12-05 00:23 - 2015-12-05 00:23 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12eeace4791e0.job 2015-12-05 00:23 - 2015-12-05 00:23 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f0b8ae50fc2b.job 2015-12-02 14:44 - 2015-12-02 14:44 - 00010840 _____ C:\Users\Franciszek\Desktop\Kopia Stawki wynagrodzeń do wyliczenia.xlsx 2015-11-29 19:05 - 2015-11-29 19:05 - 00000828 _____ C:\Users\Public\Desktop\FileViewPro.lnk 2015-11-29 17:18 - 2015-11-29 17:19 - 00000000 ___HD C:\ProgramData\EgisTec 2015-11-29 17:18 - 2015-11-29 17:18 - 00000000 ____D C:\Users\Franciszek\AppData\Local\EgisTec IPS 2015-11-29 17:18 - 2015-11-29 17:18 - 00000000 ____D C:\Users\Franciszek\AppData\Local\EgisTec 2015-11-29 17:17 - 2015-11-29 17:17 - 00062584 _____ (Egis Technology Inc.) C:\Windows\system32\Drivers\mwlPSDVDisk.sys 2015-11-29 17:17 - 2015-11-29 17:17 - 00022912 _____ (Egis Technology Inc.) C:\Windows\system32\Drivers\mwlPSDFilter.sys 2015-11-29 17:17 - 2015-11-29 17:17 - 00020328 _____ (Egis Technology Inc.) C:\Windows\system32\Drivers\mwlPSDNserv.sys 2015-11-29 17:17 - 2015-11-29 17:17 - 00002030 _____ C:\Users\Public\Desktop\MyWinLocker.lnk 2015-11-29 17:17 - 2015-11-29 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec 2015-11-29 17:16 - 2015-11-29 17:18 - 00000000 ____D C:\ProgramData\EgisTec IPS 2015-11-29 17:16 - 2015-11-29 17:17 - 00000000 ____D C:\Program Files (x86)\EgisTec MyWinLocker 2015-11-29 17:16 - 2015-11-29 17:16 - 20428485 _____ C:\Users\Franciszek\Downloads\MyWinLocker(dobreprogramy.pl).zip 2015-11-29 17:16 - 2015-11-29 17:16 - 00000000 ____D C:\Program Files\EgisTec IPS 2015-11-29 17:16 - 2015-11-29 17:16 - 00000000 ____D C:\Program Files (x86)\EgisTec IPS 2015-11-29 17:16 - 2011-07-22 13:50 - 21012176 _____ (Egis Technology Inc. ) C:\Users\Franciszek\Downloads\MyWinLocker.exe 2015-11-29 16:52 - 2015-11-29 19:04 - 00000000 ____D C:\Users\Franciszek\AppData\Local\SpaceKace 2015-11-29 16:47 - 2015-11-29 16:47 - 00000000 ____D C:\Users\Franciszek\AppData\Roaming\IsolatedStorage 2015-11-29 16:47 - 2015-11-29 16:47 - 00000000 ____D C:\ProgramData\IsolatedStorage 2015-11-29 16:46 - 2015-11-29 16:46 - 00000000 ____D C:\Spacekace 2015-11-25 16:25 - 2015-11-25 16:25 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-23 02:46 - 2015-11-23 02:46 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-11-23 02:46 - 2015-11-23 02:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-16 21:56 - 2015-11-16 21:56 - 00002283 _____ C:\Users\Franciszek\Desktop\Skanuj dokument lub obraz — skrót.lnk 2015-11-16 19:12 - 2015-11-16 19:12 - 00000000 ____D C:\Windows\LastGood.Tmp 2015-11-16 19:11 - 2015-11-16 19:11 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_HidBthLE_01_11_00.Wdf 2015-11-16 18:43 - 2015-11-16 18:43 - 00000800 _____ C:\Users\Franciszek\Desktop\Praca — skrót.lnk 2015-11-15 21:36 - 2015-11-15 22:08 - 00008509 _____ C:\Users\Franciszek\Desktop\Nowy dokument tekstowy (4).txt 2015-11-13 01:09 - 2015-11-13 01:09 - 00000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2015-11-13 01:09 - 2015-11-03 01:23 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-11-13 01:09 - 2015-11-03 01:23 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-13 00:36 - 2015-07-30 15:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-11-13 00:36 - 2015-07-30 14:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-11-13 00:26 - 2015-01-06 04:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys 2015-11-13 00:26 - 2015-01-06 03:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys 2015-11-13 00:26 - 2015-01-06 02:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll 2015-11-13 00:26 - 2015-01-06 02:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll 2015-11-13 00:22 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-13 00:22 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-13 00:22 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-13 00:22 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2015-11-13 00:22 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-13 00:22 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-11-13 00:22 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2015-11-13 00:22 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2015-11-13 00:22 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-13 00:22 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-13 00:22 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-13 00:22 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-13 00:22 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-11-13 00:22 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-13 00:22 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-13 00:22 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-11-13 00:22 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-11-13 00:22 - 2015-09-29 13:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys 2015-11-13 00:22 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys 2015-11-13 00:22 - 2015-09-03 03:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-11-13 00:22 - 2015-09-03 03:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-11-13 00:22 - 2015-09-02 19:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-11-13 00:22 - 2015-09-02 18:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-11-13 00:22 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe 2015-11-13 00:22 - 2015-08-27 03:43 - 22372152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-11-13 00:22 - 2015-08-27 03:42 - 19795904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-11-13 00:22 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-11-13 00:22 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-11-13 00:22 - 2015-08-07 22:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-11-13 00:22 - 2015-08-07 22:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-11-13 00:22 - 2015-08-07 22:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-11-13 00:22 - 2015-08-07 15:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-11-13 00:22 - 2015-08-06 17:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-11-13 00:22 - 2015-08-06 17:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2015-11-13 00:22 - 2015-07-30 18:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-11-13 00:22 - 2015-07-30 17:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-11-13 00:22 - 2015-07-22 15:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-11-13 00:22 - 2015-07-22 14:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-11-13 00:22 - 2015-07-17 15:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-11-13 00:22 - 2015-07-17 15:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-11-13 00:22 - 2015-07-16 01:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-11-13 00:22 - 2015-07-10 18:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2015-11-13 00:22 - 2015-06-27 12:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-11-13 00:21 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-13 00:21 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-13 00:21 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-13 00:21 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-13 00:21 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-11-13 00:21 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-13 00:21 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-13 00:21 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-13 00:21 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-11-13 00:21 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-11-13 00:21 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-11-13 00:21 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-11-13 00:21 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-13 00:21 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-11-13 00:21 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-13 00:21 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-11-13 00:21 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-11-13 00:21 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-11-13 00:21 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-11-13 00:21 - 2015-09-24 18:51 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfg.exe 2015-11-13 00:21 - 2015-09-24 18:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll 2015-11-13 00:21 - 2015-09-24 18:30 - 00322048 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll 2015-11-13 00:21 - 2015-09-24 17:42 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll 2015-11-13 00:21 - 2015-09-24 17:40 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll 2015-11-13 00:21 - 2015-09-19 04:18 - 00035384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-11-13 00:21 - 2015-09-18 14:42 - 01290752 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-11-13 00:21 - 2015-09-18 14:42 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-11-13 00:21 - 2015-09-18 14:42 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-11-13 00:21 - 2015-09-18 14:42 - 00699904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-11-13 00:21 - 2015-09-18 14:42 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-11-13 00:21 - 2015-09-18 14:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-11-13 00:21 - 2015-09-12 14:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml 2015-11-13 00:21 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2015-11-13 00:21 - 2015-09-07 17:21 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll 2015-11-13 00:21 - 2015-09-07 17:17 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll 2015-11-13 00:21 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2015-11-13 00:21 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2015-11-13 00:21 - 2015-09-02 03:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-11-13 00:21 - 2015-09-02 03:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-11-13 00:21 - 2015-09-02 03:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-11-13 00:21 - 2015-09-02 03:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-11-13 00:21 - 2015-08-07 22:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-11-13 00:21 - 2015-08-07 22:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-11-13 00:21 - 2015-08-06 18:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx 2015-11-13 00:21 - 2015-08-06 17:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx 2015-11-13 00:21 - 2015-07-22 15:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-11-13 00:21 - 2015-07-22 15:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll 2015-11-13 00:21 - 2015-07-22 15:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-11-13 00:21 - 2015-07-22 15:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll 2015-11-13 00:21 - 2015-07-18 19:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll 2015-11-13 00:21 - 2015-07-18 19:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll 2015-11-13 00:21 - 2015-07-18 19:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll 2015-11-13 00:21 - 2015-07-18 19:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll 2015-11-13 00:21 - 2015-07-14 22:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-11-13 00:21 - 2015-07-14 22:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll 2015-11-13 00:21 - 2015-07-14 22:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll 2015-11-13 00:21 - 2015-07-13 20:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-11-13 00:21 - 2015-07-13 20:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-11-13 00:21 - 2015-07-09 17:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-11-13 00:21 - 2015-07-07 10:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2015-11-13 00:21 - 2015-07-07 10:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2015-11-13 00:21 - 2015-07-07 10:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2015-11-13 00:21 - 2015-07-01 23:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-11-13 00:21 - 2015-07-01 23:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2015-11-13 00:21 - 2015-07-01 22:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2015-11-13 00:21 - 2015-07-01 22:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2015-11-13 00:21 - 2015-06-19 18:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2015-11-13 00:21 - 2015-06-12 18:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2015-11-13 00:21 - 2015-06-12 17:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2015-11-13 00:20 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-11-13 00:20 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-11-13 00:20 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-11-13 00:20 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-11-13 00:20 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-11-13 00:20 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-11-13 00:20 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-11-13 00:20 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-11-13 00:20 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-11-13 00:20 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-11-13 00:20 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-11-13 00:20 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-11-13 00:20 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-11-13 00:20 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-11-13 00:20 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-11-13 00:20 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-11-13 00:20 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-11-13 00:20 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-11-13 00:20 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-11-13 00:20 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-11-13 00:20 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-11-13 00:20 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-11-13 00:20 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-11-13 00:20 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-13 00:20 - 2015-09-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-11-13 00:20 - 2015-09-10 18:06 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-11-13 00:20 - 2015-09-10 17:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-11-13 00:20 - 2015-09-10 17:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-11-13 00:20 - 2015-09-10 17:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-11-13 00:20 - 2015-09-10 17:35 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-11-13 00:20 - 2015-09-10 17:28 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-11-13 00:20 - 2015-09-10 17:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-11-13 00:20 - 2015-09-10 17:19 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-11-13 00:20 - 2015-09-10 17:17 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-11-13 00:20 - 2015-09-10 17:17 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-11-13 00:20 - 2015-09-10 17:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-11-13 00:20 - 2015-09-10 17:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-11-13 00:20 - 2015-09-10 16:57 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-11-13 00:20 - 2015-09-10 16:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-11-13 00:20 - 2015-09-10 16:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-11-13 00:20 - 2015-08-03 22:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-11-13 00:20 - 2015-08-03 22:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-11-13 00:20 - 2015-08-01 15:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-11-13 00:20 - 2015-08-01 04:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe 2015-11-13 00:20 - 2015-08-01 04:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe 2015-11-13 00:20 - 2015-08-01 04:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-11-13 00:20 - 2015-08-01 04:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe 2015-11-13 00:20 - 2015-08-01 04:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe 2015-11-13 00:20 - 2015-07-16 21:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-11-13 00:20 - 2015-07-16 20:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-11-13 00:20 - 2015-07-16 20:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-11-13 00:20 - 2015-07-16 20:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-11-13 00:20 - 2015-07-16 19:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2015-11-13 00:20 - 2015-07-10 19:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2015-11-13 00:20 - 2015-07-10 18:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2015-11-13 00:20 - 2015-07-10 18:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-11-13 00:20 - 2015-07-10 17:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-11-13 00:20 - 2015-07-09 18:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-11-13 00:20 - 2015-07-09 18:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-11-13 00:20 - 2015-07-09 17:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe 2015-11-13 00:20 - 2015-06-11 21:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2015-11-13 00:20 - 2015-06-11 21:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2015-11-13 00:20 - 2015-05-01 02:13 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe 2015-11-13 00:20 - 2015-05-01 02:13 - 01488000 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2015-11-13 00:20 - 2015-05-01 02:13 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll 2015-11-13 00:19 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2015-11-13 00:19 - 2015-08-22 14:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2015-11-13 00:19 - 2015-08-22 14:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2015-11-13 00:19 - 2015-08-22 14:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-11-13 00:19 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-11-13 00:19 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL 2015-11-13 00:19 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2015-11-13 00:19 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2015-11-13 00:19 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2015-11-13 00:19 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2015-11-13 00:19 - 2015-07-29 15:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-11-13 00:19 - 2015-07-29 15:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-11-13 00:19 - 2015-07-29 15:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-11-13 00:19 - 2015-07-16 19:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll 2015-11-13 00:19 - 2015-07-14 04:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe 2015-11-13 00:19 - 2015-07-10 20:06 - 00118272 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys 2015-11-13 00:19 - 2015-06-09 23:39 - 00081920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS 2015-11-13 00:19 - 2015-06-09 23:39 - 00053248 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys 2015-11-13 00:19 - 2015-06-09 23:38 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys 2015-11-12 23:51 - 2015-11-12 23:51 - 00000000 ____D C:\Users\Franciszek\AppData\Local\CEF 2015-11-12 23:50 - 2015-11-12 23:50 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-11-12 23:50 - 2015-11-12 23:50 - 00002045 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2015-11-12 23:50 - 2015-11-12 23:50 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-11-12 20:42 - 2015-11-12 20:42 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2015-11-12 20:42 - 2015-11-12 20:42 - 00001301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2015-11-12 20:42 - 2015-11-12 20:42 - 00000000 ____D C:\Windows\pl 2015-11-12 20:42 - 2015-11-12 20:42 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2015-11-12 20:42 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2015-11-12 20:42 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2015-11-12 20:42 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2015-11-12 20:42 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2015-11-12 20:42 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2015-11-12 20:42 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2015-11-12 20:42 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2015-11-12 20:42 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll 2015-11-12 20:42 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2015-11-12 20:42 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-12-09 17:16 - 2013-08-22 14:36 - 00000000 ____D C:\Windows 2015-12-09 17:15 - 2014-03-24 21:58 - 00000000 ____D C:\Users\Franciszek\Desktop\Pobrane 2015-12-09 17:12 - 2014-03-24 20:55 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3644742391-2186993713-3904842162-1001 2015-12-09 17:07 - 2014-03-24 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-12-09 17:04 - 2015-10-21 08:53 - 00000000 ____D C:\Program Files (x86)\Free mp3 Wma Converter 2015-12-09 17:04 - 2014-09-05 19:32 - 00000000 ____D C:\Program Files\Windows Vista - 7 - 8 - 8.1 KMS Activator Ultimate 2014 v1.8 2015-12-09 17:04 - 2013-09-03 01:08 - 00807160 _____ C:\Windows\system32\perfh015.dat 2015-12-09 17:04 - 2013-09-03 01:08 - 00163478 _____ C:\Windows\system32\perfc015.dat 2015-12-09 17:04 - 2013-09-03 00:51 - 01825074 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-09 17:04 - 2013-08-22 15:45 - 00000000 ____D C:\Windows\ServiceProfiles 2015-12-09 17:04 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf 2015-12-09 16:57 - 2015-05-13 07:49 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-09 16:57 - 2014-03-24 22:11 - 00922624 ___SH C:\Users\Franciszek\Desktop\Thumbs.db 2015-12-09 16:57 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-09 16:57 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-12-09 16:56 - 2014-04-03 12:38 - 00000000 ____D C:\AdwCleaner 2015-12-09 16:47 - 2015-02-06 14:42 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-09 12:56 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\ModemLogs 2015-12-09 12:50 - 2015-07-29 15:04 - 00001337 _____ C:\Users\Franciszek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-12-09 12:50 - 2015-07-29 15:04 - 00001224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-12-09 12:50 - 2014-03-24 21:09 - 00001212 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-12-09 12:39 - 2014-03-24 22:07 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-07 16:38 - 2014-03-25 12:21 - 00000000 ____D C:\Users\Franciszek\AppData\Roaming\vlc 2015-12-06 11:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness 2015-12-05 00:23 - 2015-09-16 20:48 - 00003806 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0f0b8ae50fc2b 2015-12-04 11:43 - 2014-04-16 11:18 - 00000000 ____D C:\Users\Franciszek\AppData\Roaming\GG 2015-12-03 20:18 - 2014-03-24 21:59 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2015-12-03 13:56 - 2015-10-28 09:16 - 00002462 _____ C:\Users\Franciszek\Desktop\Nowy dokument tekstowy (2).txt 2015-12-03 11:42 - 2014-10-07 18:54 - 00000000 ____D C:\Users\Franciszek\Desktop\clear4you 2015-11-29 18:36 - 2014-06-09 14:37 - 00000000 ____D C:\Users\Franciszek\Desktop\dokumenty 2015-11-29 17:17 - 2014-03-24 22:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-11-29 17:16 - 2014-04-05 17:02 - 00000000 ____D C:\Users\Franciszek\AppData\Local\Downloaded Installations 2015-11-23 02:46 - 2015-10-23 19:46 - 00000000 ____D C:\Users\Franciszek\.oracle_jre_usage 2015-11-23 02:46 - 2014-07-20 20:04 - 00000000 ____D C:\ProgramData\Oracle 2015-11-23 02:45 - 2014-07-20 20:04 - 00000000 ____D C:\Program Files (x86)\Java 2015-11-18 16:32 - 2014-04-16 11:18 - 00000000 ____D C:\Users\Franciszek\AppData\Local\GG 2015-11-14 20:04 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache 2015-11-13 10:19 - 2015-07-15 19:09 - 00000000 ___SD C:\Windows\system32\GWX 2015-11-13 01:09 - 2014-03-24 20:47 - 00000000 ___RD C:\Users\Franciszek\SkyDrive 2015-11-13 01:08 - 2015-07-15 19:09 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-11-13 01:08 - 2015-07-15 19:09 - 00000000 ____D C:\Windows\system32\appraiser 2015-11-13 01:08 - 2015-05-31 22:57 - 00000000 ____D C:\Windows\SysWOW64\NV 2015-11-13 01:08 - 2015-05-31 22:57 - 00000000 ____D C:\Windows\system32\NV 2015-11-13 01:08 - 2014-12-30 20:13 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-11-13 01:08 - 2014-03-25 13:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-11-13 01:08 - 2014-03-25 13:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-11-13 01:08 - 2013-08-22 20:11 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-13 01:08 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData 2015-11-13 01:08 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-11-13 01:08 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender 2015-11-13 01:08 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2015-11-13 01:08 - 2013-08-22 15:44 - 00336256 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-13 00:38 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp 2015-11-13 00:37 - 2014-03-25 00:05 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-11-13 00:36 - 2014-03-25 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-11-13 00:26 - 2014-03-24 22:55 - 00000000 ____D C:\Windows\system32\MRT 2015-11-12 23:54 - 2014-03-24 20:43 - 00000000 ____D C:\Users\Franciszek 2015-11-12 23:51 - 2014-08-13 13:33 - 00000000 ____D C:\Users\Franciszek\AppData\Local\Adobe 2015-11-12 23:50 - 2014-03-25 00:06 - 00000000 ____D C:\ProgramData\Adobe 2015-11-12 20:45 - 2014-03-24 23:19 - 00000000 ____D C:\Users\Franciszek\AppData\Local\Windows Live 2015-11-12 06:39 - 2014-03-24 22:07 - 00003818 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-11-09 22:53 - 2014-03-24 21:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-11-09 22:53 - 2014-03-24 21:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-10-21 07:29 - 2015-10-21 07:29 - 0000268 ___RH () C:\Users\Franciszek\AppData\Roaming\External Build System 2015-10-21 07:45 - 2015-10-21 07:45 - 0000268 ___RH () C:\Users\Franciszek\AppData\Roaming\Filter 2015-10-21 07:45 - 2015-10-21 07:45 - 0000268 ___RH () C:\Users\Franciszek\AppData\Roaming\Flags 2014-03-29 15:45 - 2014-03-29 15:45 - 35250961 _____ () C:\Users\Franciszek\AppData\Local\SelfExtractible.zip 2015-10-21 07:29 - 2015-10-21 07:29 - 0000268 ___RH () C:\ProgramData\Filters 2015-10-21 07:45 - 2015-10-21 07:45 - 0000268 ___RH () C:\ProgramData\Flanger 2015-10-21 07:45 - 2015-10-21 07:45 - 0000268 ___RH () C:\ProgramData\Folder Actions 2015-10-21 07:29 - 2015-10-21 07:29 - 0000012 ___RH () C:\ProgramData\Frameworks 2015-10-21 07:45 - 2015-10-21 07:45 - 0000012 ___RH () C:\ProgramData\Generic 2015-10-21 07:45 - 2015-10-21 07:45 - 0000012 ___RH () C:\ProgramData\Guides 2015-10-21 07:28 - 2015-10-21 09:11 - 0000020 ____H () C:\ProgramData\PKP_DLdy.DAT 2015-10-21 07:45 - 2015-10-21 07:45 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2015-10-21 07:45 - 2015-10-21 07:45 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT Niektóre pliki w TEMP: ==================== C:\Users\Franciszek\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-12-03 12:44 ==================== Koniec FRST.txt ============================