Jump to content

Possibility of infection


Recommended Posts

Hello,

I clicked on link from advertise (cm send me that link) , my freind told me that AVG warned that is virus. I didn;t get any information, page didn;t load i get info only that time outed page.

I used before Kaspersky, but license worn off that i didn't have any AV. I checked first from wird process, and finded :

TiltWheelMouse.exe

pixmouse and (USA-version) but i never used that program or i never saw that process before....

in 2 places:

C:\Windows\System32\

C:\Windows\System32\DriverStore\FileRepository\t_mouse.inf_amd64_neutral_3ba4625019fa4a7f\

 

I downloaded AVG but didn't show any problems (profesional version for 30 days)

then i ddl HitmanPro (showed many cookiec problems and i deleted that)

 

then i dll Malwarebytes Anti-Malware and wanted make log, but i instaled that program on D: .. and i change to D where to make logs, but log's don't show. I already made 3 scans and i don;t see any logs, and when scan is finished i have only option to check summary not full logs.

 

 

Link to post
Share on other sites

i don't know how to edit post ;(

 

I wanted upload to scan that TiltWheelMouse.exe  ... but when i wanted to find that .exe i can;t find that file in system32 ... in other catalog i finded and scanned:

https://www.virustotal.com/pl/file/63ae8dd8e41260123e8c98905bd3d444bed86aea6353f690483e5cb116433ac2/analysis/1464177961/

 

i ddl also CC cleaner and used, next i ddl FRST64.exe and logs:

btw (i have uTorrent but i rarely use this only for free program like ubuntu, or file without copyraight's)

 

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:24-05-2016 01
Uruchomiony przez Piotrek (administrator)  NOIR (25-05-2016 13:55:50)
Uruchomiony z F:\
Załadowane profile: Piotrek & UpdatusUser (Dostępne profile: Piotrek & Tibco & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\stacsv64.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfwsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Malwarebytes) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Malwarebytes) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Sony Corporation) D:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Malwarebytes) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.1\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(WiseCleaner.com) D:\Program Files (x86)\Wise Care 365\WiseTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
() C:\Users\Piotrek\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Sony Corporation) D:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2011-07-21] (Dell Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-04-07] (IDT, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => D:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2670592 2015-06-01] (Sony Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [4883216 2016-05-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [1941064 2016-05-25] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3553588206-1230100283-3016243462-1000\...\Run: [MiPhoneManager] => C:\Users\Piotrek\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe [157624 2016-03-25] ()
HKU\S-1-5-21-3553588206-1230100283-3016243462-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8721624 2016-05-13] (Piriform Ltd)
HKU\S-1-5-21-3553588206-1230100283-3016243462-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3553588206-1230100283-3016243462-1000\...\MountPoints2: I - I:\LaunchU3.exe -a
HKU\S-1-5-21-3553588206-1230100283-3016243462-1000\...\MountPoints2: {767e0810-218a-11e1-88ed-f04da2c37e80} - H:\AutoRun.exe --autorun
HKU\S-1-5-21-3553588206-1230100283-3016243462-1000\...\MountPoints2: {b929983e-5f50-11e0-9136-f04da2c37e80} - I:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2010-03-21] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2010-03-21] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2010-03-21] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2010-03-21] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2010-03-21] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2010-03-21] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2010-03-21] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2010-03-21] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2010-03-21] (hxxp://tortoisesvn.net)

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

ProxyServer: [S-1-5-21-3553588206-1230100283-3016243462-1000] => 51.254.103.206:3128
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{46037BFB-319C-481B-92D0-F3E122BE8CF2}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3553588206-1230100283-3016243462-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={56EC5554-8DEF-43A6-9101-903981FEC720}&mid=1fec3d12377543c7872c99e546e7ba45-babea84e41077f6caeb92eae88fe1273d4db3ffe&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-05-25 00:08:54&v=4.3.1.831&pid=wtu&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-3553588206-1230100283-3016243462-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={56EC5554-8DEF-43A6-9101-903981FEC720}&mid=1fec3d12377543c7872c99e546e7ba45-babea84e41077f6caeb92eae88fe1273d4db3ffe&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-05-25 00:08:54&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3553588206-1230100283-3016243462-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={56EC5554-8DEF-43A6-9101-903981FEC720}&mid=1fec3d12377543c7872c99e546e7ba45-babea84e41077f6caeb92eae88fe1273d4db3ffe&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0516piz&pr=fr&d=2016-05-25 00:08:54&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-20] (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: Pomocnik logowania za pomocą konta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll [2016-05-25] (AVG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\m9o6qeco.default-1392858976483
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-23] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-07-20] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [Brak pliku]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-23] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.1\\npsitesafety.dll [Brak pliku]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-05-23] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [Brak pliku]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npganymedenet.dll [2013-05-14] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\m9o6qeco.default-1392858976483\searchplugins\avg-secure-search.xml [2016-05-25]
FF Extension: Greasemonkey - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\m9o6qeco.default-1392858976483\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-09-18]
FF Extension: NoScript - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\m9o6qeco.default-1392858976483\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-11-04]
FF Extension: HttpRequester - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\m9o6qeco.default-1392858976483\extensions\{ea4637dc-e014-4c17-9c2c-879322d23268} [2015-11-27]
FF Extension: Modify Headers - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\m9o6qeco.default-1392858976483\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2015-11-27]
FF Extension: Live HTTP headers - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\m9o6qeco.default-1392858976483\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2015-11-27]
FF Extension: HttpFox - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\m9o6qeco.default-1392858976483\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2015-11-27]
FF Extension: Tamper Data - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\m9o6qeco.default-1392858976483\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2015-11-27]
FF Extension: Distill Web Monitor - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\m9o6qeco.default-1392858976483\extensions\alertbox@ajitk.com.xpi [2016-02-20]
FF Extension: iMacros for Firefox - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\m9o6qeco.default-1392858976483\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2016-04-23]
FF Extension: AVG Web TuneUp - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\m9o6qeco.default-1392858976483\Extensions\avg@toolbar.xpi [2016-05-25]
FF Extension: Ciuvo Price Comparison - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\m9o6qeco.default-1392858976483\Extensions\extension@ciuvo.com.xpi [2015-11-02]
FF Extension: Firebug - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\m9o6qeco.default-1392858976483\Extensions\firebug@software.joehewitt.com.xpi [2015-11-27]
FF Extension: Ghostery - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\m9o6qeco.default-1392858976483\Extensions\firefox@ghostery.com.xpi [2015-11-02]
FF Extension: Tab Memory Usage - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\m9o6qeco.default-1392858976483\Extensions\jid1-fRvgLzKONCsPew@jetpack.xpi [2015-11-02]
FF Extension: Free Memory - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\m9o6qeco.default-1392858976483\Extensions\jid1-n85lxPv1NAWVTQ@jetpack.xpi [2015-11-02]
FF Extension: HTTP Tool - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\m9o6qeco.default-1392858976483\Extensions\jid1-qLJSwFs6qrJBVg@jetpack.xpi [2015-11-27]
FF Extension: XLT Script Developer - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\m9o6qeco.default-1392858976483\Extensions\kontakt@xceptance.de.xpi [2015-11-27]
FF Extension: Adblock Plus - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\m9o6qeco.default-1392858976483\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-29]

==================== Usługi (filtrowane) ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638968 2016-05-19] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [1999224 2016-05-19] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5155904 2016-05-19] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1078544 2016-04-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [710232 2016-05-19] (AVG Technologies CZ, s.r.o.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-05-24] (SurfRight B.V.)
R2 MBAMScheduler; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Brak podpisu cyfrowego]
R2 PMBDeviceInfoProvider; D:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [494592 2015-06-01] (Sony Corporation)
S3 rvd; C:\Windows\rvntsctl.exe [86280 2010-06-16] (TIBCO Software Inc)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe [247808 2010-04-07] (IDT, Inc.)
R2 vToolbarUpdater40.3.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.1\ToolbarUpdater.exe [1323080 2016-05-25] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WiseBootAssistant; D:\Program Files (x86)\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com) [Brak podpisu cyfrowego]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2011-07-21] (Dell Inc.) [Brak podpisu cyfrowego]
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [972872 2016-05-25] ()

===================== Sterowniki (filtrowane) ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-04-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [248576 2016-03-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-04-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-04] (AVG Technologies CZ, s.r.o.)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-25] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC)
S3 RTCore64; C:\Users\Piotrek\Desktop\rmclock_235_bin\RTCore64.sys [14352 2008-05-15] ()
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2016-01-01] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Brak podpisu cyfrowego]
S3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [32792 2015-09-29] (SteelSeries ApS)
S3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [51400 2016-01-28] (SteelSeries ApS)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-05-25 13:24 - 2016-05-25 13:24 - 00027617 _____ C:\ProgramData\1464175487.bdinstall.bin
2016-05-25 13:21 - 2016-05-25 13:21 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-05-25 13:21 - 2016-05-25 13:21 - 00000828 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-25 13:21 - 2016-05-25 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-05-25 13:21 - 2016-05-25 13:21 - 00000000 ____D C:\Program Files\CCleaner
2016-05-25 13:07 - 2016-05-25 13:55 - 00000000 ____D C:\FRST
2016-05-25 03:45 - 2016-05-25 13:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-25 03:44 - 2016-05-25 03:44 - 00000789 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-25 03:44 - 2016-05-25 03:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-25 03:43 - 2016-05-25 03:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-25 03:43 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-25 03:43 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-25 03:43 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-25 00:09 - 2016-05-25 00:09 - 00000000 ____D C:\Users\Piotrek\AppData\Local\AVG Web TuneUp
2016-05-25 00:08 - 2016-05-25 00:09 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-05-25 00:08 - 2016-05-25 00:08 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2016-05-25 00:08 - 2016-05-25 00:08 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-05-24 23:58 - 2016-05-24 23:58 - 00000000 ____D C:\Users\Piotrek\AppData\Roaming\AVG
2016-05-24 23:57 - 2016-05-24 23:57 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-24 23:56 - 2016-05-24 23:56 - 00000000 ____D C:\Users\Piotrek\AppData\Roaming\TuneUp Software
2016-05-24 23:56 - 2016-05-24 23:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-05-24 23:55 - 2016-05-24 23:55 - 00000000 ___HD C:\$AVG
2016-05-24 23:47 - 2016-05-24 23:47 - 00002622 _____ C:\Windows\system32\.crusader
2016-05-24 23:29 - 2016-05-24 23:47 - 00000000 ____D C:\ProgramData\HitmanPro
2016-05-24 23:29 - 2016-05-24 23:29 - 00001945 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-05-24 23:29 - 2016-05-24 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-05-24 23:29 - 2016-05-24 23:29 - 00000000 ____D C:\Program Files\HitmanPro
2016-05-24 23:28 - 2016-05-25 13:52 - 00000000 ____D C:\ProgramData\MFAData
2016-05-24 23:28 - 2016-05-24 23:28 - 00000000 ____D C:\Users\Piotrek\AppData\Local\MFAData
2016-05-24 23:26 - 2016-05-24 23:26 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk
2016-05-24 23:26 - 2016-05-24 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-05-24 23:24 - 2016-05-24 23:54 - 00000000 ____D C:\Program Files (x86)\AVG
2016-05-24 23:22 - 2016-05-24 23:58 - 00000000 ____D C:\Users\Piotrek\AppData\Local\Avg
2016-05-24 23:22 - 2016-05-24 23:54 - 00000000 ____D C:\ProgramData\Avg
2016-05-24 23:22 - 2016-05-24 23:51 - 00000000 ____D C:\Users\Piotrek\AppData\Local\AvgSetupLog
2016-05-11 11:22 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 11:22 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 11:22 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 11:22 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 11:22 - 2016-04-09 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 11:22 - 2016-04-09 08:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 11:22 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 11:22 - 2016-04-09 08:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 11:22 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 11:22 - 2016-04-09 07:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 11:22 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 11:22 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 11:22 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-11 11:21 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 11:21 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 11:21 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 11:21 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 11:21 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 11:21 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 11:21 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 11:21 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 11:21 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 11:21 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 11:21 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 11:21 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 11:21 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 11:21 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 11:21 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 11:21 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 11:21 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 11:21 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 11:21 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 11:21 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 11:21 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 11:21 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 11:21 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 11:21 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 11:21 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 11:21 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 11:21 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 11:21 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 11:21 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 11:21 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 11:21 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 11:21 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 11:21 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 11:21 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 11:21 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 11:21 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 11:21 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 11:21 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 11:21 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 11:21 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 11:21 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 11:21 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 11:21 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 11:21 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 11:21 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 11:21 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 11:21 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 11:21 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 11:21 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 11:21 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 11:21 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 11:21 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 11:21 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 11:21 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 11:21 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 11:21 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 11:21 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 11:21 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 11:21 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 11:21 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 11:21 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 11:21 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 11:21 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 11:21 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 11:21 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 11:21 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 11:18 - 2016-04-09 09:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 11:18 - 2016-04-09 09:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 11:18 - 2016-04-09 09:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 11:18 - 2016-04-09 09:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 11:18 - 2016-04-09 09:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 11:18 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 11:18 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 11:18 - 2016-04-09 08:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 11:18 - 2016-04-09 08:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 11:18 - 2016-04-09 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 11:18 - 2016-04-09 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 11:18 - 2016-04-09 08:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 11:18 - 2016-04-09 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 11:18 - 2016-04-09 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 11:18 - 2016-04-09 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 11:18 - 2016-04-09 08:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 11:18 - 2016-04-09 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 11:18 - 2016-04-09 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 11:18 - 2016-04-09 08:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 11:18 - 2016-04-09 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 11:18 - 2016-04-09 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 11:18 - 2016-04-09 08:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 11:18 - 2016-04-09 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 07:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 11:18 - 2016-04-09 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 11:18 - 2016-04-09 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 11:18 - 2016-04-09 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 11:18 - 2016-04-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 11:18 - 2016-04-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 11:18 - 2016-04-09 07:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 11:18 - 2016-04-09 07:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 11:18 - 2016-04-09 07:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 11:18 - 2016-04-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 11:18 - 2016-04-09 07:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 11:18 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 11:18 - 2016-04-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 11:18 - 2016-04-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 11:18 - 2016-04-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 11:18 - 2016-04-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 11:18 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 11:18 - 2016-04-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 11:18 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 11:18 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-09 01:16 - 2016-05-11 01:37 - 00000138 _____ C:\Users\Piotrek\Desktop\zg.txt
2016-05-04 16:58 - 2016-05-04 16:58 - 00071936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avguniva.sys

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-05-25 13:53 - 2014-04-02 18:12 - 00000000 ____D C:\Users\Piotrek\AppData\Roaming\Wise Care 365
2016-05-25 13:53 - 2011-07-14 09:51 - 00000000 ____D C:\Users\Piotrek\AppData\Local\TSVNCache
2016-05-25 13:53 - 2009-07-14 06:45 - 00026336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-25 13:53 - 2009-07-14 06:45 - 00026336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-25 13:52 - 2015-11-13 17:02 - 00000000 ____D C:\ProgramData\VMware
2016-05-25 13:52 - 2014-04-02 19:01 - 00000406 _____ C:\Windows\Tasks\Wise Care 365.job
2016-05-25 13:52 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-25 13:50 - 2013-03-14 03:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-05-25 13:50 - 2013-03-14 03:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-05-25 13:46 - 2014-04-04 02:44 - 01651474 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-05-25 13:46 - 2009-07-14 19:55 - 00743410 _____ C:\Windows\system32\perfh015.dat
2016-05-25 13:46 - 2009-07-14 19:55 - 00157478 _____ C:\Windows\system32\perfc015.dat
2016-05-25 13:46 - 2009-07-14 07:13 - 01651474 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-25 13:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-25 13:31 - 2011-10-03 21:22 - 00000000 ____D C:\Users\Piotrek\AppData\Roaming\Skype
2016-05-25 13:31 - 2011-07-18 20:41 - 00000000 ____D C:\Users\Piotrek\AppData\Roaming\uTorrent
2016-05-25 13:31 - 2011-07-17 20:41 - 00000000 ____D C:\Users\Piotrek\AppData\Roaming\TS3Client
2016-05-25 13:31 - 2011-05-31 20:45 - 00000000 ____D C:\Users\Piotrek\AppData\Roaming\Free Download Manager
2016-05-25 13:31 - 2011-04-16 10:58 - 00000000 ____D C:\Users\Piotrek\AppData\Roaming\Media Player Classic
2016-05-25 13:30 - 2012-08-05 23:58 - 00000000 ____D C:\Windows\Minidump
2016-05-25 13:29 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-05-25 00:09 - 2016-03-25 02:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-24 23:58 - 2011-04-05 07:35 - 00000000 ____D C:\Users\Tibco
2016-05-24 23:51 - 2015-01-29 23:19 - 00000000 ____D C:\Users\UpdatusUser
2016-05-24 23:39 - 2016-01-30 16:16 - 00021386 _____ C:\Users\Piotrek\Desktop\csgo.txt
2016-05-24 12:02 - 2011-04-24 19:16 - 00125952 _____ C:\Users\Piotrek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-23 11:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-23 11:11 - 2013-03-19 21:55 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-23 11:11 - 2013-03-19 21:55 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-12 21:15 - 2014-12-10 18:22 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 10:27 - 2009-07-14 06:45 - 00407568 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-12 10:24 - 2009-07-14 20:09 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 19:30 - 2014-04-02 19:02 - 00000386 _____ C:\Windows\Tasks\Wise Turbo Checker.job
2016-05-07 21:33 - 2015-04-18 12:22 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-07 21:33 - 2015-04-18 12:22 - 00000000 ___SD C:\Windows\system32\GWX

==================== Pliki w katalogu głównym wybranych folderów =======

2015-11-13 00:44 - 2015-11-13 15:16 - 0002936 _____ () C:\Users\Piotrek\AppData\Roaming\droid4xinstaller.log
2013-07-09 00:50 - 2013-07-09 00:50 - 0000268 ___RH () C:\Users\Piotrek\AppData\Roaming\Rule Actions
2013-07-09 00:51 - 2013-07-09 00:51 - 0000268 ___RH () C:\Users\Piotrek\AppData\Roaming\Sample Delay
2013-07-09 00:50 - 2013-07-09 00:50 - 0000268 ___RH () C:\Users\Piotrek\AppData\Roaming\Sampler
2013-07-09 00:49 - 2013-07-09 00:49 - 0000268 ___RH () C:\Users\Piotrek\AppData\Roaming\Sound Effects
2011-04-03 12:47 - 2015-12-28 23:29 - 0000600 _____ () C:\Users\Piotrek\AppData\Roaming\winscp.rnd
2016-03-02 13:54 - 2016-04-08 20:32 - 0002002 _____ () C:\Users\Piotrek\AppData\Roaming\wpulog.txt
2011-04-24 19:16 - 2016-05-24 12:02 - 0125952 _____ () C:\Users\Piotrek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-18 04:51 - 2013-11-18 05:11 - 0000600 _____ () C:\Users\Piotrek\AppData\Local\PUTTY.RND
2013-02-01 22:29 - 2016-02-26 03:39 - 0007602 _____ () C:\Users\Piotrek\AppData\Local\Resmon.ResmonCfg
2016-04-08 20:36 - 2016-04-08 20:36 - 0235581 _____ () C:\ProgramData\1460140430.bdinstall.bin
2016-05-25 13:24 - 2016-05-25 13:24 - 0027617 _____ () C:\ProgramData\1464175487.bdinstall.bin
2016-03-16 00:22 - 2016-03-16 00:22 - 0000016 _____ () C:\ProgramData\mntemp
2013-07-09 00:49 - 2013-07-09 00:50 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2013-07-09 00:51 - 2016-03-16 00:02 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2013-07-09 00:50 - 2016-03-16 00:01 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2013-07-09 00:50 - 2016-03-15 21:48 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2016-03-16 00:22 - 2016-03-16 00:22 - 0004107 _____ () C:\ProgramData\rxsmznjf.zcp
2013-07-09 00:50 - 2013-07-09 00:50 - 0000268 ___RH () C:\ProgramData\Sampler Instruments
2013-07-09 00:51 - 2013-07-09 00:51 - 0000268 ___RH () C:\ProgramData\Sci-Fi
2013-07-09 00:50 - 2013-07-09 00:50 - 0000268 ___RH () C:\ProgramData\Screen Saver
2013-07-09 00:49 - 2013-07-09 00:50 - 0000012 ___RH () C:\ProgramData\Spacious
2013-07-09 00:51 - 2013-07-09 00:51 - 0000012 ___RH () C:\ProgramData\Speech Enhancer
2013-07-09 00:50 - 2013-07-09 00:50 - 0000012 ___RH () C:\ProgramData\Standard
2013-07-09 00:49 - 2013-07-09 00:49 - 0000012 ___RH () C:\ProgramData\Textures

Niektóre pliki w TEMP:
====================
C:\Users\Tibco\AppData\Local\Temp\bassmod.dll


==================== Bamital & volsnap =================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo
C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo


LastRegBack: 2016-05-18 01:58

==================== Koniec  FRST.txt ============================

 

 

 

additional:

 

Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja:24-05-2016 01
Uruchomiony przez Piotrek (2016-05-25 13:57:19)
Uruchomiony z F:\
Windows 7 Professional Service Pack 1 (X64) (2011-03-21 14:50:35)
Tryb startu: Normal
==========================================================


==================== Konta użytkowników: =============================

Administrator (S-1-5-21-3553588206-1230100283-3016243462-500 - Administrator - Disabled)
Gość (S-1-5-21-3553588206-1230100283-3016243462-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3553588206-1230100283-3016243462-1004 - Limited - Enabled)
Piotrek (S-1-5-21-3553588206-1230100283-3016243462-1000 - Administrator - Enabled) => C:\Users\Piotrek
Tibco (S-1-5-21-3553588206-1230100283-3016243462-1002 - Limited - Enabled) => C:\Users\Tibco
UpdatusUser (S-1-5-21-3553588206-1230100283-3016243462-1006 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)

AV: AVG Internet Security (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.0.0 - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Advanced Site Crawler 2003 version 4.2 (HKLM-x32\...\Advanced Site Crawler 2003_is1) (Version:  - Innovative Technologies)
Aktualizacje NVIDIA 1.7.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.11 - NVIDIA Corporation)
ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
AVG (HKLM\...\AvgZen) (Version: 1.61.2.12974 - AVG Technologies)
AVG (Version: 16.71.7598 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4568 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.71.7598 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.1.831 - AVG Technologies)
AVG Zen (Version: 1.61.9 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Centrum obsługi urządzeń z systemem Windows Mobile (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUgenie64 (HKLM\...\{C3346F28-3F46-4351-B5BF-1CE4FB155A63}) (Version: 1.5.0 - GreenVantage LLC)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Driver Download Manager (HKU\S-1-5-21-3553588206-1230100283-3016243462-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
EVEREST Ultimate Edition v5.30 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.30 - Lavalys, Inc.)
FMW 1 (Version: 1.82.3 - AVG Technologies) Hidden
Foxit Reader 5.0 (HKLM-x32\...\Foxit Reader_is1) (Version: 5.0.1.0527 - Foxit Corporation)
Galeria fotografii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
HuniePop (HKLM-x32\...\Steam App 339800) (Version:  - HuniePot)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6277.0 - IDT)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java(TM) 6 Update 26 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416026FF}) (Version: 6.0.260 - Oracle)
K-Lite Codec Pack (64-bit) v4.6.0 (HKLM\...\KLiteCodecPack64_is1) (Version: 4.6.0 - )
Malwarebytes Anti-Malware wersja 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Media Player Classic - Home Cinema v1.5.0.2827 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.5.0.2827 - MPC-HC Team)
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
MetaProducts Offline Explorer (HKLM-x32\...\MetaProducts Offline Explorer) (Version:  - )
MetaProducts Offline Explorer Pro (HKLM-x32\...\MetaProducts Offline Explorer Pro) (Version:  - )
Mi PC Suite (HKU\S-1-5-21-3553588206-1230100283-3016243462-1000\...\MiPhoneManager) (Version:  - Xiaomi Inc.)
Microsoft .NET Framework 4.5.2 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movavi Video Editor 11 (HKLM-x32\...\Movavi Video Editor 11) (Version: 11.3.0 - Movavi)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0.2 (x86 pl) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 pl)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.7.0 - Nikon)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.61.39 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Sterownik 3D Vision 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.10 - NVIDIA Corporation)
NVIDIA Sterownik dźwięku HD 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.10 - NVIDIA Corporation)
Panel sterowania NVIDIA 296.10 (Version: 296.10 - NVIDIA Corporation) Hidden
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.12 - Nikon)
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 4.3.01.06011 - Sony Corporation)
PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 9.3.01 - Sony Corporation) Hidden
Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Software Informer 1.0 BETA (HKLM-x32\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Symantec Veritas Cluster Manager (Java Console) (HKLM-x32\...\{4EE9FE7E-34E6-42A1-8EFC-823A0D3427B4}) (Version: 5.0 - VERITAS Software India Pvt. Ltd.)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Teleport Pro (HKLM-x32\...\Teleport Pro) (Version: 1.63 - Tennyson Maxwell Information Systems, Inc.)
TIBCO Rendezvous GAC Assembly Registration (HKLM-x32\...\{99E95521-05E7-4755-8A56-A0E3AF147313}) (Version: 8.3.0 - Tibco)
TIBCO Universal Installer (HKLM-x32\...\tibco_universal_installer-356451616) (Version:  - )
TortoiseSVN 1.6.16.21511 (64 bit) (HKLM\...\{1DD03A94-C815-46EF-A43A-B36694002A7C}) (Version: 1.6.21511 - TortoiseSVN)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.7.6 - Nikon)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VMware Player (Version: 6.0.7 - VMware, Inc.) Hidden
WebCopier Pro (HKLM-x32\...\WebCopier Pro) (Version:  - )
WebRipper 1.33 (HKLM-x32\...\WebRipper) (Version: 1.33 - SamsonSoft)
Windows Driver Package - Microsoft (xusb21) XnaComposite  (08/13/2009 2.1.0.1349) (HKLM\...\0AEBEF6F936CFE16E003F7E141631FAB754D9816) (Version: 08/13/2009 2.1.0.1349 - Microsoft)
WinHTTrack Website Copier 3.44-1 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.44.1 - HTTrack)
WinSCP 4.3.2 (HKLM-x32\...\winscp3_is1) (Version: 4.3.2 - Martin Prikryl)
Wise Care 365 2.96 (HKLM-x32\...\Wise Care 365_is1) (Version: 2.96 - WiseCleaner.com, Inc.)
Wise Program Uninstaller 1.82 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.82 - WiseCleaner.com, Inc.)

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Zaplanowane zadania (filtrowane) =============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {08E56CB5-096E-4144-A0E9-9620B7A17AC8} - System32\Tasks\{7C7EDB5D-F50F-4BA0-90FD-01224DB97145} => pcalua.exe -a C:\Windows\IsUninst.exe -d C:\Windows -c -f"D:\Program Files (x86)\BS II\BSII.isu"
Task: {0EF81A27-D7BB-4479-900C-681BFEBDC73E} - System32\Tasks\Wise Turbo Checker => D:\Program Files (x86)\Wise Care 365\WiseTurbo.exe [2014-01-21] (WiseCleaner.COM)
Task: {169C0FBA-3B87-4C48-9BEF-2A6A3DEE39E7} - System32\Tasks\{E8FA0A06-947C-4540-87D8-F3F4932D187F} => G:\Setup\Setup.exe
Task: {389C0223-FDDD-4008-A5B2-E90D14E21326} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-13] (Piriform Ltd)
Task: {3D27400C-4102-4FE3-A628-40BCE5B0B16F} - System32\Tasks\Wise Care 365 => D:\Program Files (x86)\Wise Care 365\WiseTray.exe [2013-12-09] (WiseCleaner.com)
Task: {3DEBD946-BE41-48C3-A7A7-B4E55FEF4661} - System32\Tasks\{D1A1ABE1-DD76-4775-A3A4-B759968B92B1} => G:\Setup\_ISDel.exe
Task: {780B9073-AC8F-46D6-8334-FAF6BB0344C8} - System32\Tasks\{A2BAD1AE-9CAD-459D-A858-D7CA2A583801} => G:\Setup\_ISDel.exe
Task: {7A47691F-A2C9-4304-8CE8-EF828589BF74} - System32\Tasks\{A3BCDD58-B1AE-47FB-B873-7896DC780D5E} => G:\setup.exe
Task: {8C24A158-3578-423A-AB34-CD0BA59C2E03} - System32\Tasks\{C3B5343B-FE08-46B7-93B5-7A7C2C041F21} => pcalua.exe -a "D:\Sterowniki\Intel® Graphics Media Accelerator Driver\2013\Win7Vista_64_152258.exe" -d "D:\Sterowniki\Intel® Graphics Media Accelerator Driver\2013"
Task: {8E64B64D-DF3D-4CD8-9DF7-2E9AC1C2793A} - System32\Tasks\{125581B8-A3E9-4429-84DE-9D4F3275361D} => G:\Setup\bs.exe
Task: {91BF8080-D580-4D4E-8ADC-F59EF17F2D03} - System32\Tasks\{4C15DE2E-9D4E-4476-B5DC-F94A08886E3A} => G:\setup.exe
Task: {926A1312-45BD-42DC-AA84-C9A0905A0349} - System32\Tasks\{E6706771-4565-4C63-94CE-D2AF8846F91D} => G:\setup.exe
Task: {96BCF127-9B8F-4A8E-8801-E35326345A5E} - System32\Tasks\{0B8DB760-C182-459A-BCA7-0A2ABAE568F5} => G:\Setup\_ISDel.exe
Task: {9C9FFEFA-1E7C-497A-8077-C7A65BC4B1F7} - System32\Tasks\{A4AD956B-5C45-422E-81CE-A0FA8A5AAD6C} => G:\setup.exe
Task: {9CD9784D-2450-41C2-BFBB-18520D938E5D} - System32\Tasks\{CB3E1ADD-4BA9-47EC-B2CE-B52C1CDC0710} => G:\Setup\Setup.exe
Task: {A4ACA942-CC7F-4827-8EDC-1DF61BB2FCEA} - System32\Tasks\{4AFC9932-1031-4D15-BE6A-ED37B8C52BB9} => pcalua.exe -a C:\dell\drivers\R292859\setup.exe -d C:\dell\drivers\R292859
Task: {A648B515-EF79-4C44-A1CB-043BE3E14D62} - System32\Tasks\{AFA79392-B742-4D53-AD03-117278309386} => pcalua.exe -a C:\dell\drivers\R292774\setup.exe -d C:\dell\drivers\R292774
Task: {B344A20D-B9C8-4C93-B7DE-CC23095F7267} - System32\Tasks\{F6AE3325-B884-4096-8C09-4D464F1ECF1C} => G:\setup.exe
Task: {C0214C91-2FC0-4639-866D-6A5D4A92D614} - System32\Tasks\{A9FAB7D9-4B43-4A96-8D23-4944BE9886A4} => G:\setup.exe
Task: {C83ACFBA-E085-4D23-8782-D6D4F344E7A3} - System32\Tasks\{C712FFBC-1F2D-46A1-90D9-C93D415C371B} => pcalua.exe -a "I:\New\GDFll.exe" -d "I:\New"
Task: {D76D907E-B566-4475-BCC4-2A682E1040AA} - System32\Tasks\{39AF2793-C656-47B9-8C15-C9BB97AC1094} => pcalua.exe -a G:\Setup\Setup.exe -d G:\Setup

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

Task: C:\Windows\Tasks\Wise Care 365.job => D:\Program Files (x86)\Wise Care 365\WiseTray.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => D:\Program Files (x86)\Wise Care 365\WiseTurbo.exe

==================== Skróty =============================

(Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.)

==================== Załadowane moduły (filtrowane) ==============

2016-05-25 00:08 - 2016-05-25 00:08 - 00972872 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2016-03-25 18:22 - 2016-03-25 18:22 - 00157624 ____N () C:\Users\Piotrek\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe
2016-01-06 18:41 - 2016-01-06 18:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2016-05-13 18:44 - 2016-05-13 18:44 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1045.dll
2016-05-25 00:08 - 2016-05-25 00:08 - 01941064 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2015-06-24 15:28 - 2015-06-24 15:28 - 01301720 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2016-03-25 18:22 - 2016-03-25 18:22 - 00136632 ____N () C:\Users\Piotrek\AppData\Local\MiPhoneManager\main\MiPlugin4NSIS.dll
2016-03-25 18:22 - 2016-03-25 18:22 - 00065976 ____N () C:\Users\Piotrek\AppData\Local\MiPhoneManager\main\MiFramework.dll
2016-03-25 18:21 - 2016-03-25 18:22 - 00099600 ____N () C:\Users\Piotrek\AppData\Local\MiPhoneManager\main\zlib1.dll
2016-03-25 18:22 - 2016-03-25 18:22 - 00018360 ____N () C:\Users\Piotrek\AppData\Local\MiPhoneManager\main\MiTrace.dll
2016-05-24 23:24 - 2016-05-24 23:23 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-05-23 11:11 - 2016-05-23 11:11 - 19427520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll

==================== Alternate Data Streams (filtrowane) =========

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)

AlternateDataStreams: C:\ProgramData\Temp:16C07ED2 [137]

==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)


==================== Powiązania plików (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)


==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)


==================== Hosts - zawartość: ===============================

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

2009-07-14 04:34 - 2016-04-08 19:37 - 00000002 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKU\S-1-5-21-3553588206-1230100283-3016243462-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Zapora systemu Windows [funkcja włączona]

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

(Obecnie brak automatycznej naprawy dla tej sekcji.)


==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{FE7F758C-7ECF-405A-B146-5714AAFF3B24}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{827E44FC-FCFA-479B-A29F-3ADC8A7D947B}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{26BBC4C5-A8B8-47DD-A038-C1AF7CEA5B64}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3F2DDCA8-037B-4EE1-AC99-D6739BF5887C}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7CA6E744-F42A-43FB-A977-EE0223D497B6}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{10C85288-1C10-40F0-874B-755AB3C0AD33}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1F7A80C0-C50C-4678-9A56-4E6720620B3E}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{353D8D4B-B971-485A-9671-09A8D374846D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6DDE1BF4-34C0-4E9C-B5AD-5197FCCB86C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{057D9FB9-6A98-419C-8B3D-C2B46DF09180}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{2401B490-D61A-4814-B01E-AF6D73981839}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{D461F616-41A4-4148-A488-94099A9989A3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BE62F6E3-8E2C-43DB-B333-F3CA506260D9}] => (Allow) LPort=2869
FirewallRules: [{6CB085BF-C74D-45DF-BC1E-DEF74BC60143}] => (Allow) LPort=1900
FirewallRules: [{10A97827-F983-4C62-BBFC-C387B0B49C2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C947F9D9-6FC8-4499-9BEB-4104E75D8A4B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0830142B-05B8-4959-80FA-4D7781233648}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{5E0B9E8E-77D4-4304-9923-F4C482A51E29}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{614E26BA-7F48-4989-9B95-C6228AC3DE9B}] => (Allow) C:\Users\Piotrek\AppData\Roaming\Andy\Setup.exe
FirewallRules: [{3C7C08C5-8164-4C8B-A1C5-B39A3528FA24}] => (Allow) C:\Users\Piotrek\AppData\Roaming\Andy\Setup.exe
FirewallRules: [{E59CDB9D-0DC6-4E7E-AD4C-8472408E8678}] => (Allow) F:\Gry\SteamLibrary\SteamApps\common\HuniePop\HuniePop.exe
FirewallRules: [{F0DA56E3-4BA3-443C-A36B-3863403521BD}] => (Allow) F:\Gry\SteamLibrary\SteamApps\common\HuniePop\HuniePop.exe
FirewallRules: [{62857683-5BB0-452D-A2B7-12A3E56C44C3}] => (Allow) F:\Gry\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8B36F9FC-F35F-4767-88BE-96CB116D08DA}] => (Allow) F:\Gry\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{071126CD-37C6-481F-AFD9-15512884E3A0}] => (Allow) C:\Users\Piotrek\AppData\Local\MiPhoneManager\main\MiPCSuite.exe
FirewallRules: [{03923B8C-C2E7-4D21-A4A9-1E5AAD075D5C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{9E06C168-673D-4160-B4CA-1617D66AE1D0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{5FDB45EE-88AF-44C7-9C1D-16263C144A45}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{734161E8-48FF-4CEB-BF7C-6BB8DA4DA52C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{F06874E2-F953-4944-9286-21402AEC08A3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{21601547-5A06-49D8-A96A-0BCE4178E253}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{BE86BD2E-D5BA-4A6F-8DBC-5DA8397995E3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{D8A3EC4C-320A-4CAD-86CF-B8BA7B1411C9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

==================== Punkty Przywracania systemu =========================


==================== Wadliwe urządzenia w Menedżerze urządzeń =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Podstawowe urządzenie systemowe
Description: Podstawowe urządzenie systemowe
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Podstawowe urządzenie systemowe
Description: Podstawowe urządzenie systemowe
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Błędy w Dzienniku zdarzeń: =========================

Dziennik Aplikacja:
==================
Error: (05/25/2016 01:53:29 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Nie można zainicjować indeksu.

Szczegóły:
    Wykaz indeksów zawartości jest uszkodzony.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/25/2016 01:53:29 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Nie można zainicjować aplikacji.

Kontekst: aplikacja Windows

Szczegóły:
    Wykaz indeksów zawartości jest uszkodzony.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/25/2016 01:53:29 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Nie można zainicjować obiektu programu zbierającego.

Kontekst: aplikacja Windows, wykaz SystemIndex

Szczegóły:
    Wykaz indeksów zawartości jest uszkodzony.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/25/2016 01:53:29 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Nie można zainicjować dodatku typu plug-in w <Search.TripoliIndexer>.

Kontekst: aplikacja Windows, wykaz SystemIndex

Szczegóły:
    Nie można odnaleźć elementu.  (HRESULT : 0x80070490) (0x80070490)

Error: (05/25/2016 01:53:27 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Nie można zainicjować dodatku typu plug-in w <Search.JetPropStore>.

Kontekst: aplikacja Windows, wykaz SystemIndex

Szczegóły:
    Wykaz indeksów zawartości jest uszkodzony.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/25/2016 01:53:27 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Usługa Windows Search nie może załadować informacji z magazynu właściwości.

Kontekst: aplikacja Windows, wykaz SystemIndex

Szczegóły:
    Baza danych indeksów zawartości jest uszkodzona.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (05/25/2016 01:53:27 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Usługa Windows Search jest zatrzymywana, ponieważ wystąpił problem z indeksatorem: The catalog is corrupt.

Szczegóły:
    Wykaz indeksów zawartości jest uszkodzony.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/25/2016 01:53:27 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Usługa wyszukiwania wykryła uszkodzone pliki danych w indeksie {id=4700}. Usługa podejmie próbę automatycznego rozwiązania tego problemu przez odbudowanie indeksu.

Szczegóły:
    Wykaz indeksów zawartości jest uszkodzony.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/25/2016 01:53:27 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Usługa Windows Search nie może otworzyć magazynu właściwości aparatu Jet.

Szczegóły:
    0x%08x (0xc0041800 - Baza danych indeksów zawartości jest uszkodzona.  (HRESULT : 0xc0041800))

Error: (05/25/2016 01:53:27 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (4756) Windows: Wystąpił błąd -1811 podczas otwierania pliku dziennika C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00B5B.log.


Dziennik System:
=============
Error: (05/25/2016 01:53:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

Error: (05/25/2016 01:53:29 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Usługa Windows Search zakończyła działanie; wystąpił specyficzny dla niej błąd %%-1073473535.

Error: (05/25/2016 01:51:51 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika.

Error: (05/25/2016 01:50:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: ZARZĄDZANIE NT)
Description: Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80070643: Aktualizacja zabezpieczeń dla programu Microsoft Silverlight (KB3126036).

Error: (05/25/2016 01:01:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu:
%%1068

Error: (05/25/2016 01:01:25 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (05/25/2016 01:01:25 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (05/25/2016 01:01:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu:
%%1068

Error: (05/25/2016 01:01:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu:
%%1068

Error: (05/25/2016 01:01:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji w sieci, której nie można uruchomić z powodu następującego błędu:
%%1068


CodeIntegrity:
===================================
  Date: 2015-02-13 03:56:08.508
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-13 03:56:08.358
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-03 14:05:44.063
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Piotrek\Desktop\rmclock_235_bin\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-03 14:05:43.823
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Piotrek\Desktop\rmclock_235_bin\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-03 14:05:42.873
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Piotrek\Desktop\rmclock_235_bin\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-03 14:05:42.623
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Piotrek\Desktop\rmclock_235_bin\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-11 03:16:56.557
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-11 03:16:56.548
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-11 03:14:28.965
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-11 03:14:28.749
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Statystyki pamięci ===========================

Procesor: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz
Procent pamięci w użyciu: 61%
Całkowita pamięć fizyczna: 3894.59 MB
Dostępna pamięć fizyczna: 1482.71 MB
Całkowita pamięć wirtualna: 7435.56 MB
Dostępna pamięć wirtualna: 4813.42 MB

==================== Dyski ================================

Drive c: (System) (Fixed) (Total:60.35 GB) (Free:1.62 GB) NTFS
Drive d: (Programy) (Fixed) (Total:102.54 GB) (Free:0.49 GB) NTFS
Drive e: (Dokumenty) (Fixed) (Total:102.54 GB) (Free:0.23 GB) NTFS
Drive f: (Anime) (Fixed) (Total:200.19 GB) (Free:2.76 GB) NTFS

==================== MBR & Tablica partycji ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=60.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=405.3 GB) - (Type=OF Extended)

==================== Koniec  Addition.txt ============================

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
  • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)



STEP 01
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1 | Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 02
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe



STEP 03
Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following:
MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.