Wojtek1992
Nowy
Liczba postów: 3
|
RE: Proces scvhost.exe pożera dużą część RAMu
Na własną rękę przeprowadziłem skan programem skanowanie Malwarybtes Anti-Malware oraz ADWcleaner i oto wyniki
ADWcleaner
Kod:
# AdwCleaner v4.111 - Logfile created 01/03/2015 at 12: 57: 02
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Wojtek - JAN-KOMPUTER
# Running from : C: \Users\Wojtek\Desktop\adwcleaner_4.111.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C: \ProgramData\Babylon
Folder Deleted : C: \ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
Folder Deleted : C: \Program Files (x86)\SimilarSites
Folder Deleted : C: \Program Files (x86)\DriverToolkit
Folder Deleted : C: \Users\Wojtek\AppData\Local\DriverToolkit
Folder Deleted : C: \Users\Wojtek\AppData\Roaming\Babylon
Folder Deleted : C: \Users\Wojtek\AppData\Roaming\eIntaller
Folder Deleted : C: \Users\Wojtek\AppData\Roaming\download Manager
Folder Deleted : C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\Extensions\WebSiteRecommendation@weliketheweb.com
File Deleted : C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\invalidprefs.js
File Deleted : C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{24E0EC68-31FD-4A47-9793-33B27C4FBEB1}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\vShare.tv
Key Deleted : HKCU\Software\DriverToolkit
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;192.168.*.*
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Mozilla Firefox v36.0 (x86 pl)
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.id", "f24f50bf0000000000008e55f9aab799");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15556");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "std");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp: //www.google.com/search?babsrc=TB_ggl&q=");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113543&tt=010812_nich_3112_1");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
[yca9zblz.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.116: 17: 15");
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [4807 bytes] - [01/03/2015 12: 50: 49]
AdwCleaner[S0].txt - [4756 bytes] - [01/03/2015 12: 57: 02]
########## EOF - C: \AdwCleaner\AdwCleaner[S0].txt - [4815 bytes] ##########
Malwarebytes Anti-Malware
Kod:
Malwarebytes Anti-Malware
www.malwarebytes.org
Data skanu: 2015-03-01
Czas skanu: 11: 38: 52
Raport: malwar.txt
Administrator: Tak
Wersja: 2.00.4.1028
Baza danych malware: v2015.03.01.01
Baza danych rootkitów: v2015.02.25.01
Licencja: Trial
Ochrona przeciw malware: Włączony
Ochrona przeciw szkodliwymi stronami: Włączony
Samoobrony: Wyłączony
System operacyjny: Windows 7 Service Pack 1
Procesor: x64
System plików: NTFS
Użytkownik: Wojtek
Typ skanu: Skanowanie w poszukiwaniu zagrożeń
Wynik: Zakończono
Objekty zeskanowane: 405898
Minęło: 34 min, 39 s
Pamięć: Włączony
Autostart: Włączony
System plików: Włączony
Archiwa: Włączony
Rootkity: Wyłączony
Heurystyka: Włączony
PNP: Włączony
PNM: Włączony
Procesy: 0
(Nie wykryto groźnych)
Moduły: 0
(Nie wykryto groźnych)
Klucze rejestru: 5
PUP.Optional.BarLchr.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, , [63f2390795f5c2747d43a66ad92a13ed],
PUP.Optional.VShareRedir, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, , [a4b196aaadddd5617d3bd6548f74fc04],
PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\Speedchecker Limited, , [381dda668ffb40f6c36383260af93ec2],
PUP.Optional.Babylon.A, HKLM\SOFTWARE\WOW6432NODE\BabylonToolbar, , [fc5948f899f1ef47cc588180dc29639d],
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-3135873756-1747778033-1847798441-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, , [b5a01c245b2f1026192143c0e1249967],
Wartości rejestru: 0
(Nie wykryto groźnych)
Dane rejestru: 0
(Nie wykryto groźnych)
Foldery: 1
PUP.Optional.SimilarSites.A, C: \Users\Wojtek\AppData\Roaming\SimilarSites, , [163fb38df5951323e3f7e484e71c31cf],
Pliki: 36
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (user_pref("extensions.BabylonToolbar.admin", false);), ,[e273f54b75151a1ce7579d74df27f709]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (ferences
/* Do not edit this file.
*
* If you m), ,[89ccfc441872f34344fa30e133d3ec14]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (rences
/* Do not edit this file.
*
* If you ma), ,[f560053b5535d75f4cf2f31e10f61ce4]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (erences
/* Do not edit this file.
*
* If you ma), ,[da7b30100189f3439ea090817294de22]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (rences
/* Do not edit this file.
*
* If you make changes to this file w), ,[d58081bf464456e06cd26da4a85e51af]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: ( this file.
*
* If you make changes to this file whil), ,[0253ec544f3b2115142ac64be521fb05]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (ces
/* Do not edit this file.
*
* If you make ch), ,[93c2d56be6a43501241aa76a0ef8936d]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (ences
/* Do not edit this file.
*
* If you make changes ), ,[7cd91828f793b482d86644cde71ff010]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (
/* Do not edit this file.
*
* If you make changes to ), ,[f560dc64d7b3053197a769a83accc63a]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (es
/* Do not edit this file.
*
* If you make ch), ,[e2739da32466270f43fbd14013f37c84]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (rences
/* Do not edit this file.
*
* If you make changes to this file while the application i), ,[b0a5e957eaa05fd73b03d43d0ff707f9]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: ( you make changes to this file while the application is ), ,[c19476ca44463cfad76770a1eb1b8f71]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (nces
/* Do not edit this file.
*
* If you make cha), ,[fa5b0c34018944f2300e2be6f41254ac]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (ces
/* Do not edit this file.
*
* If you make), ,[124350f0a9e185b1a39be22fe12506fa]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (ferences
/* Do not edit this file.
*
* If you make changes to this file while the), ,[94c1152bef9bfa3cfb4346cb10f6847c]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (.
*
* If you make changes to this file while the appl), ,[86cf8fb190fa8bab83bbad6453b3867a]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (ces
/* Do not edit this file.
*
* If you make c), ,[460f103008822d09ac924cc57c8a6f91]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\prefs.js, Dobry: (), Zły: (rences
/* Do not edit this file.
*
* If you make changes to t), ,[064f66da9bef8caa58e66fa2ef17fb05]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113543&tt=010812_nich_3112_1");), ,[a0b56fd141494ceacf0da56bd23421df]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (ID=113543&tt=010812_nich_3112_1");
user_pref("exten), ,[c194340c9af003334399f9179076ce32]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (ons.BabylonToolbar_i.babTrack", "affID=113543&tt=01081), ,[0b4a8bb51d6d6acc6775848c58ae7987]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (s.BabylonToolbar_i.babTrack", "affID=113543&tt=010812_nich_3112_1");
user_pref("extensions.BabylonT), ,[d283e7595832f93db92341cf749234cc]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (=010812_nich_3112_1");
user_pref("extensions.BabylonToolbar_i.babExt", "");
), ,[b4a1ba861b6f0b2b29b327e96e9839c7]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (ack", "affID=113543&tt=010812_nich_3112_1");
user_pref("), ,[d38276cad8b273c3dffd35dbae585da3]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (abylonToolbar_i.babTrack", "affID=113543&tt=010812_nich_), ,[c09553ed6228db5b11cb3bd514f212ee]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (BabylonToolbar_i.babTrack", "affID=113543&tt=010812_nich_), ,[86cfc878d5b553e31ac2c14fad5947b9]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (abylonToolbar_i.babTrack", "affID=113543&tt=010812_nich_3112_1");
u), ,[193cf0509eecc472f5e76fa17d89ea16]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (ar_i.babTrack", "affID=113543&tt=010812_nich_3112_1");
us), ,[0055c779fc8e989ec517c050be487f81]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (bylonToolbar_i.babTrack", "affID=113543&tt=010812_nich_3112_1")), ,[5df8e15f543642f4defede320ff7ad53]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (Toolbar_i.babTrack", "affID=113543&tt=010812_nich_3112), ,[e96cde62afdb94a2c01c3ad6ea1c1fe1]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (s.BabylonToolbar_i.babTrack", "affID=113543&tt=010812_nic), ,[a5b0cf71573357df2fad15fb23e30ff1]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (abylonToolbar_i.babTrack", "affID=113543&tt=010812_nic), ,[490c90b067237fb713c95db3d036946c]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (s.BabylonToolbar_i.babTrack", "affID=113543&tt=010812_n), ,[58fde35d96f49e98b12b0f019670d729]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (.BabylonToolbar_i.babTrack", "affID=113543&tt=010812_), ,[a9ace25ee1a9c37319c3a56b8e78ab55]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (ns.BabylonToolbar_i.babTrack", "affID=113543&tt=010812), ,[fb5ad7691674c76f2bb1ce428e78dc24]
PUP.Optional.Babylon.A, C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\user.js, Dobry: (), Zły: (s.BabylonToolbar_i.babTrack", "affID=113543&tt=01081), ,[411491afe9a13df9f7e59a76986eae52]
Sektory fizyczne: 0
(Nie wykryto groźnych)
(end)
Notatka została dodana 01.03.2015 14:00 . Ostatnia edycja dokonana 01.03.2015 14:00 przez beabea:
Zamiast cytatów ujmuj wyniki skanowania w znaczniki "code". Poprawiłam.
|
Wojtek1992
Nowy
Liczba postów: 3
|
RE: Proces scvhost.exe pożera dużą część RAMu
Wyczyściłem to co znalazły oba programy ale problem nie ustał w całości. Proces svchost nie osiąga już co prawda wartości 560 000K a około 130 000K. Dalej jednak pamięć RAM jest ciągle zużywana przez jakieś cholerstwo.  . Oto logi z FRSTa
FRST
Kod:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by Wojtek (administrator) on JAN-KOMPUTER on 03-03-2015 12: 44: 38
Running from C: \Users\Wojtek\Desktop
Loaded Profiles: Wojtek (Available profiles: Jan & Wojtek)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http: //www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Autodesk, Inc.) C: \Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(ESET) C: \Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Malwarebytes Corporation) C: \Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Motorola Mobility LLC) C: \Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C: \Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C: \Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(SEC) C: \Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C: \Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C: \Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Realtek Semiconductor) C: \Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C: \Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C: \Windows\System32\igfxtray.exe
(Intel Corporation) C: \Windows\System32\hkcmd.exe
(Intel Corporation) C: \Windows\System32\igfxpers.exe
(ESET) C: \Program Files\ESET\ESET Smart Security\egui.exe
(Motorola) C: \Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Motorola Mobility LLC) C: \Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Dropbox, Inc.) C: \Users\Wojtek\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C: \Windows\System32\igfxext.exe
(Intel Corporation) C: \Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C: \Program Files\Elantech\ETDCtrlHelper.exe
(Nero AG) C: \Program Files (x86)\Nero\Update\NASvc.exe
(Samsung Electronics Co., Ltd.) C: \Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Google Inc.) C: \Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C: \Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C: \Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C: \Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C: \Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C: \Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C: \Users\Wojtek\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C: \Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C: \Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [egui] => C: \Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
Winlogon\Notify\igfxcui: C: \Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3135873756-1747778033-1847798441-1003\...\Run: [] => [X]
HKU\S-1-5-21-3135873756-1747778033-1847798441-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3135873756-1747778033-1847798441-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3135873756-1747778033-1847798441-1003\...\Policies\Explorer: []
HKU\S-1-5-21-3135873756-1747778033-1847798441-1003\...\MountPoints2: {a6742a0f-703d-11e4-9204-e811324a7a5e} - F: \SDPROG_1.0.0.1_beta.exe
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C: \Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C: \Windows\System32\SPReview\SPReview.exe [301568 2014-12-17] (Microsoft Corporation)
Startup: C: \Users\Wojtek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C: \Users\Wojtek\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C: \Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C: \Users\Wojtek\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C: \Users\Wojtek\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C: \Users\Wojtek\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C: \Users\Wojtek\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C: \ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C: \ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C: \ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C: \ProgramData\GG\ggdrive\ggdrive-overlay.dll (GG Network S.A.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C: \Users\Wojtek\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C: \Users\Wojtek\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C: \Users\Wojtek\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-3135873756-1747778033-1847798441-1000\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3135873756-1747778033-1847798441-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https: //www.google.pl/
HKU\S-1-5-21-3135873756-1747778033-1847798441-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http: //samsung.msn.com
HKU\S-1-5-21-3135873756-1747778033-1847798441-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = http: //www.google.com/ie
HKU\S-1-5-21-3135873756-1747778033-1847798441-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http: //www.google.com/ie
SearchScopes: HKLM-x32 -> {2E86044C-7914-49F6-B40D-99DE7921E8EB} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3135873756-1747778033-1847798441-1003 -> DefaultScope {A5738881-ED7E-4D09-942E-CE1BBA201C49} URL = http: //www.google.com/search?hl=pl&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3135873756-1747778033-1847798441-1003 -> {24E0EC68-31FD-4A47-9793-33B27C4FBEB1} URL =
SearchScopes: HKU\S-1-5-21-3135873756-1747778033-1847798441-1003 -> {2E86044C-7914-49F6-B40D-99DE7921E8EB} URL =
SearchScopes: HKU\S-1-5-21-3135873756-1747778033-1847798441-1003 -> {A5738881-ED7E-4D09-942E-CE1BBA201C49} URL = http: //www.google.com/search?hl=pl&q={searchTerms}
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D: \Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C: \Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C: \Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http: //dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 62.179.1.61 62.179.1.63
FireFox:
========
FF ProfilePath: C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default
FF Plugin: @adobe.com/FlashPlayer -> C: \Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: [url=http: //windows7forum.pl/microsoft-33418-u]Microsoft[/url].com/NpCtrl,version=1.0 -> C: \Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C: \Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C: \Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C: \Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C: \Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C: \Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C: \Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: [url=http: //windows7forum.pl/microsoft-33418-u]Microsoft[/url].com/NpCtrl,version=1.0 -> C: \Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C: \Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: [url=http: //windows7forum.pl/nero-64762-u]Nero[/url].com/KM -> C: \PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: [url=http: //windows7forum.pl/nokia-75378-u]nokia[/url].com/EnablerPlugin -> C: \Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C: \Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C: \Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> d: \Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> D: \Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3135873756-1747778033-1847798441-1003: @tools.google.com/Google Update;version=3 -> C: \Users\Wojtek\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3135873756-1747778033-1847798441-1003: @tools.google.com/Google Update;version=9 -> C: \Users\Wojtek\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C: \Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Auto Shutdown NG - C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\Extensions\jid0-HZ5UvAEiWWAxT9TKLuhEgUCARqo@jetpack.xpi [2012-08-21]
FF Extension: BBCodeXtra - C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi [2012-06-09]
FF Extension: Adblock Plus - C: \Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\yca9zblz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-10]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C: \Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C: \Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-02-20]
Chrome:
=======
CHR HomePage: Default -> hxxp: //startsear.ch/?aff=67&cf=26817c74-6b23-11e2-b6d0-e811324a7a5e
CHR StartupUrls: Default -> "https: //www.google.pl/"
CHR Profile: C: \Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C: \Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-15]
CHR Extension: (Google Search) - C: \Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-15]
CHR Extension: (AdBlock) - C: \Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-12-10]
CHR Extension: (APK Downloader) - C: \Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdpglblnnaocjhfenhockgamhoogihfi [2012-09-15]
CHR Extension: (WebSite Recommendation) - C: \Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jopdpbolklklaiookikgmdinfbooiipj [2013-11-20]
CHR Extension: (Google Wallet) - C: \Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C: \Users\Wojtek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-15]
StartMenuInternet: Google Chrome - C: \Users\Jan\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Autodesk Content Service; C: \Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
S3 BrYNSvc; C: \Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ekrn; C: \Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 MBAMScheduler; C: \Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C: \Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Microsoft Office Groove Audit Service; D: \Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 Motorola Device Manager; C: \Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
R2 Net Driver HPZ12; C: \Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C: \Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PST Service; C: \Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 SkypeUpdate; D: \Program Files (x86)\Skype\Updater\Updater.exe [315496 2014-12-11] (Skype Technologies)
R2 WinDefend; C: \Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 Cam3820; C: \Windows\System32\Drivers\cam3820a.sys [427648 2010-08-02] (CamVendor)
R1 dtsoftbus01; C: \Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-21] (Disc Soft Ltd)
R1 eamonm; C: \Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C: \Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C: \Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C: \Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C: \Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C: \Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R3 MBAMProtector; C: \Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C: \Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C: \Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 PAC207; C: \Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
S3 rtport; C: \Windows\SysWOW64\drivers\rtport.sys [15144 2011-03-31] (Windows (R) 2003 DDK 3790 provider)
R3 yukonw7; C: \Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 WinRing0_1_2_0; \?\C: \Program Files (x86)\BatteryCare\WinRing0x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-03 12: 44 - 2015-03-03 12: 45 - 00017766 _____ () C: \Users\Wojtek\Desktop\FRST.txt
2015-03-03 12: 44 - 2015-03-03 12: 44 - 00000000 ____D () C: \FRST
2015-03-03 12: 43 - 2015-03-03 12: 44 - 02092544 _____ (Farbar) C: \Users\Wojtek\Desktop\FRST64.exe
2015-03-02 22: 59 - 2015-03-02 23: 00 - 17477856 _____ () C: \Users\Wojtek\Desktop\Desktop.rar
2015-03-01 13: 16 - 2015-03-01 13: 16 - 00985600 _____ () C: \Users\Wojtek\Downloads\MicrosoftFixit50123.msi
2015-03-01 13: 13 - 2014-12-11 18: 47 - 00087040 _____ (Microsoft Corporation) C: \Windows\system32\TSWbPrxy.exe
2015-03-01 12: 50 - 2015-03-01 22: 06 - 00000000 ____D () C: \AdwCleaner
2015-03-01 12: 46 - 2015-03-01 12: 48 - 02126848 _____ () C: \Users\Wojtek\Desktop\adwcleaner_4.111.exe
2015-03-01 12: 35 - 2015-03-01 12: 35 - 00010028 _____ () C: \Users\Wojtek\Desktop\malwar.txt
2015-03-01 11: 40 - 2014-08-29 03: 07 - 03179520 _____ (Microsoft Corporation) C: \Windows\system32\rdpcorets.dll
2015-03-01 11: 40 - 2014-05-08 10: 32 - 00016384 _____ (Microsoft Corporation) C: \Windows\system32\RdpGroupPolicyExtension.dll
2015-03-01 11: 39 - 2014-09-05 03: 11 - 06584320 _____ (Microsoft Corporation) C: \Windows\system32\mstscax.dll
2015-03-01 11: 39 - 2014-09-05 02: 52 - 05703168 _____ (Microsoft Corporation) C: \Windows\SysWOW64\mstscax.dll
2015-03-01 11: 37 - 2015-03-03 12: 05 - 00129752 _____ (Malwarebytes Corporation) C: \Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-01 11: 37 - 2015-03-01 11: 37 - 00001106 _____ () C: \Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-01 11: 37 - 2015-03-01 11: 37 - 00000000 ____D () C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-01 11: 37 - 2015-03-01 11: 37 - 00000000 ____D () C: \ProgramData\Malwarebytes
2015-03-01 11: 37 - 2015-03-01 11: 37 - 00000000 ____D () C: \Program Files (x86)\Malwarebytes Anti-Malware
2015-03-01 11: 37 - 2014-11-21 06: 14 - 00093400 _____ (Malwarebytes Corporation) C: \Windows\system32\Drivers\mbamchameleon.sys
2015-03-01 11: 37 - 2014-11-21 06: 14 - 00063704 _____ (Malwarebytes Corporation) C: \Windows\system32\Drivers\mwac.sys
2015-03-01 11: 37 - 2014-11-21 06: 14 - 00025816 _____ (Malwarebytes Corporation) C: \Windows\system32\Drivers\mbam.sys
2015-03-01 11: 31 - 2015-03-01 11: 36 - 20447072 _____ (Malwarebytes Corporation ) C: \Users\Wojtek\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-28 23: 20 - 2013-10-02 02: 10 - 00044544 _____ (Microsoft Corporation) C: \Windows\system32\TsUsbGDCoInstaller.dll
2015-02-28 23: 19 - 2013-10-02 03: 22 - 00056832 _____ (Microsoft Corporation) C: \Windows\system32\Drivers\TsUsbFlt.sys
2015-02-28 23: 19 - 2013-10-02 03: 11 - 00013824 _____ (Microsoft Corporation) C: \Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-02-28 23: 19 - 2013-10-02 03: 08 - 00012800 _____ (Microsoft Corporation) C: \Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-02-28 23: 19 - 2013-10-02 02: 48 - 00056832 _____ (Microsoft Corporation) C: \Windows\system32\MsRdpWebAccess.dll
2015-02-28 23: 19 - 2013-10-02 02: 48 - 00018944 _____ (Microsoft Corporation) C: \Windows\system32\wksprtPS.dll
2015-02-28 23: 19 - 2013-10-02 02: 29 - 00062976 _____ (Microsoft Corporation) C: \Windows\system32\tsgqec.dll
2015-02-28 23: 19 - 2013-10-02 01: 15 - 01057280 _____ (Microsoft Corporation) C: \Windows\system32\rdvidcrl.dll
2015-02-28 23: 19 - 2013-10-02 01: 14 - 00050176 _____ (Microsoft Corporation) C: \Windows\SysWOW64\MsRdpWebAccess.dll
2015-02-28 23: 19 - 2013-10-02 01: 14 - 00017920 _____ (Microsoft Corporation) C: \Windows\SysWOW64\wksprtPS.dll
2015-02-28 23: 19 - 2013-10-02 01: 01 - 00420864 _____ (Microsoft Corporation) C: \Windows\system32\wksprt.exe
2015-02-28 23: 19 - 2013-10-02 00: 58 - 00053248 _____ (Microsoft Corporation) C: \Windows\SysWOW64\tsgqec.dll
2015-02-28 23: 19 - 2013-10-02 00: 31 - 01147392 _____ (Microsoft Corporation) C: \Windows\system32\mstsc.exe
2015-02-28 23: 19 - 2013-10-02 00: 08 - 00855552 _____ (Microsoft Corporation) C: \Windows\SysWOW64\rdvidcrl.dll
2015-02-28 23: 19 - 2013-10-01 23: 34 - 01068544 _____ (Microsoft Corporation) C: \Windows\SysWOW64\mstsc.exe
2015-02-28 22: 50 - 2012-08-23 15: 13 - 00243200 _____ (Microsoft Corporation) C: \Windows\system32\rdpudd.dll
2015-02-28 22: 50 - 2012-08-23 15: 10 - 00019456 _____ (Microsoft Corporation) C: \Windows\system32\Drivers\rdpvideominiport.sys
2015-02-28 22: 50 - 2012-08-23 12: 12 - 00192000 _____ (Microsoft Corporation) C: \Windows\SysWOW64\rdpendp_winip.dll
2015-02-28 22: 50 - 2012-08-23 11: 51 - 00228864 _____ (Microsoft Corporation) C: \Windows\system32\rdpendp_winip.dll
2015-02-28 21: 36 - 2015-03-01 12: 39 - 00000724 _____ () C: \Windows\PFRO.log
2015-02-28 21: 21 - 2015-02-28 21: 22 - 00000000 ___RD () C: \Users\Jan\Virtual Machines
2015-02-28 21: 21 - 2015-02-28 21: 21 - 00000000 ____D () C: \Users\Jan\AppData\Roaming\Motorola Mobility
2015-02-26 16: 05 - 2015-02-26 16: 05 - 00000000 ____D () C: \ProgramData\Motorola
2015-02-26 16: 04 - 2015-03-03 11: 48 - 00000000 ____D () C: \Temp
2015-02-26 16: 04 - 2015-02-26 16: 04 - 00003488 _____ () C: \Windows\System32\Tasks\Motorola Device Manager Update
2015-02-26 16: 04 - 2015-02-26 16: 04 - 00003296 _____ () C: \Windows\System32\Tasks\Motorola Device Manager Initial Update
2015-02-26 16: 04 - 2015-02-26 16: 04 - 00000000 ____D () C: \Users\Wojtek\AppData\Roaming\Motorola Mobility
2015-02-26 16: 03 - 2015-02-26 16: 04 - 00000000 ____D () C: \Program Files (x86)\Motorola Mobility
2015-02-26 16: 03 - 2015-02-26 16: 03 - 00000000 ____D () C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager
2015-02-26 16: 03 - 2015-02-26 16: 03 - 00000000 ____D () C: \Program Files\Motorola Mobility LLC
2015-02-26 16: 03 - 2015-02-26 16: 03 - 00000000 ____D () C: \Program Files\Common Files\Motorola Shared
2015-02-26 16: 03 - 2015-02-26 16: 03 - 00000000 ____D () C: \Program Files (x86)\Motorola
2015-02-26 16: 02 - 2015-02-26 16: 02 - 00000000 ____D () C: \Users\Wojtek\AppData\Roaming\Motorola
2015-02-26 11: 56 - 2015-02-26 11: 57 - 00000000 ____D () C: \Program Files (x86)\Mozilla Firefox
2015-02-25 20: 02 - 2015-01-09 04: 14 - 00950272 _____ (Microsoft Corporation) C: \Windows\system32\perftrack.dll
2015-02-25 20: 02 - 2015-01-09 04: 14 - 00091136 _____ (Microsoft Corporation) C: \Windows\system32\wdi.dll
2015-02-25 20: 02 - 2015-01-09 04: 14 - 00029696 _____ (Microsoft Corporation) C: \Windows\system32\powertracker.dll
2015-02-25 20: 02 - 2015-01-09 03: 48 - 00076800 _____ (Microsoft Corporation) C: \Windows\SysWOW64\wdi.dll
2015-02-25 15: 30 - 2015-03-03 11: 47 - 00004308 _____ () C: \Windows\setupact.log
2015-02-25 15: 30 - 2015-02-25 15: 30 - 00000000 _____ () C: \Windows\setuperr.log
2015-02-25 12: 14 - 2015-01-09 00: 44 - 00419936 _____ () C: \Windows\SysWOW64\locale.nls
2015-02-25 12: 14 - 2015-01-09 00: 43 - 00419936 _____ () C: \Windows\system32\locale.nls
2015-02-23 15: 31 - 2015-02-23 15: 31 - 00000000 ____D () C: \ProgramData\FARO
2015-02-23 15: 26 - 2015-02-23 15: 26 - 00000000 ____D () C: \Users\Wojtek\Documents\Inventor Server SDK ACAD 2014
2015-02-23 15: 04 - 2010-06-02 04: 55 - 00239960 _____ (Microsoft Corporation) C: \Windows\SysWOW64\xactengine3_7.dll
2015-02-23 15: 04 - 2010-06-02 04: 55 - 00176984 _____ (Microsoft Corporation) C: \Windows\system32\xactengine3_7.dll
2015-02-23 15: 04 - 2010-05-26 11: 41 - 01907552 _____ (Microsoft Corporation) C: \Windows\system32\d3dcsx_43.dll
2015-02-23 15: 04 - 2010-05-26 11: 41 - 01868128 _____ (Microsoft Corporation) C: \Windows\SysWOW64\d3dcsx_43.dll
2015-02-23 14: 48 - 2015-02-23 14: 48 - 00000000 ____D () C: \Users\Wojtek\AppData\Local\Autodesk, Inc
2015-02-11 18: 29 - 2015-01-23 05: 42 - 00814080 _____ (Microsoft Corporation) C: \Windows\system32\jscript9diag.dll
2015-02-11 18: 29 - 2015-01-23 05: 41 - 06041600 _____ (Microsoft Corporation) C: \Windows\system32\jscript9.dll
2015-02-11 18: 29 - 2015-01-23 04: 43 - 00620032 _____ (Microsoft Corporation) C: \Windows\SysWOW64\jscript9diag.dll
2015-02-11 18: 29 - 2015-01-23 04: 17 - 04300800 _____ (Microsoft Corporation) C: \Windows\SysWOW64\jscript9.dll
2015-02-11 08: 22 - 2015-01-15 09: 14 - 00155072 _____ (Microsoft Corporation) C: \Windows\system32\Drivers\ksecpkg.sys
2015-02-11 08: 22 - 2015-01-15 09: 14 - 00095680 _____ (Microsoft Corporation) C: \Windows\system32\Drivers\ksecdd.sys
2015-02-11 08: 22 - 2015-01-15 09: 09 - 01461760 _____ (Microsoft Corporation) C: \Windows\system32\lsasrv.dll
2015-02-11 08: 22 - 2015-01-15 09: 09 - 00136192 _____ (Microsoft Corporation) C: \Windows\system32\sspicli.dll
2015-02-11 08: 22 - 2015-01-15 09: 09 - 00031232 _____ (Microsoft Corporation) C: \Windows\system32\lsass.exe
2015-02-11 08: 22 - 2015-01-15 09: 09 - 00029184 _____ (Microsoft Corporation) C: \Windows\system32\sspisrv.dll
2015-02-11 08: 22 - 2015-01-15 09: 09 - 00028160 _____ (Microsoft Corporation) C: \Windows\system32\secur32.dll
2015-02-11 08: 22 - 2015-01-15 09: 08 - 00064000 _____ (Microsoft Corporation) C: \Windows\system32\auditpol.exe
2015-02-11 08: 22 - 2015-01-15 09: 06 - 00146432 _____ (Microsoft Corporation) C: \Windows\system32\msaudite.dll
2015-02-11 08: 22 - 2015-01-15 09: 06 - 00060416 _____ (Microsoft Corporation) C: \Windows\system32\msobjs.dll
2015-02-11 08: 22 - 2015-01-15 09: 04 - 00686080 _____ (Microsoft Corporation) C: \Windows\system32\adtschema.dll
2015-02-11 08: 22 - 2015-01-15 08: 42 - 00050176 _____ (Microsoft Corporation) C: \Windows\SysWOW64\auditpol.exe
2015-02-11 08: 22 - 2015-01-15 08: 42 - 00022016 _____ (Microsoft Corporation) C: \Windows\SysWOW64\secur32.dll
2015-02-11 08: 22 - 2015-01-15 08: 41 - 00096768 _____ (Microsoft Corporation) C: \Windows\SysWOW64\sspicli.dll
2015-02-11 08: 22 - 2015-01-15 08: 39 - 00146432 _____ (Microsoft Corporation) C: \Windows\SysWOW64\msaudite.dll
2015-02-11 08: 22 - 2015-01-15 08: 39 - 00060416 _____ (Microsoft Corporation) C: \Windows\SysWOW64\msobjs.dll
2015-02-11 08: 22 - 2015-01-15 08: 37 - 00686080 _____ (Microsoft Corporation) C: \Windows\SysWOW64\adtschema.dll
2015-02-11 08: 22 - 2015-01-15 05: 22 - 00458824 _____ (Microsoft Corporation) C: \Windows\system32\Drivers\cng.sys
2015-02-11 08: 22 - 2015-01-14 06: 47 - 00389808 _____ (Microsoft Corporation) C: \Windows\system32\iedkcs32.dll
2015-02-11 08: 22 - 2015-01-14 06: 09 - 00342712 _____ (Microsoft Corporation) C: \Windows\SysWOW64\iedkcs32.dll
2015-02-11 08: 22 - 2015-01-12 04: 09 - 25056256 _____ (Microsoft Corporation) C: \Windows\system32\mshtml.dll
2015-02-11 08: 22 - 2015-01-12 04: 05 - 02724864 _____ (Microsoft Corporation) C: \Windows\system32\mshtml.tlb
2015-02-11 08: 22 - 2015-01-12 04: 05 - 00004096 _____ (Microsoft Corporation) C: \Windows\system32\ieetwcollectorres.dll
2015-02-11 08: 22 - 2015-01-12 03: 49 - 00066560 _____ (Microsoft Corporation) C: \Windows\system32\iesetup.dll
2015-02-11 08: 22 - 2015-01-12 03: 48 - 02885632 _____ (Microsoft Corporation) C: \Windows\system32\iertutil.dll
2015-02-11 08: 22 - 2015-01-12 03: 48 - 00584192 _____ (Microsoft Corporation) C: \Windows\system32\vbscript.dll
2015-02-11 08: 22 - 2015-01-12 03: 48 - 00048640 _____ (Microsoft Corporation) C: \Windows\system32\ieetwproxystub.dll
2015-02-11 08: 22 - 2015-01-12 03: 47 - 00088064 _____ (Microsoft Corporation) C: \Windows\system32\MshtmlDac.dll
2015-02-11 08: 22 - 2015-01-12 03: 40 - 00054784 _____ (Microsoft Corporation) C: \Windows\system32\jsproxy.dll
2015-02-11 08: 22 - 2015-01-12 03: 39 - 00034304 _____ (Microsoft Corporation) C: \Windows\system32\iernonce.dll
2015-02-11 08: 22 - 2015-01-12 03: 36 - 00633856 _____ (Microsoft Corporation) C: \Windows\system32\ieui.dll
2015-02-11 08: 22 - 2015-01-12 03: 34 - 00144384 _____ (Microsoft Corporation) C: \Windows\system32\ieUnatt.exe
2015-02-11 08: 22 - 2015-01-12 03: 34 - 00114688 _____ (Microsoft Corporation) C: \Windows\system32\ieetwcollector.exe
2015-02-11 08: 22 - 2015-01-12 03: 25 - 19740160 _____ (Microsoft Corporation) C: \Windows\SysWOW64\mshtml.dll
2015-02-11 08: 22 - 2015-01-12 03: 25 - 00968704 _____ (Microsoft Corporation) C: \Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 08: 22 - 2015-01-12 03: 21 - 02724864 _____ (Microsoft Corporation) C: \Windows\SysWOW64\mshtml.tlb
2015-02-11 08: 22 - 2015-01-12 03: 21 - 00490496 _____ (Microsoft Corporation) C: \Windows\system32\dxtmsft.dll
2015-02-11 08: 22 - 2015-01-12 03: 13 - 00077824 _____ (Microsoft Corporation) C: \Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 08: 22 - 2015-01-12 03: 08 - 00503296 _____ (Microsoft Corporation) C: \Windows\SysWOW64\vbscript.dll
2015-02-11 08: 22 - 2015-01-12 03: 08 - 00199680 _____ (Microsoft Corporation) C: \Windows\system32\msrating.dll
2015-02-11 08: 22 - 2015-01-12 03: 07 - 00092160 _____ (Microsoft Corporation) C: \Windows\system32\mshtmled.dll
2015-02-11 08: 22 - 2015-01-12 03: 07 - 00062464 _____ (Microsoft Corporation) C: \Windows\SysWOW64\iesetup.dll
2015-02-11 08: 22 - 2015-01-12 03: 07 - 00047616 _____ (Microsoft Corporation) C: \Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 08: 22 - 2015-01-12 03: 05 - 00064000 _____ (Microsoft Corporation) C: \Windows\SysWOW64\MshtmlDac.dll
2015-02-11 08: 22 - 2015-01-12 03: 04 - 00316928 _____ (Microsoft Corporation) C: \Windows\system32\dxtrans.dll
2015-02-11 08: 22 - 2015-01-12 03: 02 - 02277888 _____ (Microsoft Corporation) C: \Windows\SysWOW64\iertutil.dll
2015-02-11 08: 22 - 2015-01-12 03: 00 - 00047104 _____ (Microsoft Corporation) C: \Windows\SysWOW64\jsproxy.dll
2015-02-11 08: 22 - 2015-01-12 02: 59 - 00030720 _____ (Microsoft Corporation) C: \Windows\SysWOW64\iernonce.dll
2015-02-11 08: 22 - 2015-01-12 02: 57 - 00478208 _____ (Microsoft Corporation) C: \Windows\SysWOW64\ieui.dll
2015-02-11 08: 22 - 2015-01-12 02: 55 - 00115712 _____ (Microsoft Corporation) C: \Windows\SysWOW64\ieUnatt.exe
2015-02-11 08: 22 - 2015-01-12 02: 48 - 00801280 _____ (Microsoft Corporation) C: \Windows\system32\msfeeds.dll
2015-02-11 08: 22 - 2015-01-12 02: 48 - 00718848 _____ (Microsoft Corporation) C: \Windows\system32\ie4uinit.exe
2015-02-11 08: 22 - 2015-01-12 02: 46 - 02125824 _____ (Microsoft Corporation) C: \Windows\system32\inetcpl.cpl
2015-02-11 08: 22 - 2015-01-12 02: 46 - 01359360 _____ (Microsoft Corporation) C: \Windows\system32\mshtmlmedia.dll
2015-02-11 08: 22 - 2015-01-12 02: 45 - 00418304 _____ (Microsoft Corporation) C: \Windows\SysWOW64\dxtmsft.dll
2015-02-11 08: 22 - 2015-01-12 02: 43 - 14401024 _____ (Microsoft Corporation) C: \Windows\system32\ieframe.dll
2015-02-11 08: 22 - 2015-01-12 02: 40 - 00060416 _____ (Microsoft Corporation) C: \Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 08: 22 - 2015-01-12 02: 36 - 00168960 _____ (Microsoft Corporation) C: \Windows\SysWOW64\msrating.dll
2015-02-11 08: 22 - 2015-01-12 02: 35 - 00076288 _____ (Microsoft Corporation) C: \Windows\SysWOW64\mshtmled.dll
2015-02-11 08: 22 - 2015-01-12 02: 33 - 00285696 _____ (Microsoft Corporation) C: \Windows\SysWOW64\dxtrans.dll
2015-02-11 08: 22 - 2015-01-12 02: 27 - 02358272 _____ (Microsoft Corporation) C: \Windows\system32\wininet.dll
2015-02-11 08: 22 - 2015-01-12 02: 23 - 02052608 _____ (Microsoft Corporation) C: \Windows\SysWOW64\inetcpl.cpl
2015-02-11 08: 22 - 2015-01-12 02: 23 - 00688640 _____ (Microsoft Corporation) C: \Windows\SysWOW64\msfeeds.dll
2015-02-11 08: 22 - 2015-01-12 02: 22 - 01155072 _____ (Microsoft Corporation) C: \Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 08: 22 - 2015-01-12 02: 14 - 12829184 _____ (Microsoft Corporation) C: \Windows\SysWOW64\ieframe.dll
2015-02-11 08: 22 - 2015-01-12 02: 14 - 01548288 _____ (Microsoft Corporation) C: \Windows\system32\urlmon.dll
2015-02-11 08: 22 - 2015-01-12 02: 02 - 00800768 _____ (Microsoft Corporation) C: \Windows\system32\ieapfltr.dll
2015-02-11 08: 22 - 2015-01-12 02: 00 - 01888256 _____ (Microsoft Corporation) C: \Windows\SysWOW64\wininet.dll
2015-02-11 08: 22 - 2015-01-12 01: 56 - 01307136 _____ (Microsoft Corporation) C: \Windows\SysWOW64\urlmon.dll
2015-02-11 08: 22 - 2015-01-12 01: 55 - 00710144 _____ (Microsoft Corporation) C: \Windows\SysWOW64\ieapfltr.dll
2015-02-11 08: 22 - 2014-12-12 06: 31 - 01480192 _____ (Microsoft Corporation) C: \Windows\system32\crypt32.dll
2015-02-11 08: 22 - 2014-12-12 06: 07 - 01174528 _____ (Microsoft Corporation) C: \Windows\SysWOW64\crypt32.dll
2015-02-11 08: 22 - 2014-07-07 03: 07 - 00229376 _____ (Microsoft Corporation) C: \Windows\system32\wintrust.dll
2015-02-11 08: 22 - 2014-07-07 03: 06 - 00187904 _____ (Microsoft Corporation) C: \Windows\system32\cryptsvc.dll
2015-02-11 08: 22 - 2014-07-07 02: 40 - 00179200 _____ (Microsoft Corporation) C: \Windows\SysWOW64\wintrust.dll
2015-02-11 08: 22 - 2014-07-07 02: 40 - 00143872 _____ (Microsoft Corporation) C: \Windows\SysWOW64\cryptsvc.dll
2015-02-11 08: 21 - 2015-02-04 04: 16 - 00894976 _____ (Microsoft Corporation) C: \Windows\system32\appraiser.dll
2015-02-11 08: 21 - 2015-02-04 04: 16 - 00762368 _____ (Microsoft Corporation) C: \Windows\system32\invagent.dll
2015-02-11 08: 21 - 2015-02-04 04: 16 - 00609280 _____ (Microsoft Corporation) C: \Windows\system32\generaltel.dll
2015-02-11 08: 21 - 2015-02-04 04: 16 - 00414720 _____ (Microsoft Corporation) C: \Windows\system32\devinv.dll
2015-02-11 08: 21 - 2015-02-04 04: 16 - 00227328 _____ (Microsoft Corporation) C: \Windows\system32\aepdu.dll
2015-02-11 08: 21 - 2015-02-04 04: 16 - 00192000 _____ (Microsoft Corporation) C: \Windows\system32\aepic.dll
2015-02-11 08: 21 - 2015-02-04 04: 13 - 01098752 _____ (Microsoft Corporation) C: \Windows\system32\aeinv.dll
2015-02-11 08: 21 - 2015-01-28 00: 36 - 01239720 _____ (Microsoft Corporation) C: \Windows\system32\aitstatic.exe
2015-02-11 08: 21 - 2015-01-13 04: 10 - 01424384 _____ (Microsoft Corporation) C: \Windows\system32\WindowsCodecs.dll
2015-02-11 08: 21 - 2015-01-13 03: 49 - 01230336 _____ (Microsoft Corporation) C: \Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 08: 21 - 2015-01-10 07: 48 - 00728064 _____ (Microsoft Corporation) C: \Windows\system32\kerberos.dll
2015-02-11 08: 21 - 2015-01-10 07: 48 - 00341504 _____ (Microsoft Corporation) C: \Windows\system32\schannel.dll
2015-02-11 08: 21 - 2015-01-10 07: 48 - 00314880 _____ (Microsoft Corporation) C: \Windows\system32\msv1_0.dll
2015-02-11 08: 21 - 2015-01-10 07: 48 - 00309760 _____ (Microsoft Corporation) C: \Windows\system32\ncrypt.dll
2015-02-11 08: 21 - 2015-01-10 07: 48 - 00210944 _____ (Microsoft Corporation) C: \Windows\system32\wdigest.dll
2015-02-11 08: 21 - 2015-01-10 07: 48 - 00086528 _____ (Microsoft Corporation) C: \Windows\system32\TSpkg.dll
2015-02-11 08: 21 - 2015-01-10 07: 48 - 00022016 _____ (Microsoft Corporation) C: \Windows\system32\credssp.dll
2015-02-11 08: 21 - 2015-01-10 07: 27 - 00550912 _____ (Microsoft Corporation) C: \Windows\SysWOW64\kerberos.dll
2015-02-11 08: 21 - 2015-01-10 07: 27 - 00259584 _____ (Microsoft Corporation) C: \Windows\SysWOW64\msv1_0.dll
2015-02-11 08: 21 - 2015-01-10 07: 27 - 00248832 _____ (Microsoft Corporation) C: \Windows\SysWOW64\schannel.dll
2015-02-11 08: 21 - 2015-01-10 07: 27 - 00221184 _____ (Microsoft Corporation) C: \Windows\SysWOW64\ncrypt.dll
2015-02-11 08: 21 - 2015-01-10 07: 27 - 00172032 _____ (Microsoft Corporation) C: \Windows\SysWOW64\wdigest.dll
2015-02-11 08: 21 - 2015-01-10 07: 27 - 00065536 _____ (Microsoft Corporation) C: \Windows\SysWOW64\TSpkg.dll
2015-02-11 08: 21 - 2015-01-10 07: 27 - 00017408 _____ (Microsoft Corporation) C: \Windows\SysWOW64\credssp.dll
2015-02-11 08: 21 - 2014-11-26 04: 53 - 00861696 _____ (Microsoft Corporation) C: \Windows\system32\oleaut32.dll
2015-02-11 08: 21 - 2014-11-26 04: 32 - 00571904 _____ (Microsoft Corporation) C: \Windows\SysWOW64\oleaut32.dll
2015-02-11 08: 05 - 2015-01-14 07: 09 - 05554112 _____ (Microsoft Corporation) C: \Windows\system32\ntoskrnl.exe
2015-02-11 08: 04 - 2015-01-14 07: 05 - 00503808 _____ (Microsoft Corporation) C: \Windows\system32\srcore.dll
2015-02-11 08: 04 - 2015-01-14 07: 05 - 00050176 _____ (Microsoft Corporation) C: \Windows\system32\srclient.dll
2015-02-11 08: 04 - 2015-01-14 07: 04 - 00296960 _____ (Microsoft Corporation) C: \Windows\system32\rstrui.exe
2015-02-11 08: 04 - 2015-01-14 06: 44 - 03972544 _____ (Microsoft Corporation) C: \Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 08: 04 - 2015-01-14 06: 44 - 03917760 _____ (Microsoft Corporation) C: \Windows\SysWOW64\ntoskrnl.exe
2015-02-11 08: 04 - 2015-01-14 06: 41 - 00043008 _____ (Microsoft Corporation) C: \Windows\SysWOW64\srclient.dll
2015-02-11 08: 04 - 2015-01-09 03: 03 - 03201536 _____ (Microsoft Corporation) C: \Windows\system32\win32k.sys
2015-02-11 08: 04 - 2014-12-08 04: 09 - 00406528 _____ (Microsoft Corporation) C: \Windows\system32\scesrv.dll
2015-02-11 08: 04 - 2014-12-08 03: 46 - 00308224 _____ (Microsoft Corporation) C: \Windows\SysWOW64\scesrv.dll
2015-02-04 18: 42 - 2015-03-02 22: 47 - 00001062 _____ () C: \Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1003UA1d040a1fb436042.job
2015-02-04 18: 42 - 2015-03-01 18: 47 - 00001010 _____ () C: \Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1003Core1d040a1fb09647d.job
2015-02-04 18: 42 - 2015-02-04 18: 42 - 00004034 _____ () C: \Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1003UA1d040a1fb436042
2015-02-04 18: 42 - 2015-02-04 18: 42 - 00003638 _____ () C: \Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1003Core1d040a1fb09647d
2015-02-03 11: 33 - 2015-03-03 12: 38 - 00001048 _____ () C: \Windows\Tasks\GoogleUpdateTaskMachineUA1d03f9cea100ac2.job
2015-02-03 11: 33 - 2015-02-03 11: 33 - 00004044 _____ () C: \Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d03f9cea100ac2
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-03 12: 38 - 2014-06-27 07: 25 - 00001048 _____ () C: \Windows\Tasks\GoogleUpdateTaskMachineUA1cf91d0a052b3da.job
2015-03-03 12: 26 - 2011-06-14 17: 49 - 00001050 _____ () C: \Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1000UA.job
2015-03-03 12: 13 - 2012-06-07 11: 34 - 00000930 _____ () C: \Windows\Tasks\Adobe Flash Player Updater.job
2015-03-03 11: 56 - 2009-07-14 05: 45 - 00020032 ____H () C: \Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-03 11: 56 - 2009-07-14 05: 45 - 00020032 ____H () C: \Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-03 11: 52 - 2012-08-16 15: 06 - 02029183 _____ () C: \Windows\WindowsUpdate.log
2015-03-03 11: 49 - 2012-06-28 12: 50 - 00000000 ____D () C: \Users\Wojtek\AppData\Roaming\Dropbox
2015-03-03 11: 48 - 2014-05-12 11: 28 - 00001044 _____ () C: \Windows\Tasks\GoogleUpdateTaskMachineCore1cf6dccf2258cb3.job
2015-03-03 11: 47 - 2009-07-14 06: 08 - 00000006 ____H () C: \Windows\Tasks\SA.DAT
2015-03-02 23: 10 - 2014-07-14 22: 05 - 00000920 _____ () C: \Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1000UA.job
2015-03-02 23: 10 - 2014-07-14 22: 05 - 00000898 _____ () C: \Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1000Core.job
2015-03-02 22: 48 - 2012-09-15 17: 35 - 00001062 _____ () C: \Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1003UA.job
2015-03-02 10: 26 - 2011-06-14 17: 49 - 00000998 _____ () C: \Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1000Core.job
2015-03-01 22: 06 - 2011-06-14 15: 30 - 01646594 _____ () C: \Windows\SysWOW64\PerfStringBackup.INI
2015-03-01 22: 06 - 2010-11-08 21: 02 - 00742254 _____ () C: \Windows\system32\perfh015.dat
2015-03-01 22: 06 - 2010-11-08 21: 02 - 00156866 _____ () C: \Windows\system32\perfc015.dat
2015-03-01 22: 06 - 2009-07-14 06: 13 - 01646594 _____ () C: \Windows\system32\PerfStringBackup.INI
2015-03-01 18: 47 - 2012-09-15 17: 35 - 00001010 _____ () C: \Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1003Core.job
2015-03-01 18: 16 - 2009-07-14 04: 20 - 00000000 ____D () C: \Windows\rescache
2015-03-01 11: 13 - 2009-07-14 04: 20 - 00000000 ___RD () C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-01 11: 12 - 2009-07-14 05: 45 - 00493544 _____ () C: \Windows\system32\FNTCACHE.DAT
2015-03-01 00: 36 - 2009-07-14 04: 20 - 00000000 ____D () C: \Windows\PolicyDefinitions
2015-03-01 00: 25 - 2014-07-11 20: 23 - 00000000 ____D () C: \Users\Wojtek\AppData\Roaming\Skype
2015-02-28 23: 16 - 2012-06-10 13: 13 - 00142112 _____ () C: \Users\Wojtek\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-28 23: 09 - 2013-03-21 12: 11 - 00000000 ____D () C: \Users\Wojtek\AppData\Roaming\TeamViewer
2015-02-28 21: 35 - 2014-11-11 20: 30 - 00002127 _____ () C: \ProgramData\hpzinstall.log
2015-02-28 21: 35 - 2012-12-11 22: 05 - 00000000 ____D () C: \Windows\pss
2015-02-28 21: 22 - 2009-07-14 06: 09 - 00000000 ____D () C: \Windows\System32\Tasks\WPD
2015-02-28 21: 21 - 2012-11-13 10: 41 - 00001244 __RSH () C: \Users\Jan\ntuser.pol
2015-02-28 21: 21 - 2011-06-14 14: 18 - 00001425 _____ () C: \Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-28 21: 21 - 2011-06-14 14: 02 - 00000000 ____D () C: \Users\Jan
2015-02-27 10: 00 - 2012-06-08 20: 54 - 00000000 ____D () C: \Program Files (x86)\Mozilla Maintenance Service
2015-02-26 16: 15 - 2012-06-28 12: 44 - 00000000 ____D () C: \Users\Wojtek\AppData\Roaming\vlc
2015-02-26 16: 04 - 2012-06-09 20: 43 - 00000000 ____D () C: \Users\Wojtek\AppData\Local\VirtualStore
2015-02-26 16: 02 - 2010-11-08 03: 24 - 00000000 ___HD () C: \Program Files (x86)\InstallShield Installation Information
2015-02-26 09: 14 - 2009-07-14 04: 20 - 00000000 ____D () C: \Windows\tracing
2015-02-25 21: 13 - 2013-03-08 13: 39 - 00000000 ____D () C: \Users\Wojtek\AppData\Local\cache
2015-02-24 09: 14 - 2009-07-14 06: 08 - 00032604 _____ () C: \Windows\Tasks\SCHEDLGU.TXT
2015-02-23 15: 31 - 2013-03-08 13: 23 - 00000000 ____D () C: \ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-02-23 15: 31 - 2013-03-08 13: 07 - 00000000 ____D () C: \ProgramData\Autodesk
2015-02-23 15: 26 - 2013-03-08 13: 23 - 00000000 ____D () C: \Program Files\Common Files\Autodesk Shared
2015-02-23 15: 23 - 2013-03-08 13: 26 - 00000000 ____D () C: \Users\Wojtek\AppData\Local\Autodesk
2015-02-23 15: 20 - 2013-03-08 17: 22 - 00000000 ____D () C: \Users\Public\Documents\Autodesk
2015-02-23 15: 20 - 2013-03-08 13: 07 - 00000000 ____D () C: \Users\Wojtek\AppData\Roaming\Autodesk
2015-02-23 15: 03 - 2013-03-08 13: 23 - 00000000 ____D () C: \Program Files\Autodesk
2015-02-23 15: 00 - 2013-03-08 12: 56 - 00000000 ____D () C: \Autodesk
2015-02-13 09: 22 - 2012-06-28 12: 50 - 00000000 ____D () C: \Users\Wojtek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-11 18: 25 - 2013-02-10 21: 52 - 00007597 _____ () C: \Users\Wojtek\AppData\Local\Resmon.ResmonCfg
2015-02-11 17: 59 - 2014-12-11 07: 40 - 00000000 ____D () C: \Windows\system32\appraiser
2015-02-11 17: 59 - 2014-07-11 14: 36 - 00000000 ___SD () C: \Windows\system32\CompatTel
2015-02-11 10: 06 - 2013-05-15 13: 53 - 00000000 ____D () C: \ProgramData\Package Cache
2015-02-11 10: 04 - 2011-06-14 17: 10 - 00000000 ____D () C: \ProgramData\Microsoft Help
2015-02-11 08: 30 - 2013-08-19 20: 49 - 00000000 ____D () C: \Windows\system32\MRT
2015-02-11 08: 13 - 2011-06-14 15: 16 - 116773704 _____ (Microsoft Corporation) C: \Windows\system32\MRT.exe
2015-02-07 18: 47 - 2014-11-21 10: 25 - 00000000 ____D () C: \Users\Wojtek\AppData\Roaming\DAEMON Tools Lite
2015-02-07 18: 46 - 2009-08-02 03: 27 - 00000000 ____D () C: \Windows\Panther
2015-02-05 16: 13 - 2012-06-07 11: 34 - 00003868 _____ () C: \Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 15: 13 - 2012-06-07 11: 34 - 00701616 _____ (Adobe Systems Incorporated) C: \Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 15: 13 - 2011-06-14 17: 49 - 00071344 _____ (Adobe Systems Incorporated) C: \Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 18: 42 - 2012-09-15 17: 35 - 00004034 _____ () C: \Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1003UA
2015-02-04 18: 42 - 2012-09-15 17: 35 - 00003638 _____ () C: \Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3135873756-1747778033-1847798441-1003Core
2015-02-03 11: 33 - 2014-06-27 07: 25 - 00004044 _____ () C: \Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf91d0a052b3da
2015-02-03 11: 33 - 2014-05-12 11: 28 - 00003792 _____ () C: \Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf6dccf2258cb3
==================== Files in the root of some directories =======
2013-11-15 17: 54 - 2013-11-15 17: 54 - 0003584 _____ () C: \Users\Wojtek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-10 21: 52 - 2015-02-11 18: 25 - 0007597 _____ () C: \Users\Wojtek\AppData\Local\Resmon.ResmonCfg
2011-06-14 14: 05 - 2010-01-16 06: 18 - 0131368 _____ () C: \ProgramData\FullRemove.exe
2014-11-11 20: 30 - 2015-02-28 21: 35 - 0002127 _____ () C: \ProgramData\hpzinstall.log
2013-03-08 13: 27 - 2013-03-08 13: 27 - 0000153 _____ () C: \ProgramData\Microsoft.SqlServer.Compact.351.32.bc
Some content of TEMP:
====================
C: \Users\Jan\AppData\Local\Temp\chutil.dll
C: \Users\Jan\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C: \Users\Jan\AppData\Local\Temp\sqlite3.dll
C: \Users\Jan\AppData\Local\Temp\{72A0A3C3-6580-4268-B330-2828B767FAAF}-26.0.1410.64_chrome_installer.exe
C: \Users\Jan\AppData\Local\Temp\{DB50B31E-AE11-4CF8-8D67-B02D5EDFE504}-GoogleUpdateSetup.exe
C: \Users\Wojtek\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmp9ejg.dll
C: \Users\Wojtek\AppData\Local\Temp\Quarantine.exe
C: \Users\Wojtek\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C: \Windows\System32\winlogon.exe => File is digitally signed
C: \Windows\System32\wininit.exe => File is digitally signed
C: \Windows\SysWOW64\wininit.exe => File is digitally signed
C: \Windows\explorer.exe => File is digitally signed
C: \Windows\SysWOW64\explorer.exe => File is digitally signed
C: \Windows\System32\svchost.exe => File is digitally signed
C: \Windows\SysWOW64\svchost.exe => File is digitally signed
C: \Windows\System32\services.exe => File is digitally signed
C: \Windows\System32\User32.dll => File is digitally signed
C: \Windows\SysWOW64\User32.dll => File is digitally signed
C: \Windows\System32\userinit.exe => File is digitally signed
C: \Windows\SysWOW64\userinit.exe => File is digitally signed
C: \Windows\System32\rpcss.dll => File is digitally signed
C: \Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-23 11: 05
==================== End Of Log ============================
Co dalej mogę zrobić żeby zmniejszyć (przywrócić do poprzedniego) zużycie pamięci RAM?
Notatka została dodana 03.03.2015 13:01 . Ostatnia edycja dokonana 03.03.2015 13:01 przez irocket:
Zamiast znaczników quote używaj znaczników code. Zmniejsza to objętość posta i wątku. Jedno upomnienie już miałeś, teraz leci ostrzeżenie.
(Ten post był ostatnio modyfikowany: 03.03.2015 12:56 przez Wojtek1992.)
03.03.2015 12:52
|
Post: #1
![[Obrazek: Lady_In_Blue.gif]](https://s26.postimg.cc/o9usxxybd/Lady_In_Blue.gif)
![[Obrazek: sygnaasia.png]](https://s26.postimg.cc/ws492bf4p/sygnaasia.png)
![[Obrazek: 2089620800_1406976151.png]](http://obrazki.elektroda.pl/2089620800_1406976151.png)
