Wątek zamknięty

Proces scvhost.exe pożera dużą część RAMu

 
Wojtek1992
Nowy
Liczba postów: 3
Post: #1

Proces scvhost.exe pożera dużą część RAMu


Witam,

Od paru dni doskwiera mi dość uciążliwy problem, mianowicie proces svchost.exe ma nietypową wartość dochodzącą nawet do 580 000 K (średnio 250 000K) . Zazwyczaj takich procesów z dużą wartością jest dwa. Powoduje to prawie całkowite zamulenia laptopa. W rezultacie z 3GB pamięci RAM pozostaje 200 MB wolnego RAMu. Z tego co sobie przypominam nie instalowałem w tym czasie żadnej nowej aplikacji. Windows legalny. Bardzo proszę o pomoc. Sprawny i szybki laptop potrzebny mi jest na studia Uśmiechnięty

Dodatkowo dziś zrobiłem pełne skanowanie komputera za pomocą Eset Smart Security i nie znalazło żadnej infekcji, już nie wiem co dalej z tym zrobić, dziś proces svchost osiągnął wartość 650 000K. Błagam pomóżcie.

z góry dzięki Zacieszacz

01.03.2015 11:29

Znajdź wszystkie posty użytkownika
Wojtek1992
Nowy
Liczba postów: 3
Post: #2

RE: Proces scvhost.exe pożera dużą część RAMu


Na własną rękę przeprowadziłem skan programem skanowanie Malwarybtes Anti-Malware oraz ADWcleaner i oto wyniki

ADWcleaner

Kod:
# AdwCleaner v4.111 - Logfile created 01/03/2015 at 12: 57: 02
# Updated 18/02/2015 by Xplode
# Database :  2015-02-18.3 [Server]
# Operating system :  Windows 7 Home Premium Service Pack 1 (x64)
# Username :  Wojtek - JAN-KOMPUTER
# Running from :  C: \Users\Wojtek\Desktop\adwcleaner_4.111.exe
# Option :  Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted :  C: \ProgramData\Babylon
Folder Deleted :  C: \ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
Folder Deleted :  C: \Program Files (x86)\SimilarSites
Folder Deleted :  C: \Program Files (x86)\DriverToolkit
Folder Deleted :  C: \Users\Wojtek\AppData\Local\DriverToolkit
Folder Deleted :  C: \Users\Wojtek\AppData\Roaming\Babylon
Folder Deleted :  C: \Users\Wojtek\AppData\Roaming\eIntaller
Folder Deleted :  C: \Users\Wojtek\AppData\Roaming\download Manager
Folder Deleted :  C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\Extensions\WebSiteRecommenda​tion@weliketheweb.com
File Deleted :  C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\invalidprefs.js
File Deleted :  C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted :  HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted :  HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted :  HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted :  HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Deleted :  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted :  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted :  [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted :  [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted :  HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{24E0EC68-31FD-4A47-9793-33B27C4FBEB1}
Key Deleted :  HKCU\Software\APN PIP
Key Deleted :  HKCU\Software\Conduit
Key Deleted :  HKCU\Software\StartSearch
Key Deleted :  HKCU\Software\vShare.tv
Key Deleted :  HKCU\Software\DriverToolkit
Key Deleted :  HKLM\SOFTWARE\Babylon
Key Deleted :  HKLM\SOFTWARE\Conduit
Key Deleted :  HKLM\SOFTWARE\PIP
Key Deleted :  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
Data Deleted :  HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;192.168.*.*

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v36.0 (x86 pl)

[yca9zblz.default\prefs.js] - Line Deleted :  user_pref("extensions.BabylonToolbar.aflt", "babsst");
[yca9zblz.default\prefs.js] - Line Deleted :  user_pref("extensions.BabylonToolbar.dfltLng", "en");
[yca9zblz.default\prefs.js] - Line Deleted :  user_pref("extensions.BabylonToolbar.excTlbr", false);
[yca9zblz.default\prefs.js] - Line Deleted :  user_pref("extensions.BabylonToolbar.id", "f24f50bf0000000000008e55f9aab799");
[yca9zblz.default\prefs.js] - Line Deleted :  user_pref("extensions.BabylonToolbar.instlDay", "15556");
[yca9zblz.default\prefs.js] - Line Deleted :  user_pref("extensions.BabylonToolbar.instlRef", "std");
[yca9zblz.default\prefs.js] - Line Deleted :  user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
[yca9zblz.default\prefs.js] - Line Deleted :  user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
[yca9zblz.default\prefs.js] - Line Deleted :  user_pref("extensions.BabylonToolbar.tlbrId", "base");
[yca9zblz.default\prefs.js] - Line Deleted :  user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp: //www.google.com/search?babsrc=TB_ggl&q=");
[yca9zblz.default\prefs.js] - Line Deleted :  user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");
[yca9zblz.default\prefs.js] - Line Deleted :  user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");
[yca9zblz.default\prefs.js] - Line Deleted :  user_pref("extensions.BabylonToolbar_i.babExt", "");
[yca9zblz.default\prefs.js] - Line Deleted :  user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113543&tt=010812_nich_3112_1");
[yca9zblz.default\prefs.js] - Line Deleted :  user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
[yca9zblz.default\prefs.js] - Line Deleted :  user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
[yca9zblz.default\prefs.js] - Line Deleted :  user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.116: 17: 15");

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [4807 bytes] - [01/03/2015 12: 50: 49]
AdwCleaner[S0].txt - [4756 bytes] - [01/03/2015 12: 57: 02]

########## EOF - C: \AdwCleaner\AdwCleaner[S0].txt - [4815  bytes] ##########



Malwarebytes Anti-Malware

Kod:
Malwarebytes Anti-Malware
www.malwarebytes.org

Data skanu:  2015-03-01
Czas skanu:  11: 38: 52
Raport:  malwar.txt
Administrator:  Tak

Wersja:  2.00.4.1028
Baza danych malware:  v2015.03.01.01
Baza danych rootkitów:  v2015.02.25.01
Licencja:  Trial
Ochrona przeciw malware:  Włączony
Ochrona przeciw szkodliwymi stronami:  Włączony
Samoobrony:  Wyłączony

System operacyjny:  Windows 7 Service Pack 1
Procesor:  x64
System plików:  NTFS
Użytkownik:  Wojtek

Typ skanu:  Skanowanie w poszukiwaniu zagrożeń
Wynik:  Zakończono
Objekty zeskanowane:  405898
Minęło:  34 min, 39 s

Pamięć:  Włączony
Autostart:  Włączony
System plików:  Włączony
Archiwa:  Włączony
Rootkity:  Wyłączony
Heurystyka:  Włączony
PNP:  Włączony
PNM:  Włączony

Procesy:  0
(Nie wykryto groźnych)

Moduły:  0
(Nie wykryto groźnych)

Klucze rejestru:  5
PUP.Optional.BarLchr.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, , [63f2390795f5c2747d43a66ad92a13ed],
PUP.Optional.VShareRedir, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, , [a4b196aaadddd5617d3bd6548f74fc04],
PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\Speedchecker Limited, , [381dda668ffb40f6c36383260af93ec2],
PUP.Optional.Babylon.A, HKLM\SOFTWARE\WOW6432NODE\BabylonToolbar, , [fc5948f899f1ef47cc588180dc29639d],
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-3135873756-1747778033-1847798441-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, , [b5a01c245b2f1026192143c0e1249967],

Wartości rejestru:  0
(Nie wykryto groźnych)

Dane rejestru:  0
(Nie wykryto groźnych)

Foldery:  1
PUP.Optional.SimilarSites.A, C: \Users\Wojtek\AppData\Roaming\SimilarSites, , [163fb38df5951323e3f7e484e71c31cf],

Pliki:  36
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry:  (), Zły:  (user_pref("extensions.BabylonToolbar.admin", false);), ,[e273f54b75151a1ce7579d74df27f709]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry:  (), Zły:  (ferences

/* Do not edit this file.
*
* If you m), ,[89ccfc441872f34344fa30e133d3ec14]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry:  (), Zły:  (rences

/* Do not edit this file.
*
* If you ma), ,[f560053b5535d75f4cf2f31e10f61ce4]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry:  (), Zły:  (erences

/* Do not edit this file.
*
* If you ma), ,[da7b30100189f3439ea090817294de22]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry:  (), Zły:  (rences

/* Do not edit this file.
*
* If you make changes to this file w), ,[d58081bf464456e06cd26da4a85e51af]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry:  (), Zły:  ( this file.
*
* If you make changes to this file whil), ,[0253ec544f3b2115142ac64be521fb05]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry:  (), Zły:  (ces

/* Do not edit this file.
*
* If you make ch), ,[93c2d56be6a43501241aa76a0ef8936d]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry:  (), Zły:  (ences

/* Do not edit this file.
*
* If you make changes ), ,[7cd91828f793b482d86644cde71ff010]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry:  (), Zły:  (
/* Do not edit this file.
*
* If you make changes to ), ,[f560dc64d7b3053197a769a83accc63a]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry:  (), Zły:  (es

/* Do not edit this file.
*
* If you make ch), ,[e2739da32466270f43fbd14013f37c84]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry:  (), Zły:  (rences

/* Do not edit this file.
*
* If you make changes to this file while the application i), ,[b0a5e957eaa05fd73b03d43d0ff707f9]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry:  (), Zły:  ( you make changes to this file while the application is ), ,[c19476ca44463cfad76770a1eb1b8f71]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry:  (), Zły:  (nces

/* Do not edit this file.
*
* If you make cha), ,[fa5b0c34018944f2300e2be6f41254ac]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry:  (), Zły:  (ces

/* Do not edit this file.
*
* If you make), ,[124350f0a9e185b1a39be22fe12506fa]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry:  (), Zły:  (ferences

/* Do not edit this file.
*
* If you make changes to this file while the), ,[94c1152bef9bfa3cfb4346cb10f6847c]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry:  (), Zły:  (.
*
* If you make changes to this file while the appl), ,[86cf8fb190fa8bab83bbad6453b3867a]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry:  (), Zły:  (ces

/* Do not edit this file.
*
* If you make c), ,[460f103008822d09ac924cc57c8a6f91]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry:  (), Zły:  (rences

/* Do not edit this file.
*
* If you make changes to t), ,[064f66da9bef8caa58e66fa2ef17fb05]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry:  (), Zły:  (user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113543&tt=010812_nich_3112_1");), ,[a0b56fd141494ceacf0da56bd23421df]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry:  (), Zły:  (ID=113543&tt=010812_nich_3112_1");
user_pref("exten), ,[c194340c9af003334399f9179076ce32]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry:  (), Zły:  (ons.BabylonToolbar_i.babTrack", "affID=113543&tt=01081), ,[0b4a8bb51d6d6acc6775848c58ae7987]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry:  (), Zły:  (s.BabylonToolbar_i.babTrack", "affID=113543&tt=010812_nich_3112_1");
user_pref("extensions.BabylonT), ,[d283e7595832f93db92341cf749234cc]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry:  (), Zły:  (=010812_nich_3112_1");
user_pref("extensions.BabylonToolbar_i.babExt", "");
), ,[b4a1ba861b6f0b2b29b327e96e9839c7]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry:  (), Zły:  (ack", "affID=113543&tt=010812_nich_3112_1");
user_pref("), ,[d38276cad8b273c3dffd35dbae585da3]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry:  (), Zły:  (abylonToolbar_i.babTrack", "affID=113543&tt=010812_nich_), ,[c09553ed6228db5b11cb3bd514f212ee]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry:  (), Zły:  (BabylonToolbar_i.babTrack", "affID=113543&tt=010812_nich_), ,[86cfc878d5b553e31ac2c14fad5947b9]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry:  (), Zły:  (abylonToolbar_i.babTrack", "affID=113543&tt=010812_nich_3112_1");
u), ,[193cf0509eecc472f5e76fa17d89ea16]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry:  (), Zły:  (ar_i.babTrack", "affID=113543&tt=010812_nich_3112_1");
us), ,[0055c779fc8e989ec517c050be487f81]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry:  (), Zły:  (bylonToolbar_i.babTrack", "affID=113543&tt=010812_nich_3112_1")), ,[5df8e15f543642f4defede320ff7ad53]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry:  (), Zły:  (Toolbar_i.babTrack", "affID=113543&tt=010812_nich_3112), ,[e96cde62afdb94a2c01c3ad6ea1c1fe1]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry:  (), Zły:  (s.BabylonToolbar_i.babTrack", "affID=113543&tt=010812_nic), ,[a5b0cf71573357df2fad15fb23e30ff1]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry:  (), Zły:  (abylonToolbar_i.babTrack", "affID=113543&tt=010812_nic), ,[490c90b067237fb713c95db3d036946c]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry:  (), Zły:  (s.BabylonToolbar_i.babTrack", "affID=113543&tt=010812_n), ,[58fde35d96f49e98b12b0f019670d729]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry:  (), Zły:  (.BabylonToolbar_i.babTrack", "affID=113543&tt=010812_), ,[a9ace25ee1a9c37319c3a56b8e78ab55]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry:  (), Zły:  (ns.BabylonToolbar_i.babTrack", "affID=113543&tt=010812), ,[fb5ad7691674c76f2bb1ce428e78dc24]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry:  (), Zły:  (s.BabylonToolbar_i.babTrack", "affID=113543&tt=01081), ,[411491afe9a13df9f7e59a76986eae52]

Sektory fizyczne:  0
(Nie wykryto groźnych)


(end)
Notatka została dodana 01.03.2015 14:00. Ostatnia edycja dokonana 01.03.2015 14:00 przez beabea:

Zamiast cytatów ujmuj wyniki skanowania w znaczniki "code". Poprawiłam.

01.03.2015 13:10

Znajdź wszystkie posty użytkownika
LadyInBlue
Pani SuperMod

Liczba postów: 19.073
Post: #3

RE: Proces scvhost.exe pożera dużą część RAMu


Masz infekcję Babylon'em. Usuń to co znalazł AdwCleaner i MBAM. Dodatkowo zrób logi FRST'em [po usunięciu tamtego].

Żyj tak, aby twoim znajomym zrobiło się nudno, kiedy umrzesz.
[Obrazek: Lady_In_Blue.gif]
[Obrazek: sygnaasia.png]

Windows ❼ Forum

01.03.2015 13:33

Odwiedź stronę użytkownika Znajdź wszystkie posty użytkownika
Wojtek1992
Nowy
Liczba postów: 3
Post: #4

RE: Proces scvhost.exe pożera dużą część RAMu


Wyczyściłem to co znalazły oba programy ale problem nie ustał w całości. Proces svchost nie osiąga już co prawda wartości 560 000K a około 130 000K. Dalej jednak pamięć RAM jest ciągle zużywana przez jakieś cholerstwo.Smutny. Oto logi z FRSTa

FRST

Kod:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version:  02-03-2015
Ran by Wojtek (administrator) on JAN-KOMPUTER on 03-03-2015 12: 44: 38
Running from C: \Users\Wojtek\Desktop
Loaded Profiles:  Wojtek (Available profiles:  Jan & Wojtek)
Platform:  Windows 7 Home Premium Service Pack 1 (X64) OS Language:  Polski (Polska)
Internet Explorer Version 11 (Default browser:  FF)
Boot Mode:  Normal
Tutorial for Farbar Recovery Scan Tool:  http: //www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Autodesk, Inc.) C: \Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(ESET) C: \Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Malwarebytes Corporation) C: \Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Motorola Mobility LLC) C: \Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C: \Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C: \Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(SEC) C: \Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C: \Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C: \Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Realtek Semiconductor) C: \Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C: \Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C: \Windows\System32\igfxtray.exe
(Intel Corporation) C: \Windows\System32\hkcmd.exe
(Intel Corporation) C: \Windows\System32\igfxpers.exe
(ESET) C: \Program Files\ESET\ESET Smart Security\egui.exe
(Motorola) C: \Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Motorola Mobility LLC) C: \Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Dropbox, Inc.) C: \Users\Wojtek\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C: \Windows\System32\igfxext.exe
(Intel Corporation) C: \Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C: \Program Files\Elantech\ETDCtrlHelper.exe
(Nero AG) C: \Program Files (x86)\Nero\Update\NASvc.exe
(Samsung Electronics Co., Ltd.) C: \Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Google Inc.) C: \Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C: \Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C: \Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C: \Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C: \Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C: \Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C: \Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run:  [RtHDVCpl] => C: \Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run:  [ETDWare] => C: \Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corp.)
HKLM\...\Run:  [egui] => C: \Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
Winlogon\Notify\igfxcui:  C: \Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3135873756-1747778033-1847798441-1003\...\Run:  [] => [X]
HKU\S-1-5-21-3135873756-1747778033-1847798441-1003\...\Policies\system:  [LogonHoursAction] 2
HKU\S-1-5-21-3135873756-1747778033-1847798441-1003\...\Policies\system:  [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3135873756-1747778033-1847798441-1003\...\Policies\Explorer:  []
HKU\S-1-5-21-3135873756-1747778033-1847798441-1003\...\MountPoints2:  {a6742a0f-703d-11e4-9204-e811324a7a5e} - F: \SDPROG_1.0.0.1_beta.exe
HKU\S-1-5-18\...\Run:  [Autodesk Sync] => C: \Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-18\...\RunOnce:  [SPReview] => C: \Windows\System32\SPReview\SPReview.exe [301568 2014-12-17] (Microsoft Corporation)
Startup:  C: \Users\Wojtek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget:  Dropbox.lnk -> C: \Users\Wojtek\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C: \Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers:  [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C: \Users\Wojtek\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C: \Users\Wojtek\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C: \Users\Wojtek\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C: \Users\Wojtek\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C: \ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers:  [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C: \ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers:  [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C: \ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers:  [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C: \ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers-x32:  [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C: \Users\Wojtek\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32:  [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C: \Users\Wojtek\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32:  [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C: \Users\Wojtek\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-3135873756-1747778033-1847798441-1000\User:  Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3135873756-1747778033-1847798441-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https: //www.google.pl/
HKU\S-1-5-21-3135873756-1747778033-1847798441-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http: //samsung.msn.com
HKU\S-1-5-21-3135873756-1747778033-1847798441-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = http: //www.google.com/ie
HKU\S-1-5-21-3135873756-1747778033-1847798441-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http: //www.google.com/ie
SearchScopes:  HKLM-x32 -> {2E86044C-7914-49F6-B40D-99DE7921E8EB} URL = ${SEARCH_URL}{searchTerms}
SearchScopes:  HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes:  HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes:  HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes:  HKU\S-1-5-21-3135873756-1747778033-1847798441-1003 -> DefaultScope {A5738881-ED7E-4D09-942E-CE1BBA201C49} URL = http: //www.google.com/search?hl=pl&q={searchTerms}
SearchScopes:  HKU\S-1-5-21-3135873756-1747778033-1847798441-1003 -> {24E0EC68-31FD-4A47-9793-33B27C4FBEB1} URL =
SearchScopes:  HKU\S-1-5-21-3135873756-1747778033-1847798441-1003 -> {2E86044C-7914-49F6-B40D-99DE7921E8EB} URL =
SearchScopes:  HKU\S-1-5-21-3135873756-1747778033-1847798441-1003 -> {A5738881-ED7E-4D09-942E-CE1BBA201C49} URL = http: //www.google.com/search?hl=pl&q={searchTerms}
BHO:  No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO-x32:  Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D: \Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32:  Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C: \Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32:  No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO-x32:  Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C: \Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF:  HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http: //dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
Handler:  sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Hosts:  There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters:  [DhcpNameServer] 62.179.1.61 62.179.1.63

FireFox:
========
FF ProfilePath:  C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default
FF Plugin:  @adobe.com/FlashPlayer -> C: \Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin:  @microsoft.com/GENUINE -> disabled No File
FF Plugin:  [url=http: //windows7forum.pl/microsoft-33418-u]Microsoft[/url].com/NpCtrl,version=1.0 -> C: \Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32:  @adobe.com/FlashPlayer -> C: \Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32:  @adobe.com/ShockwavePlayer -> C: \Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32:  @Google.com/GoogleEarthPlugin -> C: \Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32:  @google.com/npPicasa3,version=3.0.0 -> C: \Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32:  @java.com/DTPlugin,version=11.31.2 -> C: \Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32:  @java.com/JavaPlugin,version=11.31.2 -> C: \Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32:  @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32:  [url=http: //windows7forum.pl/microsoft-33418-u]Microsoft[/url].com/NpCtrl,version=1.0 -> C: \Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32:  @microsoft.com/WLPG,version=15.4.3502.0922 -> C: \Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32:  [url=http: //windows7forum.pl/nero-64762-u]Nero[/url].com/KM -> C: \PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32:  [url=http: //windows7forum.pl/nokia-75378-u]nokia[/url].com/EnablerPlugin -> C: \Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32:  @tools.google.com/Google Update;version=3 -> C: \Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32:  @tools.google.com/Google Update;version=9 -> C: \Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32:  @videolan.org/vlc,version=2.0.4 -> d: \Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32:  Adobe Reader -> D: \Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3135873756-1747778033-1847798441-1003:  @tools.google.com/Google Update;version=3 -> C: \Users\Wojtek\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3135873756-1747778033-1847798441-1003:  @tools.google.com/Google Update;version=9 -> C: \Users\Wojtek\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata:  C: \Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension:  Auto Shutdown NG - C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\Extensions\jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack.xpi [2012-08-21]
FF Extension:  BBCodeXtra - C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi [2012-06-09]
FF Extension:  Adblock Plus - C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-10]
FF HKLM-x32\...\Thunderbird\Extensions:  [eplgTb@eset.com] - C: \Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension:  ESET Smart Security Extension - C: \Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-02-20]

Chrome:  
=======
CHR HomePage:  Default -> hxxp: //startsear.ch/?aff=67&cf=26817c74-6b23-11e2-b6d0-e811324a7a5e
CHR StartupUrls:  Default -> "https: //www.google.pl/"
CHR Profile:  C: \Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension:  (YouTube) - C: \Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-15]
CHR Extension:  (Google Search) - C: \Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-15]
CHR Extension:  (AdBlock) - C: \Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-12-10]
CHR Extension:  (APK Downloader) - C: \Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdpglblnnaocjhfenhockgamhoogihfi [2012-09-15]
CHR Extension:  (WebSite Recommendation) - C: \Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jopdpbolklklaiookikgmdinfbooiipj [2013-11-20]
CHR Extension:  (Google Wallet) - C: \Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension:  (Gmail) - C: \Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-15]
StartMenuInternet:  Google Chrome - C: \Users\Jan\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Autodesk Content Service; C: \Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
S3 BrYNSvc; C: \Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ekrn; C: \Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 MBAMScheduler; C: \Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C: \Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Microsoft Office Groove Audit Service; D: \Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 Motorola Device Manager; C: \Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
R2 Net Driver HPZ12; C: \Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C: \Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PST Service; C: \Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 SkypeUpdate; D: \Program Files (x86)\Skype\Updater\Updater.exe [315496 2014-12-11] (Skype Technologies)
R2 WinDefend; C: \Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Cam3820; C: \Windows\System32\Drivers\cam3820a.sys [427648 2010-08-02] (CamVendor)
R1 dtsoftbus01; C: \Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-21] (Disc Soft Ltd)
R1 eamonm; C: \Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C: \Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C: \Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C: \Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C: \Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C: \Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R3 MBAMProtector; C: \Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C: \Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C: \Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 PAC207; C: \Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
S3 rtport; C: \Windows\SysWOW64\drivers\rtport.sys [15144 2011-03-31] (Windows (R) 2003 DDK 3790 provider)
R3 yukonw7; C: \Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 WinRing0_1_2_0; \?\C: \Program Files (x86)\BatteryCare\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 12: 44 - 2015-03-03 12: 45 - 00017766 _____ () C: \Users\Wojtek\Desktop\FRST.txt
2015-03-03 12: 44 - 2015-03-03 12: 44 - 00000000 ____D () C: \FRST
2015-03-03 12: 43 - 2015-03-03 12: 44 - 02092544 _____ (Farbar) C: \Users\Wojtek\Desktop\FRST64.exe
2015-03-02 22: 59 - 2015-03-02 23: 00 - 17477856 _____ () C: \Users\Wojtek\Desktop\Desktop.rar
2015-03-01 13: 16 - 2015-03-01 13: 16 - 00985600 _____ () C: \Users\Wojtek\Downloads\MicrosoftFixit50123.msi
2015-03-01 13: 13 - 2014-12-11 18: 47 - 00087040 _____ (Microsoft Corporation) C: \Windows\system32\TSWbPrxy.exe
2015-03-01 12: 50 - 2015-03-01 22: 06 - 00000000 ____D () C: \AdwCleaner
2015-03-01 12: 46 - 2015-03-01 12: 48 - 02126848 _____ () C: \Users\Wojtek\Desktop\adwcleaner_4.111.exe
2015-03-01 12: 35 - 2015-03-01 12: 35 - 00010028 _____ () C: \Users\Wojtek\Desktop\malwar.txt
2015-03-01 11: 40 - 2014-08-29 03: 07 - 03179520 _____ (Microsoft Corporation) C: \Windows\system32\rdpcorets.dll
2015-03-01 11: 40 - 2014-05-08 10: 32 - 00016384 _____ (Microsoft Corporation) C: \Windows\system32\RdpGroupPolicyExtension.dll
2015-03-01 11: 39 - 2014-09-05 03: 11 - 06584320 _____ (Microsoft Corporation) C: \Windows\system32\mstscax.dll
2015-03-01 11: 39 - 2014-09-05 02: 52 - 05703168 _____ (Microsoft Corporation) C: \Windows\SysWOW64\mstscax.dll
2015-03-01 11: 37 - 2015-03-03 12: 05 - 00129752 _____ (Malwarebytes Corporation) C: \Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-01 11: 37 - 2015-03-01 11: 37 - 00001106 _____ () C: \Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-01 11: 37 - 2015-03-01 11: 37 - 00000000 ____D () C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-01 11: 37 - 2015-03-01 11: 37 - 00000000 ____D () C: \ProgramData\Malwarebytes
2015-03-01 11: 37 - 2015-03-01 11: 37 - 00000000 ____D () C: \Program Files (x86)\Malwarebytes Anti-Malware
2015-03-01 11: 37 - 2014-11-21 06: 14 - 00093400 _____ (Malwarebytes Corporation) C: \Windows\system32\Drivers\mbamchameleon.sys
2015-03-01 11: 37 - 2014-11-21 06: 14 - 00063704 _____ (Malwarebytes Corporation) C: \Windows\system32\Drivers\mwac.sys
2015-03-01 11: 37 - 2014-11-21 06: 14 - 00025816 _____ (Malwarebytes Corporation) C: \Windows\system32\Drivers\mbam.sys
2015-03-01 11: 31 - 2015-03-01 11: 36 - 20447072 _____ (Malwarebytes Corporation ) C: \Users\Wojtek\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-28 23: 20 - 2013-10-02 02: 10 - 00044544 _____ (Microsoft Corporation) C: \Windows\system32\TsUsbGDCoInstaller.dll
2015-02-28 23: 19 - 2013-10-02 03: 22 - 00056832 _____ (Microsoft Corporation) C: \Windows\system32\Drivers\TsUsbFlt.sys
2015-02-28 23: 19 - 2013-10-02 03: 11 - 00013824 _____ (Microsoft Corporation) C: \Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-02-28 23: 19 - 2013-10-02 03: 08 - 00012800 _____ (Microsoft Corporation) C: \Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-02-28 23: 19 - 2013-10-02 02: 48 - 00056832 _____ (Microsoft Corporation) C: \Windows\system32\MsRdpWebAccess.dll
2015-02-28 23: 19 - 2013-10-02 02: 48 - 00018944 _____ (Microsoft Corporation) C: \Windows\system32\wksprtPS.dll
2015-02-28 23: 19 - 2013-10-02 02: 29 - 00062976 _____ (Microsoft Corporation) C: \Windows\system32\tsgqec.dll
2015-02-28 23: 19 - 2013-10-02 01: 15 - 01057280 _____ (Microsoft Corporation) C: \Windows\system32\rdvidcrl.dll
2015-02-28 23: 19 - 2013-10-02 01: 14 - 00050176 _____ (Microsoft Corporation) C: \Windows\SysWOW64\MsRdpWebAccess.dll
2015-02-28 23: 19 - 2013-10-02 01: 14 - 00017920 _____ (Microsoft Corporation) C: \Windows\SysWOW64\wksprtPS.dll
2015-02-28 23: 19 - 2013-10-02 01: 01 - 00420864 _____ (Microsoft Corporation) C: \Windows\system32\wksprt.exe
2015-02-28 23: 19 - 2013-10-02 00: 58 - 00053248 _____ (Microsoft Corporation) C: \Windows\SysWOW64\tsgqec.dll
2015-02-28 23: 19 - 2013-10-02 00: 31 - 01147392 _____ (Microsoft Corporation) C: \Windows\system32\mstsc.exe
2015-02-28 23: 19 - 2013-10-02 00: 08 - 00855552 _____ (Microsoft Corporation) C: \Windows\SysWOW64\rdvidcrl.dll
2015-02-28 23: 19 - 2013-10-01 23: 34 - 01068544 _____ (Microsoft Corporation) C: \Windows\SysWOW64\mstsc.exe
2015-02-28 22: 50 - 2012-08-23 15: 13 - 00243200 _____ (Microsoft Corporation) C: \Windows\system32\rdpudd.dll
2015-02-28 22: 50 - 2012-08-23 15: 10 - 00019456 _____ (Microsoft Corporation) C: \Windows\system32\Drivers\rdpvideominiport.sys
2015-02-28 22: 50 - 2012-08-23 12: 12 - 00192000 _____ (Microsoft Corporation) C: \Windows\SysWOW64\rdpendp_winip.dll
2015-02-28 22: 50 - 2012-08-23 11: 51 - 00228864 _____ (Microsoft Corporation) C: \Windows\system32\rdpendp_winip.dll
2015-02-28 21: 36 - 2015-03-01 12: 39 - 00000724 _____ () C: \Windows\PFRO.log
2015-02-28 21: 21 - 2015-02-28 21: 22 - 00000000 ___RD () C: \Users\Jan\Virtual Machines
2015-02-28 21: 21 - 2015-02-28 21: 21 - 00000000 ____D () C: \Users\Jan\AppData\Roaming\Motorola Mobility
2015-02-26 16: 05 - 2015-02-26 16: 05 - 00000000 ____D () C: \ProgramData\Motorola
2015-02-26 16: 04 - 2015-03-03 11: 48 - 00000000 ____D () C: \Temp
2015-02-26 16: 04 - 2015-02-26 16: 04 - 00003488 _____ () C: \Windows\System32\Tasks\Motorola Device Manager Update
2015-02-26 16: 04 - 2015-02-26 16: 04 - 00003296 _____ () C: \Windows\System32\Tasks\Motorola Device Manager Initial Update
2015-02-26 16: 04 - 2015-02-26 16: 04 - 00000000 ____D () C: \Users\Wojtek\AppData\Roaming\Motorola Mobility
2015-02-26 16: 03 - 2015-02-26 16: 04 - 00000000 ____D () C: \Program Files (x86)\Motorola Mobility
2015-02-26 16: 03 - 2015-02-26 16: 03 - 00000000 ____D () C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager
2015-02-26 16: 03 - 2015-02-26 16: 03 - 00000000 ____D () C: \Program Files\Motorola Mobility LLC
2015-02-26 16: 03 - 2015-02-26 16: 03 - 00000000 ____D () C: \Program Files\Common Files\Motorola Shared
2015-02-26 16: 03 - 2015-02-26 16: 03 - 00000000 ____D () C: \Program Files (x86)\Motorola
2015-02-26 16: 02 - 2015-02-26 16: 02 - 00000000 ____D () C: \Users\Wojtek\AppData\Roaming\Motorola
2015-02-26 11: 56 - 2015-02-26 11: 57 - 00000000 ____D () C: \Program Files (x86)\Mozilla Firefox
2015-02-25 20: 02 - 2015-01-09 04: 14 - 00950272 _____ (Microsoft Corporation) C: \Windows\system32\perftrack.dll
2015-02-25 20: 02 - 2015-01-09 04: 14 - 00091136 _____ (Microsoft Corporation) C: \Windows\system32\wdi.dll
2015-02-25 20: 02 - 2015-01-09 04: 14 - 00029696 _____ (Microsoft Corporation) C: \Windows\system32\powertracker.dll
2015-02-25 20: 02 - 2015-01-09 03: 48 - 00076800 _____ (Microsoft Corporation) C: \Windows\SysWOW64\wdi.dll
2015-02-25 15: 30 - 2015-03-03 11: 47 - 00004308 _____ () C: \Windows\setupact.log
2015-02-25 15: 30 - 2015-02-25 15: 30 - 00000000 _____ () C: \Windows\setuperr.log
2015-02-25 12: 14 - 2015-01-09 00: 44 - 00419936 _____ () C: \Windows\SysWOW64\locale.nls
2015-02-25 12: 14 - 2015-01-09 00: 43 - 00419936 _____ () C: \Windows\system32\locale.nls
2015-02-23 15: 31 - 2015-02-23 15: 31 - 00000000 ____D () C: \ProgramData\FARO
2015-02-23 15: 26 - 2015-02-23 15: 26 - 00000000 ____D () C: \Users\Wojtek\Documents\Inventor Server SDK ACAD 2014
2015-02-23 15: 04 - 2010-06-02 04: 55 - 00239960 _____ (Microsoft Corporation) C: \Windows\SysWOW64\xactengine3_7.dll
2015-02-23 15: 04 - 2010-06-02 04: 55 - 00176984 _____ (Microsoft Corporation) C: \Windows\system32\xactengine3_7.dll
2015-02-23 15: 04 - 2010-05-26 11: 41 - 01907552 _____ (Microsoft Corporation) C: \Windows\system32\d3dcsx_43.dll
2015-02-23 15: 04 - 2010-05-26 11: 41 - 01868128 _____ (Microsoft Corporation) C: \Windows\SysWOW64\d3dcsx_43.dll
2015-02-23 14: 48 - 2015-02-23 14: 48 - 00000000 ____D () C: \Users\Wojtek\AppData\Local\Autodesk, Inc
2015-02-11 18: 29 - 2015-01-23 05: 42 - 00814080 _____ (Microsoft Corporation) C: \Windows\system32\jscript9diag.dll
2015-02-11 18: 29 - 2015-01-23 05: 41 - 06041600 _____ (Microsoft Corporation) C: \Windows\system32\jscript9.dll
2015-02-11 18: 29 - 2015-01-23 04: 43 - 00620032 _____ (Microsoft Corporation) C: \Windows\SysWOW64\jscript9diag.dll
2015-02-11 18: 29 - 2015-01-23 04: 17 - 04300800 _____ (Microsoft Corporation) C: \Windows\SysWOW64\jscript9.dll
2015-02-11 08: 22 - 2015-01-15 09: 14 - 00155072 _____ (Microsoft Corporation) C: \Windows\system32\Drivers\ksecpkg.sys
2015-02-11 08: 22 - 2015-01-15 09: 14 - 00095680 _____ (Microsoft Corporation) C: \Windows\system32\Drivers\ksecdd.sys
2015-02-11 08: 22 - 2015-01-15 09: 09 - 01461760 _____ (Microsoft Corporation) C: \Windows\system32\lsasrv.dll
2015-02-11 08: 22 - 2015-01-15 09: 09 - 00136192 _____ (Microsoft Corporation) C: \Windows\system32\sspicli.dll
2015-02-11 08: 22 - 2015-01-15 09: 09 - 00031232 _____ (Microsoft Corporation) C: \Windows\system32\lsass.exe
2015-02-11 08: 22 - 2015-01-15 09: 09 - 00029184 _____ (Microsoft Corporation) C: \Windows\system32\sspisrv.dll
2015-02-11 08: 22 - 2015-01-15 09: 09 - 00028160 _____ (Microsoft Corporation) C: \Windows\system32\secur32.dll
2015-02-11 08: 22 - 2015-01-15 09: 08 - 00064000 _____ (Microsoft Corporation) C: \Windows\system32\auditpol.exe
2015-02-11 08: 22 - 2015-01-15 09: 06 - 00146432 _____ (Microsoft Corporation) C: \Windows\system32\msaudite.dll
2015-02-11 08: 22 - 2015-01-15 09: 06 - 00060416 _____ (Microsoft Corporation) C: \Windows\system32\msobjs.dll
2015-02-11 08: 22 - 2015-01-15 09: 04 - 00686080 _____ (Microsoft Corporation) C: \Windows\system32\adtschema.dll
2015-02-11 08: 22 - 2015-01-15 08: 42 - 00050176 _____ (Microsoft Corporation) C: \Windows\SysWOW64\auditpol.exe
2015-02-11 08: 22 - 2015-01-15 08: 42 - 00022016 _____ (Microsoft Corporation) C: \Windows\SysWOW64\secur32.dll
2015-02-11 08: 22 - 2015-01-15 08: 41 - 00096768 _____ (Microsoft Corporation) C: \Windows\SysWOW64\sspicli.dll
2015-02-11 08: 22 - 2015-01-15 08: 39 - 00146432 _____ (Microsoft Corporation) C: \Windows\SysWOW64\msaudite.dll
2015-02-11 08: 22 - 2015-01-15 08: 39 - 00060416 _____ (Microsoft Corporation) C: \Windows\SysWOW64\msobjs.dll
2015-02-11 08: 22 - 2015-01-15 08: 37 - 00686080 _____ (Microsoft Corporation) C: \Windows\SysWOW64\adtschema.dll
2015-02-11 08: 22 - 2015-01-15 05: 22 - 00458824 _____ (Microsoft Corporation) C: \Windows\system32\Drivers\cng.sys
2015-02-11 08: 22 - 2015-01-14 06: 47 - 00389808 _____ (Microsoft Corporation) C: \Windows\system32\iedkcs32.dll
2015-02-11 08: 22 - 2015-01-14 06: 09 - 00342712 _____ (Microsoft Corporation) C: \Windows\SysWOW64\iedkcs32.dll
2015-02-11 08: 22 - 2015-01-12 04: 09 - 25056256 _____ (Microsoft Corporation) C: \Windows\system32\mshtml.dll
2015-02-11 08: 22 - 2015-01-12 04: 05 - 02724864 _____ (Microsoft Corporation) C: \Windows\system32\mshtml.tlb
2015-02-11 08: 22 - 2015-01-12 04: 05 - 00004096 _____ (Microsoft Corporation) C: \Windows\system32\ieetwcollectorres.dll
2015-02-11 08: 22 - 2015-01-12 03: 49 - 00066560 _____ (Microsoft Corporation) C: \Windows\system32\iesetup.dll
2015-02-11 08: 22 - 2015-01-12 03: 48 - 02885632 _____ (Microsoft Corporation) C: \Windows\system32\iertutil.dll
2015-02-11 08: 22 - 2015-01-12 03: 48 - 00584192 _____ (Microsoft Corporation) C: \Windows\system32\vbscript.dll
2015-02-11 08: 22 - 2015-01-12 03: 48 - 00048640 _____ (Microsoft Corporation) C: \Windows\system32\ieetwproxystub.dll
2015-02-11 08: 22 - 2015-01-12 03: 47 - 00088064 _____ (Microsoft Corporation) C: \Windows\system32\MshtmlDac.dll
2015-02-11 08: 22 - 2015-01-12 03: 40 - 00054784 _____ (Microsoft Corporation) C: \Windows\system32\jsproxy.dll
2015-02-11 08: 22 - 2015-01-12 03: 39 - 00034304 _____ (Microsoft Corporation) C: \Windows\system32\iernonce.dll
2015-02-11 08: 22 - 2015-01-12 03: 36 - 00633856 _____ (Microsoft Corporation) C: \Windows\system32\ieui.dll
2015-02-11 08: 22 - 2015-01-12 03: 34 - 00144384 _____ (Microsoft Corporation) C: \Windows\system32\ieUnatt.exe
2015-02-11 08: 22 - 2015-01-12 03: 34 - 00114688 _____ (Microsoft Corporation) C: \Windows\system32\ieetwcollector.exe
2015-02-11 08: 22 - 2015-01-12 03: 25 - 19740160 _____ (Microsoft Corporation) C: \Windows\SysWOW64\mshtml.dll
2015-02-11 08: 22 - 2015-01-12 03: 25 - 00968704 _____ (Microsoft Corporation) C: \Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 08: 22 - 2015-01-12 03: 21 - 02724864 _____ (Microsoft Corporation) C: \Windows\SysWOW64\mshtml.tlb
2015-02-11 08: 22 - 2015-01-12 03: 21 - 00490496 _____ (Microsoft Corporation) C: \Windows\system32\dxtmsft.dll
2015-02-11 08: 22 - 2015-01-12 03: 13 - 00077824 _____ (Microsoft Corporation) C: \Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 08: 22 - 2015-01-12 03: 08 - 00503296 _____ (Microsoft Corporation) C: \Windows\SysWOW64\vbscript.dll
2015-02-11 08: 22 - 2015-01-12 03: 08 - 00199680 _____ (Microsoft Corporation) C: \Windows\system32\msrating.dll
2015-02-11 08: 22 - 2015-01-12 03: 07 - 00092160 _____ (Microsoft Corporation) C: \Windows\system32\mshtmled.dll
2015-02-11 08: 22 - 2015-01-12 03: 07 - 00062464 _____ (Microsoft Corporation) C: \Windows\SysWOW64\iesetup.dll
2015-02-11 08: 22 - 2015-01-12 03: 07 - 00047616 _____ (Microsoft Corporation) C: \Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 08: 22 - 2015-01-12 03: 05 - 00064000 _____ (Microsoft Corporation) C: \Windows\SysWOW64\MshtmlDac.dll
2015-02-11 08: 22 - 2015-01-12 03: 04 - 00316928 _____ (Microsoft Corporation) C: \Windows\system32\dxtrans.dll
2015-02-11 08: 22 - 2015-01-12 03: 02 - 02277888 _____ (Microsoft Corporation) C: \Windows\SysWOW64\iertutil.dll
2015-02-11 08: 22 - 2015-01-12 03: 00 - 00047104 _____ (Microsoft Corporation) C: \Windows\SysWOW64\jsproxy.dll
2015-02-11 08: 22 - 2015-01-12 02: 59 - 00030720 _____ (Microsoft Corporation) C: \Windows\SysWOW64\iernonce.dll
2015-02-11 08: 22 - 2015-01-12 02: 57 - 00478208 _____ (Microsoft Corporation) C: \Windows\SysWOW64\ieui.dll
2015-02-11 08: 22 - 2015-01-12 02: 55 - 00115712 _____ (Microsoft Corporation) C: \Windows\SysWOW64\ieUnatt.exe
2015-02-11 08: 22 - 2015-01-12 02: 48 - 00801280 _____ (Microsoft Corporation) C: \Windows\system32\msfeeds.dll
2015-02-11 08: 22 - 2015-01-12 02: 48 - 00718848 _____ (Microsoft Corporation) C: \Windows\system32\ie4uinit.exe
2015-02-11 08: 22 - 2015-01-12 02: 46 - 02125824 _____ (Microsoft Corporation) C: \Windows\system32\inetcpl.cpl
2015-02-11 08: 22 - 2015-01-12 02: 46 - 01359360 _____ (Microsoft Corporation) C: \Windows\system32\mshtmlmedia.dll
2015-02-11 08: 22 - 2015-01-12 02: 45 - 00418304 _____ (Microsoft Corporation) C: \Windows\SysWOW64\dxtmsft.dll
2015-02-11 08: 22 - 2015-01-12 02: 43 - 14401024 _____ (Microsoft Corporation) C: \Windows\system32\ieframe.dll
2015-02-11 08: 22 - 2015-01-12 02: 40 - 00060416 _____ (Microsoft Corporation) C: \Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 08: 22 - 2015-01-12 02: 36 - 00168960 _____ (Microsoft Corporation) C: \Windows\SysWOW64\msrating.dll
2015-02-11 08: 22 - 2015-01-12 02: 35 - 00076288 _____ (Microsoft Corporation) C: \Windows\SysWOW64\mshtmled.dll
2015-02-11 08: 22 - 2015-01-12 02: 33 - 00285696 _____ (Microsoft Corporation) C: \Windows\SysWOW64\dxtrans.dll
2015-02-11 08: 22 - 2015-01-12 02: 27 - 02358272 _____ (Microsoft Corporation) C: \Windows\system32\wininet.dll
2015-02-11 08: 22 - 2015-01-12 02: 23 - 02052608 _____ (Microsoft Corporation) C: \Windows\SysWOW64\inetcpl.cpl
2015-02-11 08: 22 - 2015-01-12 02: 23 - 00688640 _____ (Microsoft Corporation) C: \Windows\SysWOW64\msfeeds.dll
2015-02-11 08: 22 - 2015-01-12 02: 22 - 01155072 _____ (Microsoft Corporation) C: \Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 08: 22 - 2015-01-12 02: 14 - 12829184 _____ (Microsoft Corporation) C: \Windows\SysWOW64\ieframe.dll
2015-02-11 08: 22 - 2015-01-12 02: 14 - 01548288 _____ (Microsoft Corporation) C: \Windows\system32\urlmon.dll
2015-02-11 08: 22 - 2015-01-12 02: 02 - 00800768 _____ (Microsoft Corporation) C: \Windows\system32\ieapfltr.dll
2015-02-11 08: 22 - 2015-01-12 02: 00 - 01888256 _____ (Microsoft Corporation) C: \Windows\SysWOW64\wininet.dll
2015-02-11 08: 22 - 2015-01-12 01: 56 - 01307136 _____ (Microsoft Corporation) C: \Windows\SysWOW64\urlmon.dll
2015-02-11 08: 22 - 2015-01-12 01: 55 - 00710144 _____ (Microsoft Corporation) C: \Windows\SysWOW64\ieapfltr.dll
2015-02-11 08: 22 - 2014-12-12 06: 31 - 01480192 _____ (Microsoft Corporation) C: \Windows\system32\crypt32.dll
2015-02-11 08: 22 - 2014-12-12 06: 07 - 01174528 _____ (Microsoft Corporation) C: \Windows\SysWOW64\crypt32.dll
2015-02-11 08: 22 - 2014-07-07 03: 07 - 00229376 _____ (Microsoft Corporation) C: \Windows\system32\wintrust.dll
2015-02-11 08: 22 - 2014-07-07 03: 06 - 00187904 _____ (Microsoft Corporation) C: \Windows\system32\cryptsvc.dll
2015-02-11 08: 22 - 2014-07-07 02: 40 - 00179200 _____ (Microsoft Corporation) C: \Windows\SysWOW64\wintrust.dll
2015-02-11 08: 22 - 2014-07-07 02: 40 - 00143872 _____ (Microsoft Corporation) C: \Windows\SysWOW64\cryptsvc.dll
2015-02-11 08: 21 - 2015-02-04 04: 16 - 00894976 _____ (Microsoft Corporation) C: \Windows\system32\appraiser.dll
2015-02-11 08: 21 - 2015-02-04 04: 16 - 00762368 _____ (Microsoft Corporation) C: \Windows\system32\invagent.dll
2015-02-11 08: 21 - 2015-02-04 04: 16 - 00609280 _____ (Microsoft Corporation) C: \Windows\system32\generaltel.dll
2015-02-11 08: 21 - 2015-02-04 04: 16 - 00414720 _____ (Microsoft Corporation) C: \Windows\system32\devinv.dll
2015-02-11 08: 21 - 2015-02-04 04: 16 - 00227328 _____ (Microsoft Corporation) C: \Windows\system32\aepdu.dll
2015-02-11 08: 21 - 2015-02-04 04: 16 - 00192000 _____ (Microsoft Corporation) C: \Windows\system32\aepic.dll
2015-02-11 08: 21 - 2015-02-04 04: 13 - 01098752 _____ (Microsoft Corporation) C: \Windows\system32\aeinv.dll
2015-02-11 08: 21 - 2015-01-28 00: 36 - 01239720 _____ (Microsoft Corporation) C: \Windows\system32\aitstatic.exe
2015-02-11 08: 21 - 2015-01-13 04: 10 - 01424384 _____ (Microsoft Corporation) C: \Windows\system32\WindowsCodecs.dll
2015-02-11 08: 21 - 2015-01-13 03: 49 - 01230336 _____ (Microsoft Corporation) C: \Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 08: 21 - 2015-01-10 07: 48 - 00728064 _____ (Microsoft Corporation) C: \Windows\system32\kerberos.dll
2015-02-11 08: 21 - 2015-01-10 07: 48 - 00341504 _____ (Microsoft Corporation) C: \Windows\system32\schannel.dll
2015-02-11 08: 21 - 2015-01-10 07: 48 - 00314880 _____ (Microsoft Corporation) C: \Windows\system32\msv1_0.dll
2015-02-11 08: 21 - 2015-01-10 07: 48 - 00309760 _____ (Microsoft Corporation) C: \Windows\system32\ncrypt.dll
2015-02-11 08: 21 - 2015-01-10 07: 48 - 00210944 _____ (Microsoft Corporation) C: \Windows\system32\wdigest.dll
2015-02-11 08: 21 - 2015-01-10 07: 48 - 00086528 _____ (Microsoft Corporation) C: \Windows\system32\TSpkg.dll
2015-02-11 08: 21 - 2015-01-10 07: 48 - 00022016 _____ (Microsoft Corporation) C: \Windows\system32\credssp.dll
2015-02-11 08: 21 - 2015-01-10 07: 27 - 00550912 _____ (Microsoft Corporation) C: \Windows\SysWOW64\kerberos.dll
2015-02-11 08: 21 - 2015-01-10 07: 27 - 00259584 _____ (Microsoft Corporation) C: \Windows\SysWOW64\msv1_0.dll
2015-02-11 08: 21 - 2015-01-10 07: 27 - 00248832 _____ (Microsoft Corporation) C: \Windows\SysWOW64\schannel.dll
2015-02-11 08: 21 - 2015-01-10 07: 27 - 00221184 _____ (Microsoft Corporation) C: \Windows\SysWOW64\ncrypt.dll
2015-02-11 08: 21 - 2015-01-10 07: 27 - 00172032 _____ (Microsoft Corporation) C: \Windows\SysWOW64\wdigest.dll
2015-02-11 08: 21 - 2015-01-10 07: 27 - 00065536 _____ (Microsoft Corporation) C: \Windows\SysWOW64\TSpkg.dll
2015-02-11 08: 21 - 2015-01-10 07: 27 - 00017408 _____ (Microsoft Corporation) C: \Windows\SysWOW64\credssp.dll
2015-02-11 08: 21 - 2014-11-26 04: 53 - 00861696 _____ (Microsoft Corporation) C: \Windows\system32\oleaut32.dll
2015-02-11 08: 21 - 2014-11-26 04: 32 - 00571904 _____ (Microsoft Corporation) C: \Windows\SysWOW64\oleaut32.dll
2015-02-11 08: 05 - 2015-01-14 07: 09 - 05554112 _____ (Microsoft Corporation) C: \Windows\system32\ntoskrnl.exe
2015-02-11 08: 04 - 2015-01-14 07: 05 - 00503808 _____ (Microsoft Corporation) C: \Windows\system32\srcore.dll
2015-02-11 08: 04 - 2015-01-14 07: 05 - 00050176 _____ (Microsoft Corporation) C: \Windows\system32\srclient.dll
2015-02-11 08: 04 - 2015-01-14 07: 04 - 00296960 _____ (Microsoft Corporation) C: \Windows\system32\rstrui.exe
2015-02-11 08: 04 - 2015-01-14 06: 44 - 03972544 _____ (Microsoft Corporation) C: \Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 08: 04 - 2015-01-14 06: 44 - 03917760 _____ (Microsoft Corporation) C: \Windows\SysWOW64\ntoskrnl.exe
2015-02-11 08: 04 - 2015-01-14 06: 41 - 00043008 _____ (Microsoft Corporation) C: \Windows\SysWOW64\srclient.dll
2015-02-11 08: 04 - 2015-01-09 03: 03 - 03201536 _____ (Microsoft Corporation) C: \Windows\system32\win32k.sys
2015-02-11 08: 04 - 2014-12-08 04: 09 - 00406528 _____ (Microsoft Corporation) C: \Windows\system32\scesrv.dll
2015-02-11 08: 04 - 2014-12-08 03: 46 - 00308224 _____ (Microsoft Corporation) C: \Windows\SysWOW64\scesrv.dll
2015-02-04 18: 42 - 2015-03-02 22: 47 - 00001062 _____ () C: \Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1003UA1d040a1fb436042.job
2015-02-04 18: 42 - 2015-03-01 18: 47 - 00001010 _____ () C: \Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1003Core1d040a1fb09647d.job
2015-02-04 18: 42 - 2015-02-04 18: 42 - 00004034 _____ () C: \Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1003UA1d040a1fb436042
2015-02-04 18: 42 - 2015-02-04 18: 42 - 00003638 _____ () C: \Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1003Core1d040a1fb09647d
2015-02-03 11: 33 - 2015-03-03 12: 38 - 00001048 _____ () C: \Windows\Tasks\GoogleUpdateTaskMachineUA1d03f9cea100ac2.job
2015-02-03 11: 33 - 2015-02-03 11: 33 - 00004044 _____ () C: \Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d03f9cea100ac2

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 12: 38 - 2014-06-27 07: 25 - 00001048 _____ () C: \Windows\Tasks\GoogleUpdateTaskMachineUA1cf91d0a052b3da.job
2015-03-03 12: 26 - 2011-06-14 17: 49 - 00001050 _____ () C: \Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1000UA.job
2015-03-03 12: 13 - 2012-06-07 11: 34 - 00000930 _____ () C: \Windows\Tasks\Adobe Flash Player Updater.job
2015-03-03 11: 56 - 2009-07-14 05: 45 - 00020032 ____H () C: \Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-03 11: 56 - 2009-07-14 05: 45 - 00020032 ____H () C: \Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-03 11: 52 - 2012-08-16 15: 06 - 02029183 _____ () C: \Windows\WindowsUpdate.log
2015-03-03 11: 49 - 2012-06-28 12: 50 - 00000000 ____D () C: \Users\Wojtek\AppData\Roaming\Dropbox
2015-03-03 11: 48 - 2014-05-12 11: 28 - 00001044 _____ () C: \Windows\Tasks\GoogleUpdateTaskMachineCore1cf6dccf2258cb3.job
2015-03-03 11: 47 - 2009-07-14 06: 08 - 00000006 ____H () C: \Windows\Tasks\SA.DAT
2015-03-02 23: 10 - 2014-07-14 22: 05 - 00000920 _____ () C: \Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1000UA.job
2015-03-02 23: 10 - 2014-07-14 22: 05 - 00000898 _____ () C: \Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1000Core.job
2015-03-02 22: 48 - 2012-09-15 17: 35 - 00001062 _____ () C: \Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1003UA.job
2015-03-02 10: 26 - 2011-06-14 17: 49 - 00000998 _____ () C: \Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1000Core.job
2015-03-01 22: 06 - 2011-06-14 15: 30 - 01646594 _____ () C: \Windows\SysWOW64\PerfStringBackup.INI
2015-03-01 22: 06 - 2010-11-08 21: 02 - 00742254 _____ () C: \Windows\system32\perfh015.dat
2015-03-01 22: 06 - 2010-11-08 21: 02 - 00156866 _____ () C: \Windows\system32\perfc015.dat
2015-03-01 22: 06 - 2009-07-14 06: 13 - 01646594 _____ () C: \Windows\system32\PerfStringBackup.INI
2015-03-01 18: 47 - 2012-09-15 17: 35 - 00001010 _____ () C: \Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1003Core.job
2015-03-01 18: 16 - 2009-07-14 04: 20 - 00000000 ____D () C: \Windows\rescache
2015-03-01 11: 13 - 2009-07-14 04: 20 - 00000000 ___RD () C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-01 11: 12 - 2009-07-14 05: 45 - 00493544 _____ () C: \Windows\system32\FNTCACHE.DAT
2015-03-01 00: 36 - 2009-07-14 04: 20 - 00000000 ____D () C: \Windows\PolicyDefinitions
2015-03-01 00: 25 - 2014-07-11 20: 23 - 00000000 ____D () C: \Users\Wojtek\AppData\Roaming\Skype
2015-02-28 23: 16 - 2012-06-10 13: 13 - 00142112 _____ () C: \Users\Wojtek\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-28 23: 09 - 2013-03-21 12: 11 - 00000000 ____D () C: \Users\Wojtek\AppData\Roaming\TeamViewer
2015-02-28 21: 35 - 2014-11-11 20: 30 - 00002127 _____ () C: \ProgramData\hpzinstall.log
2015-02-28 21: 35 - 2012-12-11 22: 05 - 00000000 ____D () C: \Windows\pss
2015-02-28 21: 22 - 2009-07-14 06: 09 - 00000000 ____D () C: \Windows\System32\Tasks\WPD
2015-02-28 21: 21 - 2012-11-13 10: 41 - 00001244 __RSH () C: \Users\Jan\ntuser.pol
2015-02-28 21: 21 - 2011-06-14 14: 18 - 00001425 _____ () C: \Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-28 21: 21 - 2011-06-14 14: 02 - 00000000 ____D () C: \Users\Jan
2015-02-27 10: 00 - 2012-06-08 20: 54 - 00000000 ____D () C: \Program Files (x86)\Mozilla Maintenance Service
2015-02-26 16: 15 - 2012-06-28 12: 44 - 00000000 ____D () C: \Users\Wojtek\AppData\Roaming\vlc
2015-02-26 16: 04 - 2012-06-09 20: 43 - 00000000 ____D () C: \Users\Wojtek\AppData\Local\VirtualStore
2015-02-26 16: 02 - 2010-11-08 03: 24 - 00000000 ___HD () C: \Program Files (x86)\InstallShield Installation Information
2015-02-26 09: 14 - 2009-07-14 04: 20 - 00000000 ____D () C: \Windows\tracing
2015-02-25 21: 13 - 2013-03-08 13: 39 - 00000000 ____D () C: \Users\Wojtek\AppData\Local\cache
2015-02-24 09: 14 - 2009-07-14 06: 08 - 00032604 _____ () C: \Windows\Tasks\SCHEDLGU.TXT
2015-02-23 15: 31 - 2013-03-08 13: 23 - 00000000 ____D () C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-02-23 15: 31 - 2013-03-08 13: 07 - 00000000 ____D () C: \ProgramData\Autodesk
2015-02-23 15: 26 - 2013-03-08 13: 23 - 00000000 ____D () C: \Program Files\Common Files\Autodesk Shared
2015-02-23 15: 23 - 2013-03-08 13: 26 - 00000000 ____D () C: \Users\Wojtek\AppData\Local\Autodesk
2015-02-23 15: 20 - 2013-03-08 17: 22 - 00000000 ____D () C: \Users\Public\Documents\Autodesk
2015-02-23 15: 20 - 2013-03-08 13: 07 - 00000000 ____D () C: \Users\Wojtek\AppData\Roaming\Autodesk
2015-02-23 15: 03 - 2013-03-08 13: 23 - 00000000 ____D () C: \Program Files\Autodesk
2015-02-23 15: 00 - 2013-03-08 12: 56 - 00000000 ____D () C: \Autodesk
2015-02-13 09: 22 - 2012-06-28 12: 50 - 00000000 ____D () C: \Users\Wojtek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-11 18: 25 - 2013-02-10 21: 52 - 00007597 _____ () C: \Users\Wojtek\AppData\Local\Resmon.ResmonCfg
2015-02-11 17: 59 - 2014-12-11 07: 40 - 00000000 ____D () C: \Windows\system32\appraiser
2015-02-11 17: 59 - 2014-07-11 14: 36 - 00000000 ___SD () C: \Windows\system32\CompatTel
2015-02-11 10: 06 - 2013-05-15 13: 53 - 00000000 ____D () C: \ProgramData\Package Cache
2015-02-11 10: 04 - 2011-06-14 17: 10 - 00000000 ____D () C: \ProgramData\Microsoft Help
2015-02-11 08: 30 - 2013-08-19 20: 49 - 00000000 ____D () C: \Windows\system32\MRT
2015-02-11 08: 13 - 2011-06-14 15: 16 - 116773704 _____ (Microsoft Corporation) C: \Windows\system32\MRT.exe
2015-02-07 18: 47 - 2014-11-21 10: 25 - 00000000 ____D () C: \Users\Wojtek\AppData\Roaming\DAEMON Tools Lite
2015-02-07 18: 46 - 2009-08-02 03: 27 - 00000000 ____D () C: \Windows\Panther
2015-02-05 16: 13 - 2012-06-07 11: 34 - 00003868 _____ () C: \Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 15: 13 - 2012-06-07 11: 34 - 00701616 _____ (Adobe Systems Incorporated) C: \Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 15: 13 - 2011-06-14 17: 49 - 00071344 _____ (Adobe Systems Incorporated) C: \Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 18: 42 - 2012-09-15 17: 35 - 00004034 _____ () C: \Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1003UA
2015-02-04 18: 42 - 2012-09-15 17: 35 - 00003638 _____ () C: \Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1003Core
2015-02-03 11: 33 - 2014-06-27 07: 25 - 00004044 _____ () C: \Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf91d0a052b3da
2015-02-03 11: 33 - 2014-05-12 11: 28 - 00003792 _____ () C: \Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf6dccf2258cb3

==================== Files in the root of some directories =======

2013-11-15 17: 54 - 2013-11-15 17: 54 - 0003584 _____ () C: \Users\Wojtek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-10 21: 52 - 2015-02-11 18: 25 - 0007597 _____ () C: \Users\Wojtek\AppData\Local\Resmon.ResmonCfg
2011-06-14 14: 05 - 2010-01-16 06: 18 - 0131368 _____ () C: \ProgramData\FullRemove.exe
2014-11-11 20: 30 - 2015-02-28 21: 35 - 0002127 _____ () C: \ProgramData\hpzinstall.log
2013-03-08 13: 27 - 2013-03-08 13: 27 - 0000153 _____ () C: \ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some content of TEMP:
====================
C: \Users\Jan\AppData\Local\Temp\chutil.dll
C: \Users\Jan\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C: \Users\Jan\AppData\Local\Temp\sqlite3.dll
C: \Users\Jan\AppData\Local\Temp\{72A0A3C3-6580-4268-B330-2828B767FAAF}-26.0.1410.64_chrome_installer.exe
C: \Users\Jan\AppData\Local\Temp\{DB50B31E-AE11-4CF8-8D67-B02D5EDFE504}-GoogleUpdateSetup.exe
C: \Users\Wojtek\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmp9ejg.dll
C: \Users\Wojtek\AppData\Local\Temp\Quarantine.exe
C: \Users\Wojtek\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C: \Windows\System32\winlogon.exe => File is digitally signed
C: \Windows\System32\wininit.exe => File is digitally signed
C: \Windows\SysWOW64\wininit.exe => File is digitally signed
C: \Windows\explorer.exe => File is digitally signed
C: \Windows\SysWOW64\explorer.exe => File is digitally signed
C: \Windows\System32\svchost.exe => File is digitally signed
C: \Windows\SysWOW64\svchost.exe => File is digitally signed
C: \Windows\System32\services.exe => File is digitally signed
C: \Windows\System32\User32.dll => File is digitally signed
C: \Windows\SysWOW64\User32.dll => File is digitally signed
C: \Windows\System32\userinit.exe => File is digitally signed
C: \Windows\SysWOW64\userinit.exe => File is digitally signed
C: \Windows\System32\rpcss.dll => File is digitally signed
C: \Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack:  2015-02-23 11: 05

==================== End Of Log ============================


Co dalej mogę zrobić żeby zmniejszyć (przywrócić do poprzedniego) zużycie pamięci RAM?
Notatka została dodana 03.03.2015 13:01. Ostatnia edycja dokonana 03.03.2015 13:01 przez irocket:

Zamiast znaczników quote używaj znaczników code. Zmniejsza to objętość posta i wątku. Jedno upomnienie już miałeś, teraz leci ostrzeżenie.

(Ten post był ostatnio modyfikowany: 03.03.2015 12:56 przez Wojtek1992.)

03.03.2015 12:52

Znajdź wszystkie posty użytkownika
thermalfake
Ostatni Mohikanin

Liczba postów: 13.580
Post: #5

RE: Proces scvhost.exe pożera dużą część RAMu


W przypadku pracy z laptopem o ile masz preintalowany fabrycznie system pierwszym krokiem jest wyczyszczenie zbędnych elementów oprogramowania bloatware jakie daje producent.
Posłużyć się można już wielokrotnie wspominanym PC Decrapifier.
Kolejną rzeczą mogło by być zoptymalizowanie usług w systemie. Bardzo ładnie jest to opisane na poniższej stronie
http://traxter-online.net/optymalizacja-...e-windows/
Masz tam także gotową konfigurację dla konkretnych wersji systemów z opcją safe - na wszelki wypadek przed zaaplikowaniem zmian do rejestru wykonaj punkt przywracania.
http://traxter-online.net/wp-content/upl...dows-7.zip
Do dalszej optymalizacji pamięci każdy prawdziwy fachowiec użyje porządnego managera procesów - jest nim np Process Explorer. W momencie dużego obciążenia zasobami uruchom go i przesortuj kolumnę Private bytes malejąco. To dużo powie na co pożytkowana jest pamięć i ewentualnie podpowie gdzie dalej uderzać aby zminimalizować ten stan.
Jeśli chodzi i svchost jest to proces agregujący różne usługi systemowe. System sam zarządza ile instancji svchost ma działać w określonym czasie. Poprzez Process Explorer we właściwościach każdego takiego svchost możesz sprawdzić na zakładce usługi co się pod tym kryje i ewentualnie do testów kolejno je wyłączać. Można także rozczłonkować te usługi skryptem w cmd albo aplikacją http://sourceforge.net/p/svcdisclsr/wiki/Home/ ponieważ mają status współdzielonych a następnie sprawdzić które z nich pożerają najwięcej zasobów w PE.

[Obrazek: 2089620800_1406976151.png]

W zamian za pomoc oczekuję poprawnej pisowni. Stop niechlujstwu.
Jak mądrze zadawać pytania? - przejrzyj poradnik na forum.
Nie udzielam porad via PW.
(Ten post był ostatnio modyfikowany: 03.03.2015 22:38 przez thermalfake.)

03.03.2015 22:37

Znajdź wszystkie posty użytkownika
Wątek zamknięty

Podobne wątki
Wątek: Autor Odpowiedzi: Wyświetleń: Ostatni post
Bardzo duże zużycie ramu/ svchost bungar 0 2.111 04.03.2018 18:54
Ostatni post: bungar
Duża negatywna zmiana w Windows 7, dlaczego ? Je7n7ny 1 1.445 10.03.2017 18:22
Ostatni post: dz1kus
Windows media player 12 jak wyłączyć proces wmpnscfg.exe zpfd 4 2.424 01.02.2017 22:18
Ostatni post: zpfd
Włączony proces svchost i podniesione użycie CPU matix33 2 2.330 11.11.2016 15:42
Ostatni post: matix33
Duża ilość zajętego miejsca na dysku. exceed 4 2.716 16.06.2016 11:02
Ostatni post: exceed
Bardzo wysokie zuzycie ramu i cpu Fiksar 3 3.254 02.02.2016 00:38
Ostatni post: thermalfake
« Starszy wątek | Nowszy wątek »

Temat został oceniony na 0 w skali 1-5 gwiazdek.
Zebrano 1 głosów.