Prosba o sprawdzenie logow / spowolniony komputer i internet

**Posty:** 271 · przez **Sythev** 14 Maj 2016, 12:21

Witam

Od 2 dni mam duzy problem bo komputer włącza/wyłacza się bardzo długo, internet pomimo zasiegu LTE 40GB pracuje jak 1GB na 3G bo strony wczytyuja sie po kilkanascie minut. Nie wiem czym to jest spowodowane ale strasznie mnie to irytuje.
Prosze o sprawdzenie logow.

Zaraz bede wrzucał

Dodano 14.05.2016 16:57:30:
Duze problemy bo internet się co chwile urywa a na speedtescie ponad 70GB/10GB wiec nie rozumiem czy to jakis wirus bo avast wlasnie wykryl 2 trojany.
wrzucam screena i log z gmera.

Dodano 14.05.2016 16:58:26:
gmer

Kod: Zaznacz wszystko: GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-14 17:35:02 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000031 WDC_WD5000LPVX-08V0TT5 rev.05.01A05 465,76GB Running: o3hk5gxs.exe; Driver: C:\Users\Adam\AppData\Local\Temp\kxtdrpod.sys ---- User code sections - GMER 2.2 ---- .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc597a5230 5 bytes JMP 00007ffbd98e0480 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc597a52d0 5 bytes JMP 00007ffbd98e0470 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc597a5590 5 bytes JMP 00007ffbd98e0360 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc597a5630 5 bytes JMP 00007ffbd98e0490 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc597a5650 5 bytes JMP 00007ffbd98e03d0 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc597a57b0 5 bytes JMP 00007ffbd98e0310 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc597a5810 1 byte JMP 00007ffbd98e03a0 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffc597a5812 3 bytes {JMP 0xffffffff8013ab90} .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc597a5850 5 bytes JMP 00007ffbd98e0380 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc597a58d0 5 bytes JMP 00007ffbd98e02d0 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc597a59d0 5 bytes JMP 00007ffbd98e02c0 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc597a5a10 5 bytes JMP 00007ffbd98e0300 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc597a5a90 5 bytes JMP 00007ffbd98e03b0 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtResumeThread 00007ffc597a5b10 5 bytes JMP 00007ffbd98e0440 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc597a5b30 5 bytes JMP 00007ffbd98e03e0 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc597a5dc0 5 bytes JMP 00007ffbd98e0220 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc597a61c0 5 bytes JMP 00007ffbd98e04a0 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc597a6220 5 bytes JMP 00007ffbd98e0390 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc597a64a0 5 bytes JMP 00007ffbd98e02e0 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc597a64e0 5 bytes JMP 00007ffbd98e0340 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc597a65c0 5 bytes JMP 00007ffbd98e0280 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc597a6700 5 bytes JMP 00007ffbd98e02a0 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc597a6740 5 bytes JMP 00007ffbd98e03c0 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc597a6760 5 bytes JMP 00007ffbd98e0320 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc597a68c0 5 bytes JMP 00007ffbd98e0410 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc597a6920 5 bytes JMP 00007ffbd98e0230 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffc597a6d40 5 bytes JMP 00007ffbd98e03f0 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc597a6fa0 5 bytes JMP 00007ffbd98e01d0 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc597a7160 5 bytes JMP 00007ffbd98e0240 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc597a71c0 5 bytes JMP 00007ffbd98e04b0 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc597a71e0 5 bytes JMP 00007ffbd98e04c0 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc597a7240 5 bytes JMP 00007ffbd98e02f0 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc597a7260 5 bytes JMP 00007ffbd98e0350 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc597a7320 5 bytes JMP 00007ffbd98e0290 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc597a73e0 5 bytes JMP 00007ffbd98e02b0 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc597a7440 5 bytes JMP 00007ffbd98e0370 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc597a7460 5 bytes JMP 00007ffbd98e0330 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc597a7a80 5 bytes JMP 00007ffbd98e0460 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtResumeProcess 00007ffc597a7d40 5 bytes JMP 00007ffbd98e0420 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc597a7ea0 5 bytes JMP 00007ffbd98e0250 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc597a7ec0 5 bytes JMP 00007ffbd98e0260 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc597a7f00 5 bytes JMP 00007ffbd98e0400 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc597a82e0 5 bytes JMP 00007ffbd98e01e0 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc597a8300 5 bytes JMP 00007ffbd98e0200 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc597a8420 5 bytes JMP 00007ffbd98e01f0 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc597a8500 5 bytes JMP 00007ffbd98e0430 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc597a8520 5 bytes JMP 00007ffbd98e0450 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc597a8540 5 bytes JMP 00007ffbd98e0210 .text C:\WINDOWS\system32\svchost.exe[620] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc597a8760 5 bytes JMP 00007ffbd98e0270 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc597a5230 5 bytes JMP 00007ffbd98e0480 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc597a52d0 5 bytes JMP 00007ffbd98e0470 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc597a5590 5 bytes JMP 00007ffbd98e0360 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc597a5630 5 bytes JMP 00007ffbd98e0490 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc597a5650 5 bytes JMP 00007ffbd98e03d0 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc597a57b0 5 bytes JMP 00007ffbd98e0310 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc597a5810 1 byte JMP 00007ffbd98e03a0 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffc597a5812 3 bytes {JMP 0xffffffff8013ab90} .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc597a5850 5 bytes JMP 00007ffbd98e0380 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc597a58d0 5 bytes JMP 00007ffbd98e02d0 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc597a59d0 5 bytes JMP 00007ffbd98e02c0 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc597a5a10 5 bytes JMP 00007ffbd98e0300 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc597a5a90 5 bytes JMP 00007ffbd98e03b0 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtResumeThread 00007ffc597a5b10 5 bytes JMP 00007ffbd98e0440 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc597a5b30 5 bytes JMP 00007ffbd98e03e0 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc597a5dc0 5 bytes JMP 00007ffbd98e0220 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc597a61c0 5 bytes JMP 00007ffbd98e04a0 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc597a6220 5 bytes JMP 00007ffbd98e0390 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc597a64a0 5 bytes JMP 00007ffbd98e02e0 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc597a64e0 5 bytes JMP 00007ffbd98e0340 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc597a65c0 5 bytes JMP 00007ffbd98e0280 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc597a6700 5 bytes JMP 00007ffbd98e02a0 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc597a6740 5 bytes JMP 00007ffbd98e03c0 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc597a6760 5 bytes JMP 00007ffbd98e0320 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc597a68c0 5 bytes JMP 00007ffbd98e0410 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc597a6920 5 bytes JMP 00007ffbd98e0230 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffc597a6d40 5 bytes JMP 00007ffbd98e03f0 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc597a6fa0 5 bytes JMP 00007ffbd98e01d0 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc597a7160 5 bytes JMP 00007ffbd98e0240 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc597a71c0 5 bytes JMP 00007ffbd98e04b0 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc597a71e0 5 bytes JMP 00007ffbd98e04c0 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc597a7240 5 bytes JMP 00007ffbd98e02f0 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc597a7260 5 bytes JMP 00007ffbd98e0350 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc597a7320 5 bytes JMP 00007ffbd98e0290 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc597a73e0 5 bytes JMP 00007ffbd98e02b0 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc597a7440 5 bytes JMP 00007ffbd98e0370 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc597a7460 5 bytes JMP 00007ffbd98e0330 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc597a7a80 5 bytes JMP 00007ffbd98e0460 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtResumeProcess 00007ffc597a7d40 5 bytes JMP 00007ffbd98e0420 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc597a7ea0 5 bytes JMP 00007ffbd98e0250 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc597a7ec0 5 bytes JMP 00007ffbd98e0260 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc597a7f00 5 bytes JMP 00007ffbd98e0400 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc597a82e0 5 bytes JMP 00007ffbd98e01e0 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc597a8300 5 bytes JMP 00007ffbd98e0200 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc597a8420 5 bytes JMP 00007ffbd98e01f0 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc597a8500 5 bytes JMP 00007ffbd98e0430 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc597a8520 5 bytes JMP 00007ffbd98e0450 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc597a8540 5 bytes JMP 00007ffbd98e0210 .text C:\WINDOWS\system32\svchost.exe[1308] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc597a8760 5 bytes JMP 00007ffbd98e0270 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc597a5230 5 bytes JMP 00007ffbd98e0480 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc597a52d0 5 bytes JMP 00007ffbd98e0470 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc597a5590 5 bytes JMP 00007ffbd98e0360 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc597a5630 5 bytes JMP 00007ffbd98e0490 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc597a5650 5 bytes JMP 00007ffbd98e03d0 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc597a57b0 5 bytes JMP 00007ffbd98e0310 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc597a5810 1 byte JMP 00007ffbd98e03a0 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffc597a5812 3 bytes {JMP 0xffffffff8013ab90} .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc597a5850 5 bytes JMP 00007ffbd98e0380 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc597a58d0 5 bytes JMP 00007ffbd98e02d0 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc597a59d0 5 bytes JMP 00007ffbd98e02c0 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc597a5a10 5 bytes JMP 00007ffbd98e0300 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc597a5a90 5 bytes JMP 00007ffbd98e03b0 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtResumeThread 00007ffc597a5b10 5 bytes JMP 00007ffbd98e0440 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc597a5b30 5 bytes JMP 00007ffbd98e03e0 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc597a5dc0 5 bytes JMP 00007ffbd98e0220 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc597a61c0 5 bytes JMP 00007ffbd98e04a0 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc597a6220 5 bytes JMP 00007ffbd98e0390 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc597a64a0 5 bytes JMP 00007ffbd98e02e0 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc597a64e0 5 bytes JMP 00007ffbd98e0340 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc597a65c0 5 bytes JMP 00007ffbd98e0280 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc597a6700 5 bytes JMP 00007ffbd98e02a0 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc597a6740 5 bytes JMP 00007ffbd98e03c0 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc597a6760 5 bytes JMP 00007ffbd98e0320 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc597a68c0 5 bytes JMP 00007ffbd98e0410 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc597a6920 5 bytes JMP 00007ffbd98e0230 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffc597a6d40 5 bytes JMP 00007ffbd98e03f0 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc597a6fa0 5 bytes JMP 00007ffbd98e01d0 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc597a7160 5 bytes JMP 00007ffbd98e0240 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc597a71c0 5 bytes JMP 00007ffbd98e04b0 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc597a71e0 5 bytes JMP 00007ffbd98e04c0 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc597a7240 5 bytes JMP 00007ffbd98e02f0 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc597a7260 5 bytes JMP 00007ffbd98e0350 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc597a7320 5 bytes JMP 00007ffbd98e0290 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc597a73e0 5 bytes JMP 00007ffbd98e02b0 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc597a7440 5 bytes JMP 00007ffbd98e0370 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc597a7460 5 bytes JMP 00007ffbd98e0330 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc597a7a80 5 bytes JMP 00007ffbd98e0460 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtResumeProcess 00007ffc597a7d40 5 bytes JMP 00007ffbd98e0420 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc597a7ea0 5 bytes JMP 00007ffbd98e0250 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc597a7ec0 5 bytes JMP 00007ffbd98e0260 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc597a7f00 5 bytes JMP 00007ffbd98e0400 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc597a82e0 5 bytes JMP 00007ffbd98e01e0 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc597a8300 5 bytes JMP 00007ffbd98e0200 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc597a8420 5 bytes JMP 00007ffbd98e01f0 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc597a8500 5 bytes JMP 00007ffbd98e0430 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc597a8520 5 bytes JMP 00007ffbd98e0450 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc597a8540 5 bytes JMP 00007ffbd98e0210 .text C:\WINDOWS\system32\taskhostw.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc597a8760 5 bytes JMP 00007ffbd98e0270 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc597a5230 5 bytes JMP 00007ffbd98e0480 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc597a52d0 5 bytes JMP 00007ffbd98e0470 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc597a5590 5 bytes JMP 00007ffbd98e0360 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc597a5630 5 bytes JMP 00007ffbd98e0490 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc597a5650 5 bytes JMP 00007ffbd98e03d0 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc597a57b0 5 bytes JMP 00007ffbd98e0310 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc597a5810 1 byte JMP 00007ffbd98e03a0 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffc597a5812 3 bytes {JMP 0xffffffff8013ab90} .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc597a5850 5 bytes JMP 00007ffbd98e0380 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc597a58d0 5 bytes JMP 00007ffbd98e02d0 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc597a59d0 5 bytes JMP 00007ffbd98e02c0 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc597a5a10 5 bytes JMP 00007ffbd98e0300 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc597a5a90 5 bytes JMP 00007ffbd98e03b0 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtResumeThread 00007ffc597a5b10 5 bytes JMP 00007ffbd98e0440 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc597a5b30 5 bytes JMP 00007ffbd98e03e0 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc597a5dc0 5 bytes JMP 00007ffbd98e0220 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc597a61c0 5 bytes JMP 00007ffbd98e04a0 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc597a6220 5 bytes JMP 00007ffbd98e0390 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc597a64a0 5 bytes JMP 00007ffbd98e02e0 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc597a64e0 5 bytes JMP 00007ffbd98e0340 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc597a65c0 5 bytes JMP 00007ffbd98e0280 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc597a6700 5 bytes JMP 00007ffbd98e02a0 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc597a6740 5 bytes JMP 00007ffbd98e03c0 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc597a6760 5 bytes JMP 00007ffbd98e0320 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc597a68c0 5 bytes JMP 00007ffbd98e0410 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc597a6920 5 bytes JMP 00007ffbd98e0230 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffc597a6d40 5 bytes JMP 00007ffbd98e03f0 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc597a6fa0 5 bytes JMP 00007ffbd98e01d0 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc597a7160 5 bytes JMP 00007ffbd98e0240 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc597a71c0 5 bytes JMP 00007ffbd98e04b0 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc597a71e0 5 bytes JMP 00007ffbd98e04c0 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc597a7240 5 bytes JMP 00007ffbd98e02f0 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc597a7260 5 bytes JMP 00007ffbd98e0350 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc597a7320 5 bytes JMP 00007ffbd98e0290 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc597a73e0 5 bytes JMP 00007ffbd98e02b0 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc597a7440 5 bytes JMP 00007ffbd98e0370 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc597a7460 5 bytes JMP 00007ffbd98e0330 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc597a7a80 5 bytes JMP 00007ffbd98e0460 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtResumeProcess 00007ffc597a7d40 5 bytes JMP 00007ffbd98e0420 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc597a7ea0 5 bytes JMP 00007ffbd98e0250 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc597a7ec0 5 bytes JMP 00007ffbd98e0260 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc597a7f00 5 bytes JMP 00007ffbd98e0400 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc597a82e0 5 bytes JMP 00007ffbd98e01e0 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc597a8300 5 bytes JMP 00007ffbd98e0200 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc597a8420 5 bytes JMP 00007ffbd98e01f0 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc597a8500 5 bytes JMP 00007ffbd98e0430 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc597a8520 5 bytes JMP 00007ffbd98e0450 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc597a8540 5 bytes JMP 00007ffbd98e0210 .text C:\WINDOWS\Explorer.EXE[4028] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc597a8760 5 bytes JMP 00007ffbd98e0270 ? C:\Windows\SYSTEM32\ActXPrxy.dll [3228] entry point in ".rdata" section 000000006c49bd10 ? C:\Windows\SYSTEM32\ActXPrxy.dll [3096] entry point in ".rdata" section 000000006c49bd10 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffc597a5230 5 bytes JMP 00007ffbd98e0480 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffc597a52d0 5 bytes JMP 00007ffbd98e0470 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffc597a5590 5 bytes JMP 00007ffbd98e0360 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffc597a5630 5 bytes JMP 00007ffbd98e0490 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffc597a5650 5 bytes JMP 00007ffbd98e03d0 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffc597a57b0 5 bytes JMP 00007ffbd98e0310 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffc597a5810 1 byte JMP 00007ffbd98e03a0 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffc597a5812 3 bytes {JMP 0xffffffff8013ab90} .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffc597a5850 5 bytes JMP 00007ffbd98e0380 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffc597a58d0 5 bytes JMP 00007ffbd98e02d0 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffc597a59d0 5 bytes JMP 00007ffbd98e02c0 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffc597a5a10 5 bytes JMP 00007ffbd98e0300 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffc597a5a90 5 bytes JMP 00007ffbd98e03b0 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtResumeThread 00007ffc597a5b10 5 bytes JMP 00007ffbd98e0440 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffc597a5b30 5 bytes JMP 00007ffbd98e03e0 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffc597a5dc0 5 bytes JMP 00007ffbd98e0220 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffc597a61c0 5 bytes JMP 00007ffbd98e04a0 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffc597a6220 5 bytes JMP 00007ffbd98e0390 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffc597a64a0 5 bytes JMP 00007ffbd98e02e0 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffc597a64e0 5 bytes JMP 00007ffbd98e0340 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffc597a65c0 5 bytes JMP 00007ffbd98e0280 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffc597a6700 5 bytes JMP 00007ffbd98e02a0 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffc597a6740 5 bytes JMP 00007ffbd98e03c0 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffc597a6760 5 bytes JMP 00007ffbd98e0320 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffc597a68c0 5 bytes JMP 00007ffbd98e0410 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffc597a6920 5 bytes JMP 00007ffbd98e0230 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffc597a6d40 5 bytes JMP 00007ffbd98e03f0 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffc597a6fa0 5 bytes JMP 00007ffbd98e01d0 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffc597a7160 5 bytes JMP 00007ffbd98e0240 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffc597a71c0 5 bytes JMP 00007ffbd98e04b0 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffc597a71e0 5 bytes JMP 00007ffbd98e04c0 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffc597a7240 5 bytes JMP 00007ffbd98e02f0 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffc597a7260 5 bytes JMP 00007ffbd98e0350 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffc597a7320 5 bytes JMP 00007ffbd98e0290 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffc597a73e0 5 bytes JMP 00007ffbd98e02b0 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffc597a7440 5 bytes JMP 00007ffbd98e0370 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffc597a7460 5 bytes JMP 00007ffbd98e0330 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffc597a7a80 5 bytes JMP 00007ffbd98e0460 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtResumeProcess 00007ffc597a7d40 5 bytes JMP 00007ffbd98e0420 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffc597a7ea0 5 bytes JMP 00007ffbd98e0250 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffc597a7ec0 5 bytes JMP 00007ffbd98e0260 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffc597a7f00 5 bytes JMP 00007ffbd98e0400 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffc597a82e0 5 bytes JMP 00007ffbd98e01e0 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffc597a8300 5 bytes JMP 00007ffbd98e0200 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffc597a8420 5 bytes JMP 00007ffbd98e01f0 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffc597a8500 5 bytes JMP 00007ffbd98e0430 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffc597a8520 5 bytes JMP 00007ffbd98e0450 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffc597a8540 5 bytes JMP 00007ffbd98e0210 .text C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffc597a8760 5 bytes JMP 00007ffbd98e0270 ? C:\WINDOWS\SYSTEM32\iertutil.dll [5788] entry point in ".rdata" section 000000007231cb70 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [5788] entry point in ".rdata" section 0000000070f3bb10 ? C:\WINDOWS\system32\apphelp.dll [5648] entry point in ".rdata" section 000000006e4d0380 ? C:\WINDOWS\SYSTEM32\MPRAPI.dll [5972] entry point in ".rdata" section 0000000065f136a0 ? C:\WINDOWS\system32\apphelp.dll [9976] entry point in ".rdata" section 000000006e4d0380 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [9976] entry point in ".rdata" section 0000000070f3bb10 ? C:\WINDOWS\system32\d3d10_1.dll [9976] entry point in ".rdata" section 000000005fcd24b0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [9976] entry point in ".rdata" section 000000007231cb70 ? C:\WINDOWS\system32\apphelp.dll [7712] entry point in ".rdata" section 000000006e4d0380 ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [820:876] fffff96138514060 Thread C:\Windows\System32\WUDFHost.exe [1040:1520] 000000005e543810 Thread C:\Windows\System32\WUDFHost.exe [1040:1524] 000000005e543810 Thread C:\Windows\System32\WUDFHost.exe [1040:1528] 000000005e543810 Thread C:\Windows\System32\WUDFHost.exe [1040:1556] 000000005e543810 Thread C:\Windows\System32\WUDFHost.exe [1040:1572] 000000005e543810 Thread C:\WINDOWS\System32\svchost.exe [1112:5924] 00007ffc492a1670 Thread C:\WINDOWS\system32\svchost.exe [1308:3024] 00007ffc47511240 Thread C:\WINDOWS\system32\svchost.exe [1308:3028] 00007ffc475a9490 Thread C:\WINDOWS\system32\svchost.exe [1308:3032] 00007ffc46da29b0 Thread C:\WINDOWS\system32\svchost.exe [1308:3240] 00007ffc495e3d30 Thread C:\WINDOWS\system32\svchost.exe [1308:4624] 00007ffc53f54350 Thread C:\WINDOWS\system32\svchost.exe [1308:7716] 00007ffc495e22b0 Thread C:\WINDOWS\system32\svchost.exe [1316:1368] 00007ffc51d2cc70 Thread C:\WINDOWS\system32\svchost.exe [1316:1388] 00007ffc51d2d540 Thread C:\WINDOWS\system32\svchost.exe [1316:1392] 00007ffc51d2db50 Thread C:\WINDOWS\system32\svchost.exe [1316:1396] 00007ffc51d2bed0 Thread C:\WINDOWS\system32\svchost.exe [1316:1992] 00007ffc4923a840 Thread C:\WINDOWS\system32\svchost.exe [1316:2104] 00007ffc48a8fd10 Thread C:\WINDOWS\system32\svchost.exe [1316:3052] 00007ffc4867c040 Thread C:\WINDOWS\system32\svchost.exe [1316:3324] 00007ffc48992750 Thread C:\WINDOWS\system32\svchost.exe [1316:1960] 00007ffc346a6f80 Thread C:\WINDOWS\system32\svchost.exe [1316:6092] 00007ffc346a6f80 Thread C:\WINDOWS\system32\svchost.exe [1316:5216] 00007ffc346a6f80 Thread C:\WINDOWS\system32\svchost.exe [1316:5048] 00007ffc346a6f80 Thread C:\WINDOWS\system32\svchost.exe [1316:4600] 00007ffc341dc900 Thread C:\WINDOWS\system32\svchost.exe [1316:6548] 00007ffc52001d70 Thread C:\WINDOWS\system32\svchost.exe [1316:7068] 00007ffc52001480 Thread C:\WINDOWS\system32\svchost.exe [1316:2836] 00007ffc48e52fd0 Thread C:\WINDOWS\system32\svchost.exe [1316:4216] 00007ffc44701a20 Thread C:\WINDOWS\system32\svchost.exe [1316:4212] 00007ffc51d26a30 Thread C:\WINDOWS\system32\svchost.exe [1316:6440] 00007ffc51d2dd00 Thread C:\WINDOWS\system32\svchost.exe [1316:3180] 00007ffc48af25d0 Thread C:\WINDOWS\System32\spoolsv.exe [1860:5712] 00007ffc46066320 Thread C:\WINDOWS\System32\spoolsv.exe [1860:5716] 00007ffc471d29a0 Thread C:\WINDOWS\System32\spoolsv.exe [1860:5728] 00007ffc49121180 Thread C:\WINDOWS\System32\spoolsv.exe [1860:5732] 00007ffc37eecd90 Thread C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2244:4264] 00007ffc43267944 Thread C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2244:4268] 00007ffc4312beb4 Thread C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2244:5100] 00007ffc4312beb4 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x66 0x52 0x3A 0x39 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0xAB 0x7E 0x64 0x38 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 53 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\LEN40B00_00_07DC_A3^71D24FCFB31152D6B4723C3ED4370A20@Timestamp 0x71 0x8C 0x4F 0xBA ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 796 Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@HUAWEI Mobile Connect - Network Card 1? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 834817157 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID d8ab9134-4ae5-4e8a-bb2c-9eb775b Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 2 Reg HKLM\SYSTEM\CurrentControlSet\Enum@NextParentID.6adca1e.6 3 Reg HKLM\SYSTEM\CurrentControlSet\Enum@NextParentID.98d59b3.6 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@BootCounter 16 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@TickCounter 5899132 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@SystemRoot \Device\HarddiskVolume4\WINDOWS Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456175296453 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456175296453@ Reverted Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456175296453@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456175296453@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456175296453@CreationTime 0xB6 0xDE 0x3A 0x27 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456175296453@SetupOperations MoveFile("\??\c:\program files\avast software\avast\aavm4h.dll.1456175296453","\??\c:\program files\avast software\avast\aavm4h.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\aavm4h.dll.sum.1456175296453","\??\c:\program files\avast software\avast\aavm4h.dll.sum",TRUE)? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456175296453@StartBootCounter 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456175296453@StartTickCounter 9477 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456323727937 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456323727937@ Reverted Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456323727937@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456323727937@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456323727937@CreationTime 0x64 0x1D 0xAE 0xBE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456323727937@SetupOperations DeleteFile("\??\c:\windows\system32\drivers\aswsp.sys.1456323727937")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\x64\aswsp.sys.1456323727937")? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456323727937@StartBootCounter 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456323727937@StartTickCounter 9477 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456984626078 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456984626078@ Commited Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456984626078@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456984626078@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456984626078@CreationTime 0x06 0x66 0x39 0x86 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456984626078@SetupOperations MoveFile("\??\c:\program files\avast software\avast\aswstreamfilter.dll.1456984626078","\??\c:\program files\avast software\avast\aswstreamfilter.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\aswstreamfilter.dll.sum.1456984626078","\??\c:\program files\avast software\avast\aswstreamfilter.dll.sum",TRUE)? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456984626078@StartBootCounter 4 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1456984626078@StartTickCounter 9477 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641823859 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641823859@ Commited Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641823859@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641823859@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641823859@CreationTime 0x48 0x22 0xC3 0xBB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641823859@SetupOperations MoveFile("\??\c:\program files\avast software\avast\aavm4h.dll.1457641823859","\??\c:\program files\avast software\avast\aavm4h.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\aavm4h.dll.sum.1457641823859","\??\c:\program files\avast software\avast\aavm4h.dll.sum",TRUE)?MoveFile("\??\c:\program files\avast software\avast\aavmrpch.dll.1457641823859","\??\c:\program files\avast software\avast\aavmrpch.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\aavmrpch.dll.sum.1457641823859","\??\c:\program files\avast software\avast\aavmrpch.dll.sum",TRUE)?MoveFile("\??\c:\program files\avast software\avast\avastnm.exe.1457641823859","\??\c:\program files\avast software\avast\avastnm.exe",TRUE)?MoveFile("\??\c:\program files\avast software\avast\avastnm.exe.sum.1457641823859","\??\c:\program files\avast software\avast\avastnm.exe.sum",TRUE)?MoveFile("\??\c:\program files\avast software\avast\avastui.exe.1457641823859","\??\c:\program files\avast software\avast\avastui.exe",TRUE)?MoveFile("\? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641823859@StartBootCounter 8 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641823859@StartTickCounter 1076939 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641850046 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641850046@ Commited Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641850046@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641850046@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641850046@CreationTime 0x48 0x31 0x7C 0xBE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641850046@SetupOperations DeleteFile("\??\c:\windows\system32\drivers\aswmonflt.sys.1457641850046")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\x64\aswmonflt.sys.1457641850046")?DeleteFile("\??\c:\windows\system32\drivers\aswsnx.sys.1457641850046")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\x64\aswsnx.sys.1457641850046")? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641850046@StartBootCounter 8 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641850046@StartTickCounter 1076939 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641855328 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641855328@ Commited Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641855328@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641855328@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641855328@CreationTime 0xAC 0x72 0xE1 0xBF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641855328@SetupOperations MoveFile("\??\c:\program files\avast software\avast\pam.dll.1457641855328","\??\c:\program files\avast software\avast\pam.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\pam.dll.sum.1457641855328","\??\c:\program files\avast software\avast\pam.dll.sum",TRUE)? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641855328@StartBootCounter 8 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457641855328@StartTickCounter 1076939 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457860577921 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457860577921@ Commited Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457860577921@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457860577921@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457860577921@CreationTime 0x52 0x52 0x9D 0x04 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457860577921@SetupOperations DeleteFile("\??\c:\program files\avast software\avast\aavm4h.dll.1457641823859.1457860577921")?DeleteFile("\??\c:\program files\avast software\avast\aavm4h.dll.sum.1457641823859.1457860577921")? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457860577921@StartBootCounter 8 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1457860577921@StartTickCounter 1076939 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458056559828 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458056559828@ Commited Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458056559828@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458056559828@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458056559828@CreationTime 0x5C 0x6B 0x1E 0x4E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458056559828@SetupOperations DeleteFile("\??\C:\ProgramData\AVAST Software\Avast\streamfilter.ini.Conf.1458056559828")? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458056559828@StartBootCounter 8 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458056559828@StartTickCounter 1076939 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458255790937 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458255790937@ Commited Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458255790937@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458255790937@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458255790937@CreationTime 0x0B 0xE5 0x4C 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458255790937@StartBootCounter 10 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458255790937@StartTickCounter 3102367 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458469484937 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458469484937@ Commited Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458469484937@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458469484937@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458469484937@CreationTime 0x28 0x32 0xBA 0xBE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458469484937@SetupOperations MoveFile("\??\c:\program files\avast software\avast\avastui.exe.1458469484937","\??\c:\program files\avast software\avast\avastui.exe",TRUE)?MoveFile("\??\c:\program files\avast software\avast\avastui.exe.sum.1458469484937","\??\c:\program files\avast software\avast\avastui.exe.sum",TRUE)?MoveFile("\??\c:\program files\avast software\avast\commonres.dll.1458469484937","\??\c:\program files\avast software\avast\commonres.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\commonres.dll.sum.1458469484937","\??\c:\program files\avast software\avast\commonres.dll.sum",TRUE)? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458469484937@StartBootCounter 10 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458469484937@StartTickCounter 3102367 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458684277734 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458684277734@ Commited Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458684277734@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458684277734@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458684277734@CreationTime 0x7F 0xA4 0xD5 0xD3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458684277734@SetupOperations MoveFile("\??\c:\program files\avast software\avast\aavm4h.dll.1458684277734","\??\c:\program files\avast software\avast\aavm4h.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\aavm4h.dll.sum.1458684277734","\??\c:\program files\avast software\avast\aavm4h.dll.sum",TRUE)?MoveFile("\??\c:\program files\avast software\avast\aavmrpch.dll.1458684277734","\??\c:\program files\avast software\avast\aavmrpch.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\aavmrpch.dll.sum.1458684277734","\??\c:\program files\avast software\avast\aavmrpch.dll.sum",TRUE)?MoveFile("\??\c:\program files\avast software\avast\avastnm.exe.1458684277734","\??\c:\program files\avast software\avast\avastnm.exe",TRUE)?MoveFile("\??\c:\program files\avast software\avast\avastnm.exe.sum.1458684277734","\??\c:\program files\avast software\avast\avastnm.exe.sum",TRUE)? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458684277734@StartBootCounter 10 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458684277734@StartTickCounter 3102367 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458774190171 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458774190171@ Commited Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458774190171@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458774190171@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458774190171@CreationTime 0x69 0x84 0x07 0x2C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458774190171@SetupOperations DeleteFile("\??\c:\program files\avast software\avast\avastui.exe.1458469484937.1458774190171")?DeleteFile("\??\c:\program files\avast software\avast\avastui.exe.sum.1458469484937.1458774190171")? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458774190171@StartBootCounter 10 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1458774190171@StartTickCounter 3102367 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1459613453000 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1459613453000@ Commited Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1459613453000@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1459613453000@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1459613453000@CreationTime 0xA3 0xFD 0x7A 0x3B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1459613453000@SetupOperations DeleteFile("\??\c:\program files\avast software\avast\aavm4h.dll.1458684277734.1459613453000")?DeleteFile("\??\c:\program files\avast software\avast\aavm4h.dll.sum.1458684277734.1459613453000")? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1459613453000@StartBootCounter 10 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1459613453000@StartTickCounter 3102367 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1459613454671 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1459613454671@ Commited Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1459613454671@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1459613454671@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1459613454671@CreationTime 0x68 0x1B 0xA6 0x3B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1459613454671@SetupOperations DeleteFile("\??\c:\program files\avast software\avast\asww10mon.exe")? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1459613454671@StartBootCounter 10 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1459613454671@StartTickCounter 3102367 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460445557937 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460445557937@ Reverted Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460445557937@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460445557937@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460445557937@CreationTime 0x8B 0x67 0x57 0xAC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460445557937@SetupOperations MoveFile("\??\c:\program files\avast software\avast\aavm4h.dll.1460445557937","\??\c:\program files\avast software\avast\aavm4h.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\aavm4h.dll.sum.1460445557937","\??\c:\program files\avast software\avast\aavm4h.dll.sum",TRUE)? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460445557937@StartBootCounter 11 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460445557937@StartTickCounter 4678644 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460704802921 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460704802921@ Reverted Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460704802921@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460704802921@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460704802921@CreationTime 0x64 0xF2 0x7F 0x48 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460704802921@SetupOperations MoveFile("\??\c:\program files\avast software\avast\ashserv.dll.1460704802921","\??\c:\program files\avast software\avast\ashserv.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\ashserv.dll.sum.1460704802921","\??\c:\program files\avast software\avast\ashserv.dll.sum",TRUE)? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460704802921@StartBootCounter 11 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460704802921@StartTickCounter 4678644 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460704829171 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460704829171@ Reverted Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460704829171@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460704829171@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460704829171@CreationTime 0xE5 0x4E 0x11 0x4C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460704829171@SetupOperations MoveFile("\??\c:\program files\avast software\avast\ffl2.dll.1460704829171","\??\c:\program files\avast software\avast\ffl2.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\ffl2.dll.sum.1460704829171","\??\c:\program files\avast software\avast\ffl2.dll.sum",TRUE)? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460704829171@StartBootCounter 11 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1460704829171@StartTickCounter 4678644 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1463125602078 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1463125602078@ Commited Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1463125602078@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1463125602078@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1463125602078@CreationTime 0x87 0x0C 0x68 0x9B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1463125602078@SetupOperations MoveFile("\??\c:\program files\avast software\avast\libeay32.dll.1463125602078","\??\c:\program files\avast software\avast\libeay32.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\libeay32.dll.sum.1463125602078","\??\c:\program files\avast software\avast\libeay32.dll.sum",TRUE)?MoveFile("\??\c:\program files\avast software\avast\ssleay32.dll.1463125602078","\??\c:\program files\avast software\avast\ssleay32.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\ssleay32.dll.sum.1463125602078","\??\c:\program files\avast software\avast\ssleay32.dll.sum",TRUE)? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1463125602078@StartBootCounter 15 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1463125602078@StartTickCounter 5851018 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1463125610703 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1463125610703@ Commited Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1463125610703@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1463125610703@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1463125610703@CreationTime 0xB9 0x43 0x52 0x9E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1463125610703@SetupOperations DeleteFile("\??\c:\windows\temp\patch20160505.dll")? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1463125610703@StartBootCounter 15 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\1463125610703@StartTickCounter 5851018 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Performance@PerfMMFileName Global\MMF_BITS_s Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\142d273a8a5c Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\142d273a8a5c@9cd35ba524ef 0xF7 0x22 0x91 0xC9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@Bluetooth_UniqueID {00001116-0000-1000-8000-00805f9b34fb}#9CD35BA524EF_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001@Bluetooth_UniqueID {00001105-0000-1000-8000-00805f9b34fb}#9CD35BA524EF_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002@Bluetooth_UniqueID {00001112-0000-1000-8000-00805f9b34fb}#9CD35BA524EF_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@Bluetooth_UniqueID {0000110c-0000-1000-8000-00805f9b34fb}#9CD35BA524EF_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005@Bluetooth_UniqueID {00001115-0000-1000-8000-00805f9b34fb}#9CD35BA524EF_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0006 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0006@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0006@Bluetooth_UniqueID {0000112d-0000-1000-8000-00805f9b34fb}#9CD35BA524EF_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0006@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0009 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0009@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0009@Bluetooth_UniqueID {0000111f-0000-1000-8000-00805f9b34fb}#9CD35BA524EF_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0009@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0010 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0010@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0010@Bluetooth_UniqueID {00000000-0000-0000-0000-000000000000}#9CD35BA524EF_00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0010@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0011 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0011@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0011@Bluetooth_UniqueID {0000110a-0000-1000-8000-00805f9b34fb}#9CD35BA524EF_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0011@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0012 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0012@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0012@Bluetooth_UniqueID {0000112f-0000-1000-8000-00805f9b34fb}#9CD35BA524EF_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0012@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Fastboot\Parameters@Checksum -545896964 Reg HKLM\SYSTEM\CurrentControlSet\Services\ialm\Device0@ProfilingToolValues 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\IBMPMSVC\Parameters\Notification@Type2 2064 Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Export \Device\LanmanServer_NetBT_Tcpip_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\LanmanServer_Tcpip_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\LanmanServer_NetBT_Tcpip6_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\LanmanServer_Tcpip6_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\LanmanServer_NetBT_Tcpip_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\LanmanServer_Tcpip_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\LanmanServer_NetBT_Tcpip6_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\LanmanServer_Tcpip6_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\LanmanServer_NetBT_Tcpip_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\LanmanServer_Tcpip_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\LanmanServer_NetBT_Tcpip6_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\LanmanServer_Tcpip6_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\LanmanServer_NetBT_Tcpip_{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\LanmanServer_Tcpip_{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\LanmanServer_NetBT_Tcpip6_{20265AEC-D3FD-4F Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Bind \Device\NetBT_Tcpip_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\Tcpip_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\NetBT_Tcpip6_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\Tcpip6_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\NetBT_Tcpip_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\Tcpip_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\NetBT_Tcpip6_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\Tcpip6_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\NetBT_Tcpip_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\Tcpip_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\NetBT_Tcpip6_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\Tcpip6_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\NetBT_Tcpip_{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\Tcpip_{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\NetBT_Tcpip6_{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\Tcpip6_{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\NetBT_Tcpip_{5FDBB0E4-5FF7-454F-86A8-A8A160135974}?\Device\Tcpip_{5FDBB0E4-5FF7-454F-86A8-A8A160135974}?\Device Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Route "NetBT" "Tcpip" "{0BA7BAB2-F559-4998-8301-CB300EF0030F}"?"Tcpip" "{0BA7BAB2-F559-4998-8301-CB300EF0030F}"?"NetBT" "Tcpip6" "{0BA7BAB2-F559-4998-8301-CB300EF0030F}"?"Tcpip6" "{0BA7BAB2-F559-4998-8301-CB300EF0030F}"?"NetBT" "Tcpip" "{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}"?"Tcpip" "{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}"?"NetBT" "Tcpip6" "{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}"?"Tcpip6" "{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}"?"NetBT" "Tcpip" "{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}"?"Tcpip" "{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}"?"NetBT" "Tcpip6" "{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}"?"Tcpip6" "{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}"?"NetBT" "Tcpip" "{20265AEC-D3FD-4F1D-8540-5AF401F54C87}"?"Tcpip" "{20265AEC-D3FD-4F1D-8540-5AF401F54C87}"?"NetBT" "Tcpip6" "{20265AEC-D3FD-4F1D-8540-5AF401F54C87}"?"Tcpip6" "{20265AEC-D3FD-4F1D-8540-5AF401F54C87}"?"NetBT" "Tcpip" "{5FDBB0E4-5FF7-454F-86A8-A8A160135974}"?"Tcpip" "{5FDBB0E4-5FF7-454F-86A8-A8A160135974}"?"NetBT" "Tcpip6" "{5FDBB0E4-5FF7-454F-86A8-A8A160135974}"?"Tc Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage@Export \Device\LanmanWorkstation_NetBT_Tcpip_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\LanmanWorkstation_Tcpip_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\LanmanWorkstation_NetBT_Tcpip6_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\LanmanWorkstation_Tcpip6_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\LanmanWorkstation_NetBT_Tcpip_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\LanmanWorkstation_Tcpip_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\LanmanWorkstation_NetBT_Tcpip6_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\LanmanWorkstation_Tcpip6_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\LanmanWorkstation_NetBT_Tcpip_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\LanmanWorkstation_Tcpip_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\LanmanWorkstation_NetBT_Tcpip6_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\LanmanWorkstation_Tcpip6_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\LanmanWorkstation_NetBT_Tcpip_{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\LanmanWorkstation_Tcpip_{20265AEC-D3FD-4F1D- Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage@Bind \Device\NetBT_Tcpip_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\Tcpip_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\NetBT_Tcpip6_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\Tcpip6_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\NetBT_Tcpip_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\Tcpip_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\NetBT_Tcpip6_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\Tcpip6_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\NetBT_Tcpip_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\Tcpip_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\NetBT_Tcpip6_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\Tcpip6_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\NetBT_Tcpip_{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\Tcpip_{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\NetBT_Tcpip6_{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\Tcpip6_{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\NetBT_Tcpip_{5FDBB0E4-5FF7-454F-86A8-A8A160135974}?\Device\Tcpip_{5FDBB0E4-5FF7-454F-86A8-A8A160135974}?\Device Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage@Route "NetBT" "Tcpip" "{0BA7BAB2-F559-4998-8301-CB300EF0030F}"?"Tcpip" "{0BA7BAB2-F559-4998-8301-CB300EF0030F}"?"NetBT" "Tcpip6" "{0BA7BAB2-F559-4998-8301-CB300EF0030F}"?"Tcpip6" "{0BA7BAB2-F559-4998-8301-CB300EF0030F}"?"NetBT" "Tcpip" "{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}"?"Tcpip" "{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}"?"NetBT" "Tcpip6" "{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}"?"Tcpip6" "{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}"?"NetBT" "Tcpip" "{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}"?"Tcpip" "{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}"?"NetBT" "Tcpip6" "{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}"?"Tcpip6" "{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}"?"NetBT" "Tcpip" "{20265AEC-D3FD-4F1D-8540-5AF401F54C87}"?"Tcpip" "{20265AEC-D3FD-4F1D-8540-5AF401F54C87}"?"NetBT" "Tcpip6" "{20265AEC-D3FD-4F1D-8540-5AF401F54C87}"?"Tcpip6" "{20265AEC-D3FD-4F1D-8540-5AF401F54C87}"?"NetBT" "Tcpip" "{5FDBB0E4-5FF7-454F-86A8-A8A160135974}"?"Tcpip" "{5FDBB0E4-5FF7-454F-86A8-A8A160135974}"?"NetBT" "Tcpip6" "{5FDBB0E4-5FF7-454F-86A8-A8A160135974}"?"Tc Reg HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters\Wdf@TimeOfLastTelemetryLog 0x03 0xFC 0xBE 0x38 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Ndisuio\Linkage@Export \Device\Ndisuio_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\Ndisuio_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\Ndisuio_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\Ndisuio_{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\Ndisuio_{5FDBB0E4-5FF7-454F-86A8-A8A160135974}?\Device\Ndisuio_{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\Ndisuio_{DFA18D8C-0771-4B6F-B877-B76B56DA823D}?\Device\Ndisuio_{4C9198C6-75D6-4C6F-AB52-196A7BDAD5B4}? Reg HKLM\SYSTEM\CurrentControlSet\Services\Ndisuio\Linkage@Bind \Device\{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\{5FDBB0E4-5FF7-454F-86A8-A8A160135974}?\Device\{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\{DFA18D8C-0771-4B6F-B877-B76B56DA823D}?\Device\{4C9198C6-75D6-4C6F-AB52-196A7BDAD5B4}? Reg HKLM\SYSTEM\CurrentControlSet\Services\Ndisuio\Linkage@Route "{0BA7BAB2-F559-4998-8301-CB300EF0030F}"?"{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}"?"{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}"?"{20265AEC-D3FD-4F1D-8540-5AF401F54C87}"?"{5FDBB0E4-5FF7-454F-86A8-A8A160135974}"?"{8718928D-CBEB-45EA-A621-800A9249001D}"?"{DFA18D8C-0771-4B6F-B877-B76B56DA823D}"?"{4C9198C6-75D6-4C6F-AB52-196A7BDAD5B4}"? Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage@Export \Device\NetBIOS_NetBT_Tcpip_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\NetBIOS_NetBT_Tcpip6_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\NetBIOS_NetBT_Tcpip_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\NetBIOS_NetBT_Tcpip6_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\NetBIOS_NetBT_Tcpip_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\NetBIOS_NetBT_Tcpip6_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\NetBIOS_NetBT_Tcpip_{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\NetBIOS_NetBT_Tcpip6_{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\NetBIOS_NetBT_Tcpip_{5FDBB0E4-5FF7-454F-86A8-A8A160135974}?\Device\NetBIOS_NetBT_Tcpip6_{5FDBB0E4-5FF7-454F-86A8-A8A160135974}?\Device\NetBIOS_NetBT_Tcpip_{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\NetBIOS_NetBT_Tcpip6_{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\NetBIOS_NetBT_Tcpip_{DFA18D8C-0771-4B6F-B877-B76B56DA823D}?\Device\NetBIOS_NetBT_Tcpip6_{DFA18D8C-0771-4B6F-B877-B76B56DA823D}?\Device\NetBIOS_NetBT_Tcpip_{4C9198C6-75D6-4C6F-AB52-196A7BDAD5B4}?\Device\Net Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage@Bind \Device\NetBT_Tcpip_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\NetBT_Tcpip6_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\NetBT_Tcpip_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\NetBT_Tcpip6_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\NetBT_Tcpip_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\NetBT_Tcpip6_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\NetBT_Tcpip_{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\NetBT_Tcpip6_{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\NetBT_Tcpip_{5FDBB0E4-5FF7-454F-86A8-A8A160135974}?\Device\NetBT_Tcpip6_{5FDBB0E4-5FF7-454F-86A8-A8A160135974}?\Device\NetBT_Tcpip_{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\NetBT_Tcpip6_{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\NetBT_Tcpip_{DFA18D8C-0771-4B6F-B877-B76B56DA823D}?\Device\NetBT_Tcpip6_{DFA18D8C-0771-4B6F-B877-B76B56DA823D}?\Device\NetBT_Tcpip_{4C9198C6-75D6-4C6F-AB52-196A7BDAD5B4}?\Device\NetBT_Tcpip6_{4C9198C6-75D6-4C6F-AB52-196A7BDAD5B4}? Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage@Route "NetBT" "Tcpip" "{0BA7BAB2-F559-4998-8301-CB300EF0030F}"?"NetBT" "Tcpip6" "{0BA7BAB2-F559-4998-8301-CB300EF0030F}"?"NetBT" "Tcpip" "{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}"?"NetBT" "Tcpip6" "{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}"?"NetBT" "Tcpip" "{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}"?"NetBT" "Tcpip6" "{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}"?"NetBT" "Tcpip" "{20265AEC-D3FD-4F1D-8540-5AF401F54C87}"?"NetBT" "Tcpip6" "{20265AEC-D3FD-4F1D-8540-5AF401F54C87}"?"NetBT" "Tcpip" "{5FDBB0E4-5FF7-454F-86A8-A8A160135974}"?"NetBT" "Tcpip6" "{5FDBB0E4-5FF7-454F-86A8-A8A160135974}"?"NetBT" "Tcpip" "{8718928D-CBEB-45EA-A621-800A9249001D}"?"NetBT" "Tcpip6" "{8718928D-CBEB-45EA-A621-800A9249001D}"?"NetBT" "Tcpip" "{DFA18D8C-0771-4B6F-B877-B76B56DA823D}"?"NetBT" "Tcpip6" "{DFA18D8C-0771-4B6F-B877-B76B56DA823D}"?"NetBT" "Tcpip" "{4C9198C6-75D6-4C6F-AB52-196A7BDAD5B4}"?"NetBT" "Tcpip6" "{4C9198C6-75D6-4C6F-AB52-196A7BDAD5B4}"? Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS\Parameters@MaxLana 15 Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Linkage@Export \Device\NetBT_Tcpip_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\NetBT_Tcpip6_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\NetBT_Tcpip_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\NetBT_Tcpip6_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\NetBT_Tcpip_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\NetBT_Tcpip6_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\NetBT_Tcpip_{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\NetBT_Tcpip6_{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\NetBT_Tcpip_{5FDBB0E4-5FF7-454F-86A8-A8A160135974}?\Device\NetBT_Tcpip6_{5FDBB0E4-5FF7-454F-86A8-A8A160135974}?\Device\NetBT_Tcpip_{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\NetBT_Tcpip6_{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\NetBT_Tcpip_{DFA18D8C-0771-4B6F-B877-B76B56DA823D}?\Device\NetBT_Tcpip6_{DFA18D8C-0771-4B6F-B877-B76B56DA823D}?\Device\NetBT_Tcpip_{4C9198C6-75D6-4C6F-AB52-196A7BDAD5B4}?\Device\NetBT_Tcpip6_{4C9198C6-75D6-4C6F-AB52-196A7BDAD5B4}?\Device\NetBT_Tcpip_{1C17FFB4-6E49-4992-A54D-971CCC201392}?\Device\NetB Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Linkage@Bind \Device\Tcpip_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\Tcpip6_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\Tcpip_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\Tcpip6_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\Tcpip_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\Tcpip6_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\Tcpip_{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\Tcpip6_{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\Tcpip_{5FDBB0E4-5FF7-454F-86A8-A8A160135974}?\Device\Tcpip6_{5FDBB0E4-5FF7-454F-86A8-A8A160135974}?\Device\Tcpip_{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\Tcpip6_{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\Tcpip_{DFA18D8C-0771-4B6F-B877-B76B56DA823D}?\Device\Tcpip6_{DFA18D8C-0771-4B6F-B877-B76B56DA823D}?\Device\Tcpip_{4C9198C6-75D6-4C6F-AB52-196A7BDAD5B4}?\Device\Tcpip6_{4C9198C6-75D6-4C6F-AB52-196A7BDAD5B4}?\Device\Tcpip_{1C17FFB4-6E49-4992-A54D-971CCC201392}?\Device\Tcpip6_{1C17FFB4-6E49-4992-A54D-971CCC201392}? Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Linkage@Route "Tcpip" "{0BA7BAB2-F559-4998-8301-CB300EF0030F}"?"Tcpip6" "{0BA7BAB2-F559-4998-8301-CB300EF0030F}"?"Tcpip" "{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}"?"Tcpip6" "{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}"?"Tcpip" "{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}"?"Tcpip6" "{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}"?"Tcpip" "{20265AEC-D3FD-4F1D-8540-5AF401F54C87}"?"Tcpip6" "{20265AEC-D3FD-4F1D-8540-5AF401F54C87}"?"Tcpip" "{5FDBB0E4-5FF7-454F-86A8-A8A160135974}"?"Tcpip6" "{5FDBB0E4-5FF7-454F-86A8-A8A160135974}"?"Tcpip" "{8718928D-CBEB-45EA-A621-800A9249001D}"?"Tcpip6" "{8718928D-CBEB-45EA-A621-800A9249001D}"?"Tcpip" "{DFA18D8C-0771-4B6F-B877-B76B56DA823D}"?"Tcpip6" "{DFA18D8C-0771-4B6F-B877-B76B56DA823D}"?"Tcpip" "{4C9198C6-75D6-4C6F-AB52-196A7BDAD5B4}"?"Tcpip6" "{4C9198C6-75D6-4C6F-AB52-196A7BDAD5B4}"? Reg HKLM\SYSTEM\CurrentControlSet\Services\pla\Configuration@RPCEndPoint {691F98EF-FAF6-4785-9D92-6919A47259BC} Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 8415 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 1364 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 52 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage@Export \Device\Tcpip_{1C17FFB4-6E49-4992-A54D-971CCC201392}?\Device\Tcpip_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\Tcpip_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\Tcpip_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\Tcpip_{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\Tcpip_{5FDBB0E4-5FF7-454F-86A8-A8A160135974}?\Device\Tcpip_{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\Tcpip_{DFA18D8C-0771-4B6F-B877-B76B56DA823D}?\Device\Tcpip_{4C9198C6-75D6-4C6F-AB52-196A7BDAD5B4}? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage@Bind \Device\{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\{5FDBB0E4-5FF7-454F-86A8-A8A160135974}?\Device\{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\{DFA18D8C-0771-4B6F-B877-B76B56DA823D}?\Device\{4C9198C6-75D6-4C6F-AB52-196A7BDAD5B4}? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage@Route "{0BA7BAB2-F559-4998-8301-CB300EF0030F}"?"{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}"?"{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}"?"{20265AEC-D3FD-4F1D-8540-5AF401F54C87}"?"{5FDBB0E4-5FF7-454F-86A8-A8A160135974}"?"{8718928D-CBEB-45EA-A621-800A9249001D}"?"{DFA18D8C-0771-4B6F-B877-B76B56DA823D}"?"{4C9198C6-75D6-4C6F-AB52-196A7BDAD5B4}"? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Linkage@Export \Device\Tcpip6_{1C17FFB4-6E49-4992-A54D-971CCC201392}?\Device\Tcpip6_{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\Tcpip6_{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\Tcpip6_{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\Tcpip6_{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\Tcpip6_{5FDBB0E4-5FF7-454F-86A8-A8A160135974}?\Device\Tcpip6_{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\Tcpip6_{DFA18D8C-0771-4B6F-B877-B76B56DA823D}?\Device\Tcpip6_{4C9198C6-75D6-4C6F-AB52-196A7BDAD5B4}? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Linkage@Bind \Device\{1C17FFB4-6E49-4992-A54D-971CCC201392}?\Device\{0BA7BAB2-F559-4998-8301-CB300EF0030F}?\Device\{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}?\Device\{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}?\Device\{20265AEC-D3FD-4F1D-8540-5AF401F54C87}?\Device\{5FDBB0E4-5FF7-454F-86A8-A8A160135974}?\Device\{8718928D-CBEB-45EA-A621-800A9249001D}?\Device\{DFA18D8C-0771-4B6F-B877-B76B56DA823D}?\Device\{4C9198C6-75D6-4C6F-AB52-196A7BDAD5B4}? Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Linkage@Route "{0BA7BAB2-F559-4998-8301-CB300EF0030F}"?"{859AA2A3-3AC6-487E-8B76-2B23071BFEC5}"?"{C94D8796-2CF1-4CC0-AE23-1615C33E76B5}"?"{20265AEC-D3FD-4F1D-8540-5AF401F54C87}"?"{5FDBB0E4-5FF7-454F-86A8-A8A160135974}"?"{8718928D-CBEB-45EA-A621-800A9249001D}"?"{DFA18D8C-0771-4B6F-B877-B76B56DA823D}"?"{4C9198C6-75D6-4C6F-AB52-196A7BDAD5B4}"? Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xD2 0x8B 0x8B 0xF9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xD2 0xF3 0x4F 0x5B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xD2 0x23 0xC7 0x97 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount 0xD0 0x0A 0xDD 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{840dd4a1-8ec2-11e5-89ae-28d24482f56a}@Active 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0xD2 0xE3 0x9C 0x52 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications@TimestampWhenSeen 0x5A 0xB5 0xFB 0x81 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds E7CF176E110C211B? Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting@LastRateLimitedDumpGenerationTime 0xC9 0xA8 0xBA 0xAB ... Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_WSAutoUpdate_60283a6d6a84d4ce2bb28f46b4614aac05747_00000000_cab_1452b4f9 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Users\Public\Desktop\Internet Manager.lnk 1281 bytes ---- EOF - GMER 2.2 ----

Dodano 14.05.2016 17:15:38:
FRST

Kod: Zaznacz wszystko: Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:14-05-2016 Uruchomiony przez Adam (administrator) ADAM-PC (14-05-2016 18:00:15) Uruchomiony z C:\Users\Adam\Downloads Załadowane profile: Adam (Dostępne profile: Adam) Platform: Windows 8 Pro (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe (Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe () C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe (Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (LenovoEMC Products USA, LLC) C:\Program Files\LenovoEMC\StorageConnector\LenovoEMCDiscovery.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe () C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.) HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [147160 2013-06-19] (Realtek Semiconductor Corp.) HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-20] (Lenovo Group Limited) HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [384296 2013-10-28] (Lenovo.) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [600568 2013-11-05] (Lenovo Corporation) HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [402344 2015-12-19] () HKLM\...\Run: [SynLenovoHelper] => C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe [163960 2015-10-25] (Synaptics) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation) HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [750320 2014-05-16] (Lenovo) HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400576 2016-05-14] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50515584 2015-11-17] (Skype Technologies S.A.) HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {5da2bd70-195d-11e6-82f4-28d24482f56a} - "E:\AutoRun.exe" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {60794a9e-ad8f-11e4-8286-28d24482f56a} - "E:\AutoRun.exe" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {734fcbd9-19cd-11e6-82f5-28d24482f56a} - "E:\AutoRun.exe" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {734fcda7-19cd-11e6-82f5-28d24482f56a} - "E:\AutoRun.exe" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {734fce18-19cd-11e6-82f5-28d24482f56a} - "E:\AutoRun.exe" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {734fce68-19cd-11e6-82f5-28d24482f56a} - "E:\AutoRun.exe" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {734fceec-19cd-11e6-82f5-28d24482f56a} - "E:\AutoRun.exe" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {840dd4a1-8ec2-11e5-89ae-28d24482f56a} - "E:\AutoRun.exe" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {dbaca1ad-19e9-11e6-82f6-142d273a8a5b} - "E:\AutoRun.exe" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {dbaca21c-19e9-11e6-82f6-142d273a8a5b} - "E:\AutoRun.exe" ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-12] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-12] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-12] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-14] (AVAST Software) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-22] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-22] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-22] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ThinkPad OneLink Dock Management.lnk [2015-11-09] ShortcutTarget: ThinkPad OneLink Dock Management.lnk -> C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe () ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\..\Interfaces\{1C17FFB4-6E49-4992-A54D-971CCC201392}: [NameServer] 213.158.199.1 213.158.199.5 Tcpip\..\Interfaces\{20265aec-d3fd-4f1d-8540-5af401f54c87}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{859aa2a3-3ac6-487e-8b76-2b23071bfec5}: [NameServer] 77.234.40.79 ManualProxies: Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130876740676272479&GUID=A30B73EC-CDF7-48AA-A8BB-2AF559D23CDA HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-395553583-66053808-1738365731-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130876740676467617&GUID=A30B73EC-CDF7-48AA-A8BB-2AF559D23CDA HKU\S-1-5-21-395553583-66053808-1738365731-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - Brak pliku Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\bav199lt.default-1423070591943 FF Homepage: hxxps://trafficmonsoon.com/?ref=SuperMan777 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) FF Extension: Flashlight - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\bav199lt.default-1423070591943\extensions\flashlight@stephennolan.com.au [2016-04-28] FF Extension: Facebook Phishing Protector - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\bav199lt.default-1423070591943\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2016-04-27] FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-04-29] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-14] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-14] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://trafficmonsoon.com/?ref=SuperMan777" CHR Profile: C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-31] CHR Extension: (Dokumenty Google) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-31] CHR Extension: (Dysk Google) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-31] CHR Extension: (YouTube) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-31] CHR Extension: (Google Search) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-31] CHR Extension: (Arkusze Google) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-31] CHR Extension: (Dokumenty Google offline) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-31] CHR Extension: (Avast Online Security) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-01-31] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-31] CHR Extension: (Gmail) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-31] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-14] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-14] (AVAST Software) S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573432 2013-11-05] (Lenovo Corporation) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-04-29] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-04-29] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2014-05-16] (Lenovo) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] () R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Brak podpisu cyfrowego] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [54976 2013-09-24] (Intel Corporation) S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [682064 2014-04-26] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2083592 2013-11-06] (Lenovo Group Limited) R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.) S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [695800 2013-11-05] (Lenovo Corporation) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited) R2 LenovoEMCDiscovery; C:\Program Files\LenovoEMC\StorageConnector\LenovoEMCDiscovery.exe [1410888 2014-04-08] (LenovoEMC Products USA, LLC) R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [467720 2013-11-01] () S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2016-01-08] (Lenovo) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [58360 2013-10-08] (Lenovo Group Limited) R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [140280 2013-10-08] (Lenovo Group Limited) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22008 2015-07-01] () R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255096 2015-10-25] (Synaptics Incorporated) R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49968 2015-01-29] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-14] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-14] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-14] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-14] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-14] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-14] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-14] (AVAST Software) S3 aswTap; C:\Windows\System32\drivers\aswTap.sys [44640 2015-12-17] (The OpenVPN Project) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-14] (AVAST Software) R0 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [65928 2014-05-16] (Windows (R) Win 7 DDK provider) R3 hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys [124800 2014-06-11] (Huawei Technologies Co., Ltd.) R3 hwusb_wwanecm; C:\Windows\System32\drivers\ew_wwanecm.sys [379392 2014-05-04] (Huawei Technologies Co., Ltd.) R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77456 2013-08-19] (Intel Corporation) S3 kxtdrpod; C:\Users\Adam\AppData\Local\Temp\kxtdrpod.sys [56584 2016-05-14] (GMER) [Brak podpisu cyfrowego] S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S3 LGSUsbFilt; C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-18] (Realtek ) R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [593624 2015-11-19] (Realtek Semiconductor Corporation) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [761600 2015-06-15] (Realsil Semiconductor Corporation) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8244312 2013-06-19] (Realtek Semiconductor Corp.) R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [3445248 2015-10-30] (Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51320 2015-10-25] (Synaptics Incorporated) S3 SWIX64; C:\Program Files (x86)\Lenovo\System Update\tvsuhd64.sys [34976 2015-06-28] (Lenovo Group Limited) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-05-14 18:00 - 2016-05-14 18:01 - 00024302 _____ C:\Users\Adam\Downloads\FRST.txt 2016-05-14 17:59 - 2016-05-14 17:59 - 02382336 _____ (Farbar) C:\Users\Adam\Downloads\FRST64.exe 2016-05-14 17:45 - 2016-05-14 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Manager 2016-05-14 17:45 - 2016-05-14 17:45 - 00000000 ____D C:\ProgramData\Internet Manager 2016-05-14 17:45 - 2014-03-27 04:49 - 00457728 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbwwan.sys 2016-05-14 17:45 - 2013-11-30 13:41 - 00246272 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juwwanecm.sys 2016-05-14 17:45 - 2013-11-30 13:40 - 00110592 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcacm.sys 2016-05-14 17:45 - 2013-11-30 13:40 - 00077312 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcecm.sys 2016-05-14 17:45 - 2013-11-30 13:40 - 00030720 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juextctrl.sys 2016-05-14 17:45 - 2013-11-30 13:25 - 00226176 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys 2016-05-14 17:45 - 2013-01-25 05:46 - 00109568 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys 2016-05-14 17:45 - 2010-10-08 13:29 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys 2016-05-14 17:45 - 2010-09-26 14:39 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys 2016-05-14 17:22 - 2016-05-14 17:22 - 00000000 ____D C:\Program Files (x86)\T-Mobile 2016-05-14 17:15 - 2016-05-14 17:15 - 00003266 _____ C:\WINDOWS\System32\Tasks\{706BA7C7-D22E-4173-B434-70E9C6C03A0D} 2016-05-14 16:27 - 2016-05-14 16:27 - 00380928 _____ C:\Users\Adam\Downloads\o3hk5gxs.exe 2016-05-14 16:26 - 2016-05-14 16:26 - 00355576 _____ (Duplex Secure Ltd) C:\Users\Adam\Downloads\SPTD2inst-v211-x64.exe 2016-05-14 16:07 - 2016-05-14 16:07 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2016-05-14 16:07 - 2016-05-14 16:07 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2016-05-14 15:59 - 2016-05-14 15:59 - 00000000 ___HD C:\OneDriveTemp 2016-05-14 00:47 - 2016-05-14 00:47 - 03640384 _____ C:\Users\Adam\Downloads\AdwCleaner.exe 2016-05-14 00:43 - 2016-05-14 00:43 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf 2016-05-11 16:09 - 2016-04-23 06:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-05-11 16:09 - 2016-04-23 06:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-05-11 16:08 - 2016-04-23 07:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-05-11 16:08 - 2016-04-23 07:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-05-11 16:08 - 2016-04-23 06:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-05-11 16:08 - 2016-04-23 06:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-05-11 16:08 - 2016-04-23 06:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-05-11 16:08 - 2016-04-23 06:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-05-11 16:08 - 2016-04-23 06:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-05-11 16:08 - 2016-04-23 06:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-05-11 16:08 - 2016-04-23 06:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-05-11 16:08 - 2016-04-23 06:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-05-11 16:08 - 2016-04-23 06:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-05-11 16:08 - 2016-04-23 06:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2016-05-11 16:08 - 2016-04-23 06:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-05-11 16:08 - 2016-04-23 06:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2016-05-11 16:08 - 2016-04-23 06:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2016-05-11 16:08 - 2016-04-23 06:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-05-11 16:08 - 2016-04-23 06:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2016-05-11 16:07 - 2016-04-30 08:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-05-11 16:07 - 2016-04-30 08:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-05-11 16:07 - 2016-04-23 08:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-05-11 16:07 - 2016-04-23 08:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-05-11 16:07 - 2016-04-23 08:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-05-11 16:07 - 2016-04-23 08:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-05-11 16:07 - 2016-04-23 08:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-05-11 16:07 - 2016-04-23 08:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-05-11 16:07 - 2016-04-23 08:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-05-11 16:07 - 2016-04-23 07:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-05-11 16:07 - 2016-04-23 07:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-05-11 16:07 - 2016-04-23 07:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-05-11 16:07 - 2016-04-23 07:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-05-11 16:07 - 2016-04-23 07:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-05-11 16:07 - 2016-04-23 07:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2016-05-11 16:07 - 2016-04-23 07:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2016-05-11 16:07 - 2016-04-23 07:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-05-11 16:07 - 2016-04-23 07:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-05-11 16:07 - 2016-04-23 07:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-05-11 16:07 - 2016-04-23 07:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2016-05-11 16:07 - 2016-04-23 07:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-05-11 16:07 - 2016-04-23 07:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-05-11 16:07 - 2016-04-23 07:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-05-11 16:07 - 2016-04-23 07:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2016-05-11 16:07 - 2016-04-23 07:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-05-11 16:07 - 2016-04-23 07:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2016-05-11 16:07 - 2016-04-23 07:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-05-11 16:07 - 2016-04-23 07:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2016-05-11 16:07 - 2016-04-23 07:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2016-05-11 16:07 - 2016-04-23 07:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-05-11 16:07 - 2016-04-23 06:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2016-05-11 16:07 - 2016-04-23 06:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2016-05-11 16:07 - 2016-04-23 06:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll 2016-05-11 16:07 - 2016-04-23 06:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-05-11 16:07 - 2016-04-23 06:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-05-11 16:07 - 2016-04-23 06:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2016-05-11 16:07 - 2016-04-23 06:18 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2016-05-11 16:07 - 2016-04-23 06:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2016-05-11 16:07 - 2016-04-23 06:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2016-05-11 16:07 - 2016-04-23 06:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-05-11 16:07 - 2016-04-23 06:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-05-11 16:07 - 2016-04-23 06:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2016-05-11 16:07 - 2016-04-23 06:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2016-05-11 16:07 - 2016-04-23 06:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-05-11 16:07 - 2016-04-23 06:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-05-11 16:07 - 2016-04-23 06:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-05-11 16:07 - 2016-04-23 06:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2016-05-11 16:07 - 2016-04-23 06:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2016-05-11 16:07 - 2016-04-23 06:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-05-11 16:07 - 2016-04-23 06:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2016-05-11 16:07 - 2016-04-23 06:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-05-11 16:07 - 2016-04-23 06:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2016-05-11 16:07 - 2016-04-23 06:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2016-05-11 16:07 - 2016-04-23 06:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-05-11 16:07 - 2016-04-23 06:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-05-11 16:07 - 2016-04-23 06:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-05-11 16:07 - 2016-04-23 06:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2016-05-11 16:07 - 2016-04-23 06:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2016-05-11 16:07 - 2016-04-23 06:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-05-11 16:07 - 2016-04-23 06:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-05-11 16:07 - 2016-04-23 06:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2016-05-11 16:07 - 2016-04-23 06:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-05-11 16:07 - 2016-04-23 06:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-05-11 16:07 - 2016-04-23 06:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-05-11 16:07 - 2016-04-23 06:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2016-05-11 16:07 - 2016-04-23 06:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-05-11 16:07 - 2016-04-23 06:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2016-05-11 16:07 - 2016-04-23 06:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-05-11 16:07 - 2016-04-23 06:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-05-11 16:07 - 2016-04-23 06:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-05-11 16:07 - 2016-04-23 06:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-05-11 16:07 - 2016-04-23 06:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2016-05-11 16:07 - 2016-04-23 06:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2016-05-11 16:07 - 2016-04-23 06:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-05-11 16:07 - 2016-04-23 06:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2016-05-11 16:07 - 2016-04-23 06:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-05-11 16:07 - 2016-04-23 06:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2016-05-11 16:06 - 2016-05-06 06:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys 2016-05-11 16:06 - 2016-05-06 06:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll 2016-05-11 16:06 - 2016-05-06 06:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2016-05-11 16:06 - 2016-05-06 05:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2016-05-11 16:06 - 2016-05-06 05:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll 2016-05-11 16:06 - 2016-05-06 05:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2016-05-11 16:06 - 2016-05-06 05:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2016-05-11 16:06 - 2016-04-23 08:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-05-11 16:06 - 2016-04-23 07:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2016-05-11 16:06 - 2016-04-23 07:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2016-05-11 16:06 - 2016-04-23 07:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2016-05-11 16:06 - 2016-04-23 07:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-05-11 16:06 - 2016-04-23 07:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-05-11 16:06 - 2016-04-23 07:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2016-05-11 16:06 - 2016-04-23 07:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2016-05-11 16:06 - 2016-04-23 07:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll 2016-05-11 16:06 - 2016-04-23 07:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe 2016-05-11 16:06 - 2016-04-23 07:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2016-05-11 16:06 - 2016-04-23 07:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-05-11 16:06 - 2016-04-23 07:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2016-05-11 16:06 - 2016-04-23 07:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys 2016-05-11 16:06 - 2016-04-23 07:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2016-05-11 16:06 - 2016-04-23 07:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2016-05-11 16:06 - 2016-04-23 07:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-05-11 16:06 - 2016-04-23 07:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-05-11 16:06 - 2016-04-23 07:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-05-11 16:06 - 2016-04-23 07:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2016-05-11 16:06 - 2016-04-23 07:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2016-05-11 16:06 - 2016-04-23 07:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2016-05-11 16:06 - 2016-04-23 07:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2016-05-11 16:06 - 2016-04-23 07:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe 2016-05-11 16:06 - 2016-04-23 07:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2016-05-11 16:06 - 2016-04-23 07:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll 2016-05-11 16:06 - 2016-04-23 07:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll 2016-05-11 16:06 - 2016-04-23 07:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-05-11 16:06 - 2016-04-23 07:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2016-05-11 16:06 - 2016-04-23 07:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-05-11 16:06 - 2016-04-23 07:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2016-05-11 16:06 - 2016-04-23 07:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2016-05-11 16:06 - 2016-04-23 07:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2016-05-11 16:06 - 2016-04-23 07:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll 2016-05-11 16:06 - 2016-04-23 07:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll 2016-05-11 16:06 - 2016-04-23 07:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll 2016-05-11 16:06 - 2016-04-23 06:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2016-05-11 16:06 - 2016-04-23 06:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll 2016-05-11 16:06 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys 2016-05-11 16:06 - 2016-04-23 06:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll 2016-05-11 16:06 - 2016-04-23 06:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2016-05-11 16:06 - 2016-04-23 06:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll 2016-05-11 16:06 - 2016-04-23 06:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2016-05-11 16:06 - 2016-04-23 06:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2016-05-11 16:06 - 2016-04-23 06:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll 2016-05-11 16:06 - 2016-04-23 06:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll 2016-05-11 16:06 - 2016-04-23 06:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2016-05-11 16:06 - 2016-04-23 06:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2016-05-11 16:06 - 2016-04-23 06:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll 2016-05-11 16:06 - 2016-04-23 06:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll 2016-05-11 16:06 - 2016-04-23 06:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2016-05-11 16:06 - 2016-04-23 06:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-05-11 16:06 - 2016-04-23 06:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2016-05-11 16:06 - 2016-04-23 06:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2016-05-11 16:06 - 2016-04-23 06:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2016-05-11 16:06 - 2016-04-23 06:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2016-05-11 16:06 - 2016-04-23 06:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2016-05-11 16:06 - 2016-04-23 06:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll 2016-05-11 16:06 - 2016-04-23 06:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll 2016-05-11 16:06 - 2016-04-23 06:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll 2016-05-11 16:06 - 2016-04-23 06:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-05-11 16:06 - 2016-04-23 06:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-05-11 16:06 - 2016-04-23 06:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2016-05-11 16:06 - 2016-04-23 06:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2016-05-11 16:06 - 2016-04-23 06:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll 2016-05-11 16:06 - 2016-04-23 06:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2016-05-11 16:06 - 2016-04-23 06:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll 2016-05-11 16:06 - 2016-04-23 06:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2016-05-11 16:06 - 2016-04-23 06:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-05-11 16:06 - 2016-04-23 06:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-05-11 16:06 - 2016-04-23 06:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-05-11 16:06 - 2016-04-23 06:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2016-05-11 16:06 - 2016-04-23 06:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-05-11 16:06 - 2016-04-23 06:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2016-05-11 16:06 - 2016-04-23 06:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2016-05-11 16:06 - 2016-04-23 06:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2016-05-11 16:06 - 2016-04-23 06:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2016-05-11 16:06 - 2016-04-23 06:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2016-05-11 16:06 - 2016-04-23 06:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-05-11 16:06 - 2016-04-23 06:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-05-11 16:06 - 2016-04-23 06:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2016-05-11 16:06 - 2016-04-23 06:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2016-05-11 16:06 - 2016-04-23 06:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2016-05-11 16:06 - 2016-04-23 05:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2016-05-11 16:06 - 2016-04-23 04:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2016-05-11 16:05 - 2016-05-06 05:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2016-05-11 16:05 - 2016-04-23 07:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-05-11 16:05 - 2016-04-23 07:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-05-11 16:05 - 2016-04-23 07:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-05-11 16:05 - 2016-04-23 07:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2016-05-11 16:05 - 2016-04-23 06:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll 2016-05-11 16:05 - 2016-04-23 06:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys 2016-05-11 16:05 - 2016-04-23 06:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll 2016-05-11 16:05 - 2016-04-23 06:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2016-05-11 16:05 - 2016-04-23 06:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2016-05-11 16:05 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll 2016-05-11 16:05 - 2016-04-23 06:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe 2016-05-11 16:05 - 2016-04-23 06:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll 2016-05-11 16:05 - 2016-04-23 06:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll 2016-05-11 16:05 - 2016-04-23 06:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-05-11 16:05 - 2016-04-23 06:30 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys 2016-05-11 16:05 - 2016-04-23 06:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2016-05-11 16:05 - 2016-04-23 06:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll 2016-05-11 16:05 - 2016-04-23 06:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys 2016-05-11 16:05 - 2016-04-23 06:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll 2016-05-11 16:05 - 2016-04-23 06:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe 2016-05-11 16:05 - 2016-04-23 06:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2016-05-11 16:05 - 2016-04-23 06:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll 2016-05-11 16:05 - 2016-04-23 06:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-05-11 16:05 - 2016-04-23 06:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll 2016-05-11 16:05 - 2016-04-23 06:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll 2016-05-11 16:05 - 2016-04-23 06:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-05-11 16:05 - 2016-04-23 06:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2016-05-11 16:05 - 2016-04-23 06:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-05-11 16:05 - 2016-04-23 06:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll 2016-05-11 16:05 - 2016-04-23 06:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-05-11 16:05 - 2016-04-23 06:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll 2016-05-11 16:05 - 2016-04-23 06:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll 2016-05-11 16:05 - 2016-04-23 06:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2016-05-11 16:05 - 2016-04-23 06:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll 2016-05-11 16:05 - 2016-04-23 06:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll 2016-05-11 16:05 - 2016-04-23 06:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2016-05-11 16:05 - 2016-04-23 06:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2016-05-11 16:05 - 2016-04-23 06:18 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS 2016-05-11 16:05 - 2016-04-23 06:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll 2016-05-11 16:05 - 2016-04-23 06:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2016-05-11 16:05 - 2016-04-23 06:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2016-05-11 16:05 - 2016-04-23 06:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2016-05-11 16:05 - 2016-04-23 06:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2016-05-11 16:05 - 2016-04-23 06:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2016-05-11 16:05 - 2016-04-23 04:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml 2016-05-11 16:05 - 2016-04-19 00:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml 2016-05-01 18:26 - 2016-05-12 22:38 - 00197104 _____ C:\WINDOWS\ProcessedPackets.KTL 2016-05-01 10:09 - 2016-05-12 22:38 - 00128228 _____ C:\WINDOWS\Control.KTL 2016-04-30 20:22 - 2016-04-30 20:22 - 00242336 _____ C:\Users\Adam\Downloads\Firefox Setup Stub 46.0.exe 2016-04-30 20:16 - 2016-05-14 18:05 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-04-30 20:16 - 2016-05-12 23:05 - 00003916 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2016-04-29 11:11 - 2016-04-29 11:12 - 00281916 _____ C:\WINDOWS\Minidump\042916-24281-01.dmp 2016-04-27 12:47 - 2016-04-27 12:45 - 01010688 _____ C:\Users\Adam\Desktop\nowy_calc_TM.xls 2016-04-27 12:25 - 2016-04-27 12:25 - 00738880 _____ (Oracle Corporation) C:\Users\Adam\Downloads\jxpiinstall.exe 2016-04-19 15:45 - 2016-04-02 05:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-04-19 15:45 - 2016-03-29 12:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-19 15:45 - 2016-03-29 10:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2016-04-19 15:45 - 2016-03-29 10:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2016-04-19 15:45 - 2016-03-29 10:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2016-04-19 15:45 - 2016-03-29 09:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2016-04-19 15:45 - 2016-03-29 09:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2016-04-19 15:45 - 2016-03-29 09:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2016-04-19 15:45 - 2016-03-29 09:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2016-04-19 15:45 - 2016-03-29 08:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-04-19 15:45 - 2016-03-29 08:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-04-19 15:45 - 2016-03-29 08:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-04-19 15:44 - 2016-04-02 06:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2016-04-19 15:44 - 2016-04-02 06:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll 2016-04-19 15:44 - 2016-04-02 06:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2016-04-19 15:44 - 2016-04-02 06:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2016-04-19 15:44 - 2016-04-02 05:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll 2016-04-19 15:44 - 2016-04-02 05:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll 2016-04-19 15:44 - 2016-04-02 05:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-04-19 15:44 - 2016-04-02 05:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll 2016-04-19 15:44 - 2016-03-29 12:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2016-04-19 15:44 - 2016-03-29 12:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-04-19 15:44 - 2016-03-29 12:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-04-19 15:44 - 2016-03-29 12:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-04-19 15:44 - 2016-03-29 12:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-04-19 15:44 - 2016-03-29 12:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-04-19 15:44 - 2016-03-29 12:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll 2016-04-19 15:44 - 2016-03-29 12:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2016-04-19 15:44 - 2016-03-29 12:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2016-04-19 15:44 - 2016-03-29 12:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2016-04-19 15:44 - 2016-03-29 12:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2016-04-19 15:44 - 2016-03-29 11:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2016-04-19 15:44 - 2016-03-29 11:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2016-04-19 15:44 - 2016-03-29 11:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2016-04-19 15:44 - 2016-03-29 11:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys 2016-04-19 15:44 - 2016-03-29 11:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll 2016-04-19 15:44 - 2016-03-29 11:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2016-04-19 15:44 - 2016-03-29 11:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2016-04-19 15:44 - 2016-03-29 11:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2016-04-19 15:44 - 2016-03-29 11:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-04-19 15:44 - 2016-03-29 11:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe 2016-04-19 15:44 - 2016-03-29 11:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll 2016-04-19 15:44 - 2016-03-29 11:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll 2016-04-19 15:44 - 2016-03-29 11:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-04-19 15:44 - 2016-03-29 11:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe 2016-04-19 15:44 - 2016-03-29 11:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll 2016-04-19 15:44 - 2016-03-29 10:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll 2016-04-19 15:44 - 2016-03-29 10:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2016-04-19 15:44 - 2016-03-29 10:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2016-04-19 15:44 - 2016-03-29 10:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll 2016-04-19 15:44 - 2016-03-29 10:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll 2016-04-19 15:44 - 2016-03-29 10:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-04-19 15:44 - 2016-03-29 10:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll 2016-04-19 15:44 - 2016-03-29 10:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2016-04-19 15:44 - 2016-03-29 10:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys 2016-04-19 15:44 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll 2016-04-19 15:44 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll 2016-04-19 15:44 - 2016-03-29 10:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll 2016-04-19 15:44 - 2016-03-29 10:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll 2016-04-19 15:44 - 2016-03-29 10:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll 2016-04-19 15:44 - 2016-03-29 10:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2016-04-19 15:44 - 2016-03-29 10:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe 2016-04-19 15:44 - 2016-03-29 10:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll 2016-04-19 15:44 - 2016-03-29 09:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe 2016-04-19 15:44 - 2016-03-29 09:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2016-04-19 15:44 - 2016-03-29 09:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-04-19 15:44 - 2016-03-29 09:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2016-04-19 15:44 - 2016-03-29 09:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll 2016-04-19 15:44 - 2016-03-29 09:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys 2016-04-19 15:44 - 2016-03-29 09:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll 2016-04-19 15:44 - 2016-03-29 09:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll 2016-04-19 15:44 - 2016-03-29 09:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll 2016-04-19 15:44 - 2016-03-29 09:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe 2016-04-19 15:44 - 2016-03-29 09:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys 2016-04-19 15:44 - 2016-03-29 09:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll 2016-04-19 15:44 - 2016-03-29 09:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll 2016-04-19 15:44 - 2016-03-29 09:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll 2016-04-19 15:44 - 2016-03-29 09:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2016-04-19 15:44 - 2016-03-29 09:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll 2016-04-19 15:44 - 2016-03-29 09:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll 2016-04-19 15:44 - 2016-03-29 09:49 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys 2016-04-19 15:44 - 2016-03-29 09:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2016-04-19 15:44 - 2016-03-29 09:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll 2016-04-19 15:44 - 2016-03-29 09:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll 2016-04-19 15:44 - 2016-03-29 09:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll 2016-04-19 15:44 - 2016-03-29 09:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-04-19 15:44 - 2016-03-29 09:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2016-04-19 15:44 - 2016-03-29 09:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2016-04-19 15:44 - 2016-03-29 09:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll 2016-04-19 15:44 - 2016-03-29 09:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll 2016-04-19 15:44 - 2016-03-29 09:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2016-04-19 15:44 - 2016-03-29 09:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys 2016-04-19 15:44 - 2016-03-29 09:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2016-04-19 15:44 - 2016-03-29 09:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll 2016-04-19 15:44 - 2016-03-29 09:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2016-04-19 15:44 - 2016-03-29 09:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll 2016-04-19 15:44 - 2016-03-29 09:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll 2016-04-19 15:44 - 2016-03-29 09:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2016-04-19 15:44 - 2016-03-29 09:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2016-04-19 15:44 - 2016-03-29 09:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll 2016-04-19 15:44 - 2016-03-29 09:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll 2016-04-19 15:44 - 2016-03-29 09:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2016-04-19 15:44 - 2016-03-29 09:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2016-04-19 15:44 - 2016-03-29 09:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll 2016-04-19 15:44 - 2016-03-29 09:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll 2016-04-19 15:44 - 2016-03-29 09:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll 2016-04-19 15:44 - 2016-03-29 09:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2016-04-19 15:44 - 2016-03-29 09:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2016-04-19 15:44 - 2016-03-29 09:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll 2016-04-19 15:44 - 2016-03-29 09:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll 2016-04-19 15:44 - 2016-03-29 09:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2016-04-19 15:44 - 2016-03-29 09:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2016-04-19 15:44 - 2016-03-29 09:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2016-04-19 15:44 - 2016-03-29 09:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2016-04-19 15:44 - 2016-03-29 09:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2016-04-19 15:44 - 2016-03-29 09:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2016-04-19 15:44 - 2016-03-29 09:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2016-04-19 15:44 - 2016-03-29 09:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2016-04-19 15:44 - 2016-03-29 09:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2016-04-19 15:44 - 2016-03-29 09:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-04-19 15:44 - 2016-03-29 09:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2016-04-19 15:44 - 2016-03-29 09:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll 2016-04-19 15:44 - 2016-03-29 09:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll 2016-04-19 15:44 - 2016-03-29 09:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll 2016-04-19 15:44 - 2016-03-29 09:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll 2016-04-19 15:44 - 2016-03-29 09:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2016-04-19 15:44 - 2016-03-29 09:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll 2016-04-19 15:44 - 2016-03-29 09:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2016-04-19 15:44 - 2016-03-29 09:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2016-04-19 15:44 - 2016-03-29 09:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe 2016-04-19 15:44 - 2016-03-29 09:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2016-04-19 15:44 - 2016-03-29 09:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll 2016-04-19 15:44 - 2016-03-29 09:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll 2016-04-19 15:44 - 2016-03-29 09:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys 2016-04-19 15:44 - 2016-03-29 09:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll 2016-04-19 15:44 - 2016-03-29 09:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2016-04-19 15:44 - 2016-03-29 09:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll 2016-04-19 15:44 - 2016-03-29 09:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll 2016-04-19 15:44 - 2016-03-29 09:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2016-04-19 15:44 - 2016-03-29 08:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2016-04-19 15:44 - 2016-03-29 08:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe 2016-04-19 15:44 - 2016-03-29 08:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2016-04-19 15:44 - 2016-03-29 08:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-04-19 15:44 - 2016-03-29 08:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll 2016-04-19 15:44 - 2016-03-29 08:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll 2016-04-19 15:44 - 2016-03-29 08:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll 2016-04-19 15:44 - 2016-03-29 08:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll 2016-04-19 15:44 - 2016-03-29 08:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll 2016-04-19 15:44 - 2016-03-29 08:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll 2016-04-19 15:44 - 2016-03-29 08:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll 2016-04-19 15:44 - 2016-03-29 08:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll 2016-04-19 15:44 - 2016-03-29 08:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2016-04-19 15:44 - 2016-03-29 08:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll 2016-04-19 15:44 - 2016-03-29 08:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll 2016-04-19 15:44 - 2016-03-29 08:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll 2016-04-19 15:44 - 2016-03-29 08:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2016-04-19 15:44 - 2016-03-29 08:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2016-04-19 15:44 - 2016-03-29 08:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2016-04-19 15:44 - 2016-03-29 08:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2016-04-19 15:44 - 2016-03-29 08:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2016-04-19 15:44 - 2016-03-29 08:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2016-04-19 15:44 - 2016-03-29 08:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2016-04-19 15:44 - 2016-03-29 08:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2016-04-19 15:44 - 2016-03-29 08:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2016-04-19 15:44 - 2016-03-29 08:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll 2016-04-19 15:44 - 2016-03-29 08:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll 2016-04-19 15:44 - 2016-03-29 08:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2016-04-19 15:44 - 2016-03-29 08:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2016-04-19 15:44 - 2016-03-29 08:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll 2016-04-19 15:44 - 2016-03-29 08:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2016-04-19 15:44 - 2016-03-29 08:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2016-04-19 15:44 - 2016-03-29 08:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll 2016-04-19 15:44 - 2016-03-29 08:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll 2016-04-19 15:44 - 2016-03-29 08:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2016-04-19 15:44 - 2016-03-29 08:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll 2016-04-19 15:44 - 2016-03-29 08:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2016-04-19 15:44 - 2016-03-29 08:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll 2016-04-19 15:44 - 2016-03-29 08:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2016-04-19 15:44 - 2016-03-29 08:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll 2016-04-19 15:44 - 2016-03-29 08:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll 2016-04-19 15:44 - 2016-03-29 08:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-04-19 15:44 - 2016-03-29 08:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-04-19 15:44 - 2016-03-29 08:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll 2016-04-19 15:44 - 2016-03-29 08:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll 2016-04-19 15:44 - 2016-03-29 08:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2016-04-19 15:44 - 2016-03-29 08:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2016-04-19 15:44 - 2016-03-29 08:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll 2016-04-19 15:44 - 2016-03-29 08:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll 2016-04-19 15:44 - 2016-03-29 08:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll 2016-04-19 15:44 - 2016-03-29 08:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2016-04-19 15:44 - 2016-03-29 07:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-04-19 15:44 - 2016-03-29 07:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2016-04-19 15:44 - 2016-03-29 07:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll 2016-04-19 15:44 - 2016-03-29 07:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-04-19 15:44 - 2016-03-29 07:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll 2016-04-19 15:44 - 2016-03-29 07:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-04-19 15:44 - 2016-03-29 07:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2016-04-19 15:44 - 2016-03-29 07:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll 2016-04-19 15:44 - 2016-03-29 07:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll 2016-04-19 15:44 - 2016-03-29 07:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2016-04-19 15:44 - 2016-03-29 07:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll 2016-04-19 15:44 - 2016-03-29 07:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL 2016-04-19 15:44 - 2016-03-29 07:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll 2016-04-19 15:44 - 2016-03-29 07:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL 2016-04-19 15:44 - 2016-03-29 07:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll 2016-04-17 20:59 - 2016-05-14 14:06 - 00000596 _____ C:\Users\Adam\Desktop\cykl.txt ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-05-14 18:05 - 2014-11-27 00:46 - 00000000 ____D C:\Users\Adam\AppData\LocalLow\Temp 2016-05-14 18:00 - 2015-11-09 00:08 - 00000000 ____D C:\FRST 2016-05-14 17:55 - 2015-08-06 10:10 - 00000000 ___RD C:\Users\Adam\OneDrive 2016-05-14 17:50 - 2015-10-30 21:19 - 00818302 _____ C:\WINDOWS\system32\perfh015.dat 2016-05-14 17:50 - 2015-10-30 21:19 - 00157970 _____ C:\WINDOWS\system32\perfc015.dat 2016-05-14 17:50 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF 2016-05-14 17:50 - 2015-08-06 09:51 - 01845594 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-05-14 17:46 - 2015-02-09 15:57 - 00000000 ____D C:\ProgramData\DatacardService 2016-05-14 17:44 - 2015-12-17 00:01 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2016-05-14 17:40 - 2016-03-20 00:24 - 00004072 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458426270 2016-05-14 17:40 - 2016-03-20 00:24 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-05-14 17:40 - 2016-01-31 12:09 - 00001068 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-14 17:39 - 2015-11-19 15:23 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-05-14 17:39 - 2015-08-06 10:07 - 00000000 __SHD C:\Users\Adam\IntelGraphicsProfiles 2016-05-14 17:38 - 2015-11-19 15:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-05-14 17:38 - 2015-11-19 15:22 - 00000000 ____D C:\ProgramData\Validity 2016-05-14 17:37 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-05-14 17:27 - 2016-01-31 12:09 - 00001072 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-14 17:21 - 2015-02-04 19:35 - 00000000 ____D C:\Users\Adam\AppData\Roaming\OpenOffice.org2 2016-05-14 17:17 - 2015-11-24 11:18 - 00000000 ____D C:\Users\Adam\AppData\Local\ElevatedDiagnostics 2016-05-14 17:10 - 2015-03-22 12:57 - 00000000 ____D C:\Users\Adam\AppData\Local\CrashDumps 2016-05-14 17:05 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-05-14 16:17 - 2014-07-17 23:49 - 00004202 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8E1D0878-E5DB-4924-BDA0-3028CE274BD3} 2016-05-14 16:07 - 2016-03-20 00:24 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2016-05-14 16:07 - 2015-12-17 00:01 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2016-05-14 16:07 - 2015-12-17 00:01 - 00465792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2016-05-14 16:07 - 2015-12-17 00:01 - 00287528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2016-05-14 16:07 - 2015-12-17 00:01 - 00166432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2016-05-14 16:07 - 2015-12-17 00:01 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2016-05-14 16:07 - 2015-12-17 00:01 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2016-05-14 16:07 - 2015-12-17 00:01 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2016-05-14 16:07 - 2015-12-17 00:01 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2016-05-14 14:14 - 2014-05-16 11:14 - 833163264 ___SH C:\WINDOWS\lenovo_fastboot.img 2016-05-14 12:11 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\ModemLogs 2016-05-14 11:51 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-05-13 15:07 - 2015-04-19 12:56 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-05-13 11:40 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-05-13 11:37 - 2014-07-17 22:51 - 00000000 ____D C:\Users\Adam\AppData\Local\Packages 2016-05-13 10:29 - 2016-01-31 12:09 - 00002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-13 09:52 - 2015-06-01 17:50 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-05-13 09:52 - 2015-06-01 17:49 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-05-13 00:28 - 2015-11-19 15:28 - 00000000 ____D C:\Users\Adam 2016-05-12 23:05 - 2015-12-08 23:29 - 05995712 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2016-05-12 22:38 - 2016-02-07 12:09 - 05761145 _____ C:\WINDOWS\NGIPacket.KTL 2016-05-12 22:38 - 2016-02-07 12:09 - 00288104 _____ C:\WINDOWS\SentOSPackets.KTL 2016-05-12 22:38 - 2015-08-06 10:27 - 00293088 _____ C:\WINDOWS\NGIControl.KTL 2016-05-12 17:44 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-05-12 15:10 - 2014-07-17 22:49 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-05-12 15:06 - 2016-04-12 23:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-05-12 15:06 - 2014-07-18 00:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-05-12 00:10 - 2015-10-30 21:23 - 00000000 ____D C:\Program Files\Windows Journal 2016-05-12 00:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-05-12 00:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-05-12 00:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning 2016-05-12 00:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-05-12 00:09 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2016-05-11 17:45 - 2015-11-19 15:23 - 00000000 ____D C:\ProgramData\Lenovo 2016-05-11 16:49 - 2014-07-18 12:07 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-05-11 16:38 - 2014-07-18 12:07 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-05-10 23:22 - 2016-01-31 12:09 - 00004130 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-10 23:22 - 2016-01-31 12:09 - 00003898 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-03 13:17 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache 2016-05-03 03:24 - 2015-10-30 09:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-05-03 03:24 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-01 13:07 - 2014-09-07 00:15 - 00000000 ____D C:\Program Files (x86)\Steam 2016-05-01 00:46 - 2015-12-04 02:21 - 00000000 ____D C:\Users\Adam\Desktop\TM 2016-04-30 20:22 - 2014-07-18 00:06 - 00001195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-04-30 20:16 - 2015-03-22 02:41 - 00000000 ____D C:\Users\Adam\AppData\Local\Adobe 2016-04-30 09:39 - 2014-05-16 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo 2016-04-29 11:11 - 2015-12-16 14:53 - 687374111 _____ C:\WINDOWS\MEMORY.DMP 2016-04-29 11:11 - 2015-12-16 14:53 - 00000000 ____D C:\WINDOWS\Minidump 2016-04-27 23:33 - 2015-11-19 15:18 - 00369736 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-04-27 17:18 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-04-27 17:18 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2016-04-27 14:40 - 2015-04-19 12:56 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Skype 2016-04-27 12:26 - 2015-09-26 11:18 - 00000000 ____D C:\Users\Adam\.oracle_jre_usage 2016-04-27 12:26 - 2015-06-17 11:33 - 00000000 ____D C:\ProgramData\Oracle 2016-04-22 22:33 - 2015-08-06 10:10 - 00002449 _____ C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-04-15 23:23 - 2014-07-17 22:52 - 00000000 ____D C:\Users\Adam\AppData\Local\Lenovo 2016-04-15 23:23 - 2014-05-16 11:11 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo 2016-04-15 23:23 - 2014-05-16 10:42 - 00000000 ____D C:\Program Files (x86)\Lenovo ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-03-21 16:22 - 2015-08-06 08:47 - 0333528 _____ () C:\Users\Adam\AppData\Local\BTServer.log 2014-07-17 22:52 - 2014-07-17 20:58 - 0000193 _____ () C:\Users\Adam\AppData\Local\RegisteredPackageInformation.xml 2014-07-18 23:48 - 2015-10-22 19:43 - 0007637 _____ () C:\Users\Adam\AppData\Local\Resmon.ResmonCfg 2015-11-19 15:24 - 2015-11-19 15:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-05-16 11:21 - 2014-05-16 11:21 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log 2014-05-16 11:18 - 2014-05-16 11:19 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2014-05-16 11:19 - 2014-05-16 11:20 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log 2014-05-16 11:20 - 2014-05-16 11:21 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log Pliki do przeniesienia lub usunięcia: ==================== C:\Users\Public\VOIP.dat Niektóre pliki w TEMP: ==================== C:\Users\Adam\AppData\Local\Temp\libeay32.dll C:\Users\Adam\AppData\Local\Temp\msvcr120.dll C:\Users\Adam\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-05-08 20:26 ==================== Koniec FRST.txt ============================

Dodano 14.05.2016 17:26:50:
Addition

Kod: Zaznacz wszystko: Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja:14-05-2016 Uruchomiony przez Adam (2016-05-14 18:06:14) Uruchomiony z C:\Users\Adam\Downloads Windows 8 Pro (X64) (2015-11-19 13:48:37) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Adam (S-1-5-21-395553583-66053808-1738365731-1001 - Administrator - Enabled) => C:\Users\Adam Administrator (S-1-5-21-395553583-66053808-1738365731-500 - Administrator - Disabled) Gość (S-1-5-21-395553583-66053808-1738365731-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-395553583-66053808-1738365731-1003 - Limited - Enabled) Konto domyślne (S-1-5-21-395553583-66053808-1738365731-503 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software) Bandizip (HKLM\...\Bandizip) (Version: 5.01 - Bandisoft.com) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant) CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.) CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden Dependency Package Update (x32 Version: 1.6.38.00 - Lenovo Group Limited) Hidden Dependency Package Update (x32 Version: 1.6.38.01 - Lenovo Group Limited) Hidden Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.) Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Integrated Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10236 - Realtek Semiconductor Corp.) Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1014 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation) Intel(R) Update Manager (x32 Version: 1.0.0.36888 - Intel Corporation) Hidden Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.18.17.49 - Huawei Technologies Co.,Ltd) Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.10 - ) Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited) Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.17 - Lenovo) Lenovo QuickControl (HKLM-x32\...\{4855C42F-5197-4AAD-A50D-5066D2CC4647}) (Version: 1.50 - Lenovo Group Limited) Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.1.12.100 - Lenovo Corporation) Lenovo Settings - Location Awareness (HKLM-x32\...\{C79D4402-E622-4922-9C02-89F9080BF081}_is1) (Version: 1.3.0.8 - Lenovo Group Limited) Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.0.0.9 - Lenovo Group Limited) Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.1.0.2 - Lenovo Group Limited) Lenovo Solution Center (HKLM\...\{49277B39-D2E8-4342-9CE8-FC080C3FA344}) (Version: 2.8.007.00 - Lenovo Group Limited) Lenovo Solutions for Small Business (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.2.42.8185 - Intel(R) Corporation) Lenovo Solutions for Small Business Customizations (HKLM-x32\...\{AFD7B869-3B70-40C7-8983-769256BA3BD2}) (Version: 2.2.0003.00 - Lenovo Group Limited) Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0003 - Lenovo) Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited) Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo) LenovoEMC Storage Connector (HKLM\...\LenovoEMC) (Version: 1.1.2.26394 - LenovoEMC) Malwarebytes Anti-Malware wersja 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden Microsoft Office 365 - pl-pl (HKLM\...\O365HomePremRetail - pl-pl) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 46.0.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 pl)) (Version: 46.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.42.20 - ) OpenOffice.org 2.4 (HKLM-x32\...\{E33DB440-A008-4928-8A4E-5FC5ADDED608}) (Version: 2.4.9364 - OpenOffice.org) Pakiet sterowników systemu Windows - Intel Corporation (iaStorA) HDC (08/01/2013 12.8.0.1016) (HKLM\...\C8A921233C0C441A4E4EAABC2AB08C872FD77A6E) (Version: 08/01/2013 12.8.0.1016 - Intel Corporation) Pakiet sterowników systemu Windows - Lenovo 1.67.04.04 (11/07/2013 1.67.04.04) (HKLM\...\70FB73D983446AEE2932B0ED51A770D1BD1348DA) (Version: 11/07/2013 1.67.04.04 - Lenovo) Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.) PowerDVD Create 10 (x32 Version: 10.0.1.2704 - CyberLink Corp.) Hidden RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 2.1.1.0 - Lenovo) REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.773.101113 - REALTEK Semiconductor Corp.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek) REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.) SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.1.0.9134 - Microsoft Corporation) Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.102 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.27 - Synaptics Incorporated) ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.25 - Lenovo) ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.78.0.10 - Lenovo) Validity WBF DDK 5011 (HKLM\...\{FF5E324F-1FFF-49D4-8F71-0D25EDF12764}) (Version: 4.5.240.0 - Validity Sensors, Inc.) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VT Niemiecki Kurs podstawowy mp3 (HKLM-x32\...\vt30niemmp3_is1) (Version: - ) WaveEditor (x32 Version: 1.0.1.4514 - CyberLink Corp.) Hidden ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {15253601-3ACD-49A2-9DB4-20AB302EC6E6} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-12-14] () Task: {20756577-2000-4FC6-AC44-32A1DBECF3D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.) Task: {3435619E-12F7-4D13-B10D-7C87C112CB28} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe Task: {3494046A-943F-4A56-B11F-9D0D62636D51} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe Task: {4DDAFC40-61A9-462A-A3B2-F4E7080AAF5D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {58B180ED-D066-43A5-A240-3C220083A6BA} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-01-08] (Lenovo) Task: {64244DBC-6DE7-4F14-BE81-37248FA11C1F} - System32\Tasks\{706BA7C7-D22E-4173-B434-70E9C6C03A0D} => pcalua.exe -a "C:\Program Files (x86)\T-Mobile\InternetManager_H\uninst.exe" Task: {6B29A057-F7D6-4AE3-B6EC-AE409A3E716E} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-01-08] () Task: {72BA38E3-3145-4387-928B-6FA5CEEFC22B} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [2013-06-28] (CyberLink Corp.) Task: {74674D36-D099-4BD3-BE0C-B2DD25271647} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2016-01-08] (Lenovo) Task: {8504367F-25B4-4830-B7C0-E519053500CF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {9B8E8683-088E-4C11-9040-DD560B03109C} - System32\Tasks\SafeZone scheduled Autoupdate 1455553702 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software) Task: {9BE176B4-8945-44D2-BB5C-21A83C30B85F} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2016-01-08] (Lenovo) Task: {A3DB36FB-2A05-4393-9055-D004ED3DFE6E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-14] (AVAST Software) Task: {A6BFD066-E8BF-4BD6-948B-1248DEDC94AB} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-25] (Synaptics Incorporated) Task: {C0AE073A-80A2-46F6-A7ED-E9E8EFFA441B} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2013-03-06] (CyberLink) Task: {D3E34902-0E8F-441F-9B29-C51B4D5F591F} - System32\Tasks\SafeZone scheduled Autoupdate 1458426270 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software) Task: {DA4612D5-67C5-4047-AA8D-7D2DE12CDF29} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe Task: {DBA2AD47-8DDD-4348-8C14-AE97728D1CFC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated) Task: {ECE94F82-649E-4FBC-B3EC-C64125C27AA4} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-01-08] () Task: {F1BB6CFC-4554-432D-ADAA-D039D674A256} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-07-01] () Task: {F21D4E6A-9985-4042-A6A0-23666251E6AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ==================== Załadowane moduły (filtrowane) ============== 2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2014-05-16 11:26 - 2013-10-11 07:44 - 00104960 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.dll 2014-09-25 23:16 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2016-04-19 15:45 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-19 15:45 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-04-19 22:37 - 2016-04-19 22:37 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2015-12-20 01:30 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-05-11 16:05 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-05-11 16:07 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-05-11 16:07 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-05-11 16:08 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-05-11 16:08 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-11-19 15:24 - 2010-10-26 13:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe 2014-05-16 10:42 - 2013-10-28 16:48 - 00915968 _____ () C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe 2014-05-16 11:26 - 2013-10-11 07:44 - 00104960 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL 2014-05-16 11:26 - 2013-11-01 17:16 - 00467720 _____ () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe 2014-05-16 11:26 - 2013-11-01 17:16 - 00013064 _____ () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe 2014-01-15 05:42 - 2014-01-15 05:42 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2016-05-14 17:45 - 2014-04-26 08:15 - 00682064 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe 2016-05-14 17:44 - 2014-08-13 11:16 - 00090704 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe 2016-05-14 16:07 - 2016-05-14 16:07 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-05-14 16:07 - 2016-05-14 16:07 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-05-14 16:00 - 2016-05-14 16:00 - 02906112 _____ () C:\Program Files\AVAST Software\Avast\defs\16051401\algo.dll 2016-05-14 16:07 - 2016-05-14 16:07 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll 2016-05-14 16:07 - 2016-05-14 16:07 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2014-05-16 11:14 - 2014-05-16 11:14 - 00033520 _____ () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll 2016-05-12 20:36 - 2016-05-12 20:36 - 01232896 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\c0fb22078317e79da774414628b9d7b7\Windows.Networking.ni.dll 2016-05-12 20:31 - 2016-05-12 20:31 - 00335360 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\cbafdb4e11c9fd06e0a2e5efa6253883\Windows.Foundation.ni.dll 2016-04-19 22:37 - 2016-04-19 22:37 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-19 22:37 - 2016-04-19 22:37 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2013-03-06 21:49 - 2013-03-06 21:49 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2013-03-06 21:52 - 2013-03-06 21:52 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2016-04-22 22:33 - 2016-04-22 22:33 - 00679624 _____ () C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll 2015-12-17 00:00 - 2015-12-17 00:00 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-05-16 10:40 - 2013-09-16 05:19 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-05-14 17:45 - 2013-08-16 08:53 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll 2016-05-14 17:45 - 2013-08-16 08:53 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll 2016-05-14 17:45 - 2014-02-15 09:31 - 02416640 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll 2016-05-14 17:45 - 2014-02-15 09:33 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00457808 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\core.dll 2016-05-14 17:44 - 2014-08-13 11:17 - 00282704 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\sdk.dll 2016-05-14 17:44 - 2013-08-16 08:53 - 00011362 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\mingwm10.dll 2016-05-14 17:44 - 2013-08-16 08:53 - 00043008 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\libgcc_s_dw2-1.dll 2016-05-14 17:44 - 2014-02-15 09:31 - 02416640 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll 2016-05-14 17:44 - 2014-02-15 09:44 - 09559040 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtGui4.dll 2016-05-14 17:44 - 2014-08-13 11:17 - 00397392 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Proxy.DLL 2016-05-14 17:44 - 2014-08-13 11:16 - 00250448 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Common.dll 2016-05-14 17:44 - 2014-08-13 11:17 - 00164432 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Trace.dll 2016-05-14 17:44 - 2014-08-13 11:17 - 00553040 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\PluginContainer.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00267344 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AtCodec.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00329296 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DeviceSrvPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00243792 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetSrvPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:17 - 00197200 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\XCodec.dll 2016-05-14 17:44 - 2014-08-13 11:17 - 00162896 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSDialup.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00161360 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DataServicePlugin.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00291408 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AddrBookSrvPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:17 - 00225872 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SmsSrvPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:17 - 00149072 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\USSDSrvPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00345680 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DeviceAppPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:17 - 00072272 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSPowerMgr.dll 2016-05-14 17:44 - 2014-08-13 11:17 - 00121424 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Win7Support.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00174672 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\ATR2SMgr.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 01095248 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AddrBookPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:17 - 00715344 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SmsAppPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00165456 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetConnectSrvPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00240720 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DialUpPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:17 - 00109136 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSAdapt.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00206928 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NDISPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:17 - 00138320 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSNDIS.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 01153616 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NDISAPI.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00324688 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetInfoSrvPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00566864 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DeviceMgrUIPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:17 - 00310864 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\XFramePlugin.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00826448 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\MiniFramePlugin.dll 2016-05-14 17:44 - 2014-02-15 09:32 - 00398336 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtXml4.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00104016 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NotifyServicePlugin.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00338512 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetConnectPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00426064 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DialupUIPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:17 - 00325712 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\StatusBarMgrPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00283216 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\MenuMgrPlugin.dll 2016-05-14 17:44 - 2014-02-15 09:33 - 01148416 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtNetwork4.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00123984 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\LayoutPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:17 - 00312912 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SettingUIPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00509520 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetSettingPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00315472 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetInfoRecordUIPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00107088 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\CompressRatePlugin.dll 2016-05-14 17:44 - 2014-08-13 11:17 - 00155728 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\VPNPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00525392 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetInfoUIExPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:17 - 00847952 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SMSUIPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:17 - 00116816 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\ServiceUIPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00419408 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DiagnosisPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00146512 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\HelpUIPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:17 - 00457296 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\USSDUIPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00815184 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AddrBookUIPlugin.dll 2016-05-14 17:44 - 2014-08-13 11:16 - 00719952 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\LiveUpdateInterface.DLL 2016-05-14 17:44 - 2014-02-15 10:49 - 00082944 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qgif4.dll 2016-05-14 17:44 - 2014-02-15 10:49 - 00081920 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qico4.dll 2016-05-14 17:44 - 2014-02-15 10:49 - 00192000 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qjpeg4.dll 2016-05-14 17:44 - 2014-02-15 10:49 - 00350720 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qmng4.dll 2016-05-14 17:44 - 2014-02-15 10:49 - 00370176 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qtiff4.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\ProgramData\Temp:157E1AD3 [129] ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: ========================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2013-08-22 15:25 - 2015-12-16 11:43 - 00000895 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-395553583-66053808-1738365731-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Adam\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg DNS Servers: 213.158.199.1 - 213.158.199.5 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Obecnie brak automatycznej naprawy dla tej sekcji.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Steam Client Service => 3 HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{B1EE66ED-D7E9-4380-B41E-19C3AF3BE54F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{A6CAB9EC-2566-488C-89C5-7FB6523C7708}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{066D0E4C-3B5F-4A0A-BCFF-8590841DA280}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3F77D2D4-8D4B-4E48-B37E-44E4D11D272A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E2B1EB03-809D-48F7-906E-83A170DFFCD6}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe FirewallRules: [{83C58653-9C9E-4083-8ACC-106DC8FBAC20}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe FirewallRules: [{2D625DDE-8148-4750-B0CB-6EC4E4E0EBD6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{C7E10971-5514-4886-9C5B-C3B906A756B4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{75EE30EC-4422-4936-9A02-326C14435D76}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{B6F31C27-288A-4554-A63C-05BF710E86FF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{3D9DDA88-6ADE-40F5-BEF0-F1E214ECD37E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{FE82692A-C40F-4358-ADC6-E4A42ADA3B8F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{E0ECF072-4D31-4471-A117-C4F1C2A1D52F}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe FirewallRules: [{2D0001DA-2DAD-4B8A-BD04-CA6477F8BDD6}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe FirewallRules: [{4BD3BB6C-2B7F-4398-BDFE-B082BB1E5E6D}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe FirewallRules: [{6994BF53-1D9F-4914-8A82-A6966E03A732}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe FirewallRules: [{34B61DD0-BA4B-4B01-A2B5-27C48308FD9C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{43662A0E-0489-49C2-B8D6-EF615600BD7C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{5CDCE01F-E7C2-43E7-A049-DA060AFEC946}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{A45CACD5-C548-46F3-BDBE-31FA8BE3C181}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{92E106AD-31E2-4736-8000-A85B404FA6DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Warface\live\nw.exe FirewallRules: [{9852149A-3786-4190-AABF-F863F0EA4037}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Warface\live\nw.exe FirewallRules: [TCP Query User{75971BBC-F91D-4BAC-9298-A1AEE9ED12C0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{15D63003-B870-4060-8DED-920709D78624}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{C8A4ED16-AF42-4887-BF66-E56E2963630C}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe FirewallRules: [{CA1FBDFD-0387-4564-9F9C-0A5573D95168}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe FirewallRules: [{D4E84749-AAAA-459E-B582-C96F279B254A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Punkty Przywracania systemu ========================= 27-04-2016 15:13:33 Windows Update 04-05-2016 15:55:57 Zaplanowany punkt kontrolny 11-05-2016 16:36:35 Windows Update 11-05-2016 16:37:52 Windows Update 14-05-2016 14:06:53 Removed Java 8 Update 91 ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: avast! SecureLine TAP Adapter v3 Description: avast! SecureLine TAP Adapter v3 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: aswTap Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (05/14/2016 05:10:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: NetworkUXBroker.exe, wersja: 10.0.10586.0, sygnatura czasowa: 0x5632d7f4 Nazwa modułu powodującego błąd: NetworkUXBroker.exe, wersja: 10.0.10586.0, sygnatura czasowa: 0x5632d7f4 Kod wyjątku: 0xe0464645 Przesunięcie błędu: 0x000000000000a6d6 Identyfikator procesu powodującego błąd: 0x2330 Godzina uruchomienia aplikacji powodującej błąd: 0xNetworkUXBroker.exe0 Ścieżka aplikacji powodującej błąd: NetworkUXBroker.exe1 Ścieżka modułu powodującego błąd: NetworkUXBroker.exe2 Identyfikator raportu: NetworkUXBroker.exe3 Pełna nazwa pakietu powodującego błąd: NetworkUXBroker.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: NetworkUXBroker.exe5 Error: (05/14/2016 05:04:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: NetworkUXBroker.exe, wersja: 10.0.10586.0, sygnatura czasowa: 0x5632d7f4 Nazwa modułu powodującego błąd: NetworkUXBroker.exe, wersja: 10.0.10586.0, sygnatura czasowa: 0x5632d7f4 Kod wyjątku: 0xe0464645 Przesunięcie błędu: 0x000000000000a6d6 Identyfikator procesu powodującego błąd: 0x2330 Godzina uruchomienia aplikacji powodującej błąd: 0xNetworkUXBroker.exe0 Ścieżka aplikacji powodującej błąd: NetworkUXBroker.exe1 Ścieżka modułu powodującego błąd: NetworkUXBroker.exe2 Identyfikator raportu: NetworkUXBroker.exe3 Pełna nazwa pakietu powodującego błąd: NetworkUXBroker.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: NetworkUXBroker.exe5 Error: (05/14/2016 02:07:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to back up image of binary Protokół LLDP (Link-Layer Discovery Protocol) firmy Microsoft. System Error: Odmowa dostępu. . Error: (05/14/2016 11:52:37 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ADAM-PC) Description: Działanie pakietu windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel zostało zakończone, ponieważ operacja wstrzymywania pakietu trwała zbyt długo. Error: (05/14/2016 12:51:57 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: svchost.exe, wersja: 10.0.10586.0, sygnatura czasowa: 0x5632d7ba Nazwa modułu powodującego błąd: ESENT.dll, wersja: 10.0.10586.212, sygnatura czasowa: 0x56fa1686 Kod wyjątku: 0xc0000602 Przesunięcie błędu: 0x000000000022885f Identyfikator procesu powodującego błąd: 0x89c Godzina uruchomienia aplikacji powodującej błąd: 0xsvchost.exe0 Ścieżka aplikacji powodującej błąd: svchost.exe1 Ścieżka modułu powodującego błąd: svchost.exe2 Identyfikator raportu: svchost.exe3 Pełna nazwa pakietu powodującego błąd: svchost.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: svchost.exe5 Error: (05/14/2016 12:51:57 AM) (Source: ESENT) (EventID: 908) (User: ) Description: svchost (2204) Zatrzymywanie procesu z powodu nieodwracalnego błędu: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1601(dir.cxx:753): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS) Error: (05/13/2016 04:48:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADAM-PC) Description: Aktywacja aplikacji Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (05/13/2016 04:48:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADAM-PC) Description: Aktywacja aplikacji microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (05/13/2016 04:48:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADAM-PC) Description: Aktywacja aplikacji microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (05/13/2016 04:48:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADAM-PC) Description: Aktywacja aplikacji microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Dziennik System: ============= Error: (05/14/2016 05:45:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Internet Manager. OUC z powodu następującego błędu: %%1053 Error: (05/14/2016 05:45:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Internet Manager. OUC. Error: (05/14/2016 05:45:36 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Usługa Internet Manager. OUC jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error: (05/14/2016 05:45:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Usługa HWDeviceService64.exe jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error: (05/14/2016 05:42:11 PM) (Source: DCOM) (EventID: 10010) (User: ZARZĄDZANIE NT) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (05/14/2016 05:39:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0 z powodu następującego błędu: %%1053 Error: (05/14/2016 05:39:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą FontCache3.0.0.0. Error: (05/14/2016 05:38:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi SAService z powodu następującego błędu: %%2 Error: (05/14/2016 05:37:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa Automatyczne konfigurowanie bezprzewodowej sieci WAN zakończyła działanie; wystąpił następujący błąd: %%997 Error: (05/14/2016 05:37:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Dostęp do danych użytkownika_b41ae niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 10000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. CodeIntegrity: =================================== Date: 2016-05-12 15:09:08.660 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-29 22:40:25.906 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-27 23:35:23.406 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-25 09:43:53.444 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-10 23:29:40.265 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-09 20:17:54.620 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-05 09:03:39.881 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-04 15:15:13.055 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-15 17:30:22.398 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-11 23:20:43.038 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz Procent pamięci w użyciu: 62% Całkowita pamięć fizyczna: 3986.65 MB Dostępna pamięć fizyczna: 1479.28 MB Całkowita pamięć wirtualna: 4690.65 MB Dostępna pamięć wirtualna: 2168.91 MB ==================== Dyski ================================ Drive c: (Windows8_OS) (Fixed) (Total:451.25 GB) (Free:405.17 GB) NTFS ==>[system z komponentami startowymi (pozyskano odczytując dysk)] Drive e: (Internet Manager) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 5E855232) Partition: GPT. ==================== Koniec Addition.txt ============================

Dodano 14.05.2016 17:28:24:
shortcut

Kod: Zaznacz wszystko: Rezultat skanowania skrótów użytkowników (x64) Wersja:14-05-2016 Uruchomiony przez Adam (2016-05-14 18:12:04) Uruchomiony z C:\Users\Adam\Downloads Tryb startu: Normal ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) Shortcut: C:\Users\Adam\Links\Desktop.lnk -> C:\Users\Adam\Desktop () Shortcut: C:\Users\Adam\Links\Downloads.lnk -> C:\Users\Adam\Downloads () Shortcut: C:\Users\Adam\Documents\Lenovo Solution Center.lnk -> C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe () Shortcut: C:\Users\Adam\Documents\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Adam\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\SendTo\Transfer plików Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Bandizip.lnk -> C:\Program Files\Bandizip\Bandizip64.exe (Bandisoft.com) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Downloads.lnk -> C:\Users\Adam\Downloads () Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) Shortcut: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\Adam\Documents () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\Adam\Downloads () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\Adam\Music () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\Adam\Pictures () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\Adam\Videos () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\Adam () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk -> C:\Windows\DevicesFlow\DevicesFlow.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LenovoEMC Storage Connector Help.lnk -> C:\Program Files\LenovoEMC\StorageConnector\Help\lesc_help-en.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LenovoEMCStorageConnector.lnk -> C:\Program Files\LenovoEMC\StorageConnector\StorageConnector.exe (LenovoEMC Products USA, LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VT Niemiecki Kurs podstawowy mp3\Usuń VT Niemiecki Kurs podstawowy mp3.lnk -> C:\Edgard\VT Niemiecki Kurs podstawowy mp3\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VT Niemiecki Kurs podstawowy mp3\VT Niemiecki Kurs podstawowy mp3.lnk -> C:\Edgard\VT Niemiecki Kurs podstawowy mp3\vt.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ThinkPad OneLink Dock Management.lnk -> C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD Create\PowerDVD Create.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD Create\PDVDCreate.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD Create\PowerDVD.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD Create\Power2Go\ISO Viewer.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\IsoViewer.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD Create\Power2Go\Power2Go.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD Create\CyberLink PowerProducer 5.5\CyberLink PowerProducer 5.5.lnk -> C:\Program Files (x86)\CyberLink\PowerProducer\Producer.exe (CyberLink Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 2.4\OpenOffice.org Base.lnk -> C:\Program Files (x86)\OpenOffice.org 2.4\program\sbase.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 2.4\OpenOffice.org Calc.lnk -> C:\Program Files (x86)\OpenOffice.org 2.4\program\scalc.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 2.4\OpenOffice.org Draw.lnk -> C:\Program Files (x86)\OpenOffice.org 2.4\program\sdraw.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 2.4\OpenOffice.org Impress.lnk -> C:\Program Files (x86)\OpenOffice.org 2.4\program\simpress.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 2.4\OpenOffice.org Math.lnk -> C:\Program Files (x86)\OpenOffice.org 2.4\program\smath.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 2.4\OpenOffice.org Writer.lnk -> C:\Program Files (x86)\OpenOffice.org 2.4\program\swriter.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\Silverlight.Configuration.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Deinstalacja programu Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools\Active Protection System.lnk -> C:\Windows\System32\TpShCPL.cpl (Lenovo.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools\Lenovo PC Experience.lnk -> D:\Windows\System32\Dxpserver.exe (Brak pliku) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools\Lenovo Solution Center.lnk -> C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools\Lenovo User Guide.lnk -> C:\ProgramData\Lenovo\userguides\viewer\LenovoUserGuide.exe (Lenovo) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools\System Update.lnk -> C:\Program Files (x86)\Lenovo\System Update\tvsu.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools\Warranty Information.lnk -> C:\Program Files (x86)\Lenovo\Warranty Viewer\WarrantyViewer.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Messenger.lnk -> C:\Program Files (x86)\Lenovo\Lenovo Messenger\NotificationsViewHost.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo QuickControl.lnk -> C:\Program Files (x86)\Lenovo\QuickControl\QuickControlUI.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Solutions for Small Business.lnk -> C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe (Intel Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\System Update.lnk -> C:\Program Files (x86)\Lenovo\System Update\tvsu.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Manager\Internet Manager.lnk -> C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Manager\Uninstall.lnk -> C:\Program Files (x86)\T-Mobile\InternetManager_H\uninst.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Management Engine Components\Intel(R) Management and Security Status.lnk -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby\Dolby Digital Plus.lnk -> C:\Program Files\Dolby Digital Plus\ddpe.exe (Dolby Laboratories Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 3\CyberLink PhotoDirector 3.lnk -> C:\Program Files (x86)\CyberLink\PhotoDirector3\PhotoDirector3.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant\SAII\SmartAudio.lnk -> C:\Program Files\CONEXANT\SAII\SmartAudio.exe (Conexant Systems, Inc) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandizip\Bandizip.lnk -> C:\Program Files\Bandizip\Bandizip64.exe (Bandisoft.com) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandizip\Odinstaluj.lnk -> C:\Program Files\Bandizip\Uninstall.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Lenovo\SystemUpdate\Session\Repository\sushortcutfix01\tvsu_32.lnk -> C:\Program Files (x86)\Lenovo\System Update\tvsu.exe () Shortcut: C:\ProgramData\Lenovo\SystemUpdate\Session\Repository\sushortcutfix01\tvsu_64.lnk -> C:\Program Files (x86)\Lenovo\System Update\tvsu.exe () Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\Users\Public\Desktop\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) ShortcutWithArgument: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\SendTo\Odbiorca faksu.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto: ShortcutWithArgument: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E} ShortcutWithArgument: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System ShortcutWithArgument: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions ShortcutWithArgument: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures ShortcutWithArgument: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D} ShortcutWithArgument: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Properties (Touchpad Clickpad Trackpad TrackPoint Mouse Pointer Pointing Pad).lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> mouse ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> -sta {C90FB8CA-3295-4462-A721-2935E83694BA} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX ShortcutWithArgument: C:\ProgramData\Lenovo\LenovoTvtTools\Lenovo PC Experience.lnk -> C:\Windows\System32\Dxpserver.exe (Microsoft Corporation) -> /c ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} InternetURL: C:\Users\Adam\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142 InternetURL: C:\Users\Adam\Favorites\Lenovo Recommended Websites\Home.url -> hxxp://www.lenovo.com/welcome/thinkpad InternetURL: C:\Users\Adam\Favorites\Lenovo Recommended Websites\My Lenovo Cloud.url -> hxxp://www.mylenovocloud.com/ InternetURL: C:\Users\Adam\Favorites\Lenovo Recommended Websites\News.url -> hxxp://www.lenovo.com/news/us/en InternetURL: C:\Users\Adam\Favorites\Lenovo Recommended Websites\Product Registration.url -> hxxp://www.lenovo.com/register InternetURL: C:\Users\Adam\Favorites\Lenovo Recommended Websites\Products.url -> hxxp://www.lenovo.com/products/us/en InternetURL: C:\Users\Adam\Favorites\Lenovo Recommended Websites\Services, Software, and Accessories.url -> hxxp://www.lenovo.com/accessories InternetURL: C:\Users\Adam\Favorites\Lenovo Recommended Websites\Support and Downloads.url -> hxxp://www.lenovo.com/support InternetURL: C:\Users\Adam\Favorites\Lenovo Recommended Websites\The Intel WiMAX website.url -> hxxp://www.intel.com/go/getwimax InternetURL: C:\Users\Adam\Favorites\Lenovo Recommended Websites\ThinkVantage Technologies.url -> hxxp://www.lenovo.com/thinkvantage InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> hxxp://support.steampowered.com/ ==================== Koniec Shortcut.txt =============================

Dodano 14.05.2016 17:38:16:
Info z SpeedTestu

Nie wiem czemu ale nie wykrywa mi w ogole UPLOAD.. cały czas "0"..wczesniej bylo 10-20 GB..
DOWNLOAD miedzy 30 a 70GB - skacze.

Dodano 14.05.2016 23:20:24:
http://www.speedtest.net/my-result/5325763053

takie wyniki a przegladajac 1 stronę albo max.2 internet ładuje je po kilka minut

**Posty:** 4765 · przez **ordynat** 15 Maj 2016, 07:11

Jest plik HOSTS zmodyfikowany przez chińską infekcję, ale poza tym w logach nie ma nic więcej podejrzanego.

Otwórz Notatnik i wklej w nim:

HOSTS:
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).
.

**Posty:** 271 · przez **Sythev** 15 Maj 2016, 23:50

chyba muszę udać sie do serwisu na formatowanie i zmiane Windows10 na Windows7 bo odkad kupilem laptopa Lenovo e540 to nie kłamiąc..same problemy..koszmar jakis i nigdy wiecej tej firmy a takze laptopa bo porazka po całosci.

Co do internetu to juz sam nie wiem..raz mam uplod raz go nie ma w ogole i wisi wszystko..na speedtescie pokazuje co chwile inne wyniki..internet raz chce sie polaczyc a raz nie..dodam,że stick z T-Mobile - odradzam osobom o slabych nerwach.

wrzucam jeszcze raz logi z programow i czy usunelo się to chinskie dziadostwo.

gmer:

Kod: Zaznacz wszystko: GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-15 23:31:31 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000031 WDC_WD5000LPVX-08V0TT5 rev.05.01A05 465,76GB Running: o3hk5gxs.exe; Driver: C:\Users\Adam\AppData\Local\Temp\kxtdrpod.sys ---- User code sections - GMER 2.2 ---- .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffad8295230 5 bytes JMP 00007ffa583d0480 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffad82952d0 5 bytes JMP 00007ffa583d0470 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffad8295590 5 bytes JMP 00007ffa583d0360 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffad8295630 5 bytes JMP 00007ffa583d0490 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffad8295650 5 bytes JMP 00007ffa583d03d0 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffad82957b0 5 bytes JMP 00007ffa583d0310 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffad8295810 1 byte JMP 00007ffa583d03a0 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 2 00007ffad8295812 3 bytes {JMP 0xffffffff8013ab90} .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffad8295850 5 bytes JMP 00007ffa583d0380 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffad82958d0 5 bytes JMP 00007ffa583d02d0 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffad82959d0 5 bytes JMP 00007ffa583d02c0 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffad8295a10 5 bytes JMP 00007ffa583d0300 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffad8295a90 5 bytes JMP 00007ffa583d03b0 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtResumeThread 00007ffad8295b10 5 bytes JMP 00007ffa583d0440 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffad8295b30 5 bytes JMP 00007ffa583d03e0 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffad8295dc0 5 bytes JMP 00007ffa583d0220 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffad82961c0 5 bytes JMP 00007ffa583d04a0 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffad8296220 5 bytes JMP 00007ffa583d0390 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffad82964a0 5 bytes JMP 00007ffa583d02e0 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffad82964e0 5 bytes JMP 00007ffa583d0340 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffad82965c0 5 bytes JMP 00007ffa583d0280 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffad8296700 5 bytes JMP 00007ffa583d02a0 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffad8296740 5 bytes JMP 00007ffa583d03c0 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffad8296760 5 bytes JMP 00007ffa583d0320 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffad82968c0 5 bytes JMP 00007ffa583d0410 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffad8296920 5 bytes JMP 00007ffa583d0230 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffad8296d40 5 bytes JMP 00007ffa583d03f0 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffad8296fa0 5 bytes JMP 00007ffa583d01d0 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffad8297160 5 bytes JMP 00007ffa583d0240 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffad82971c0 5 bytes JMP 00007ffa583d04b0 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffad82971e0 5 bytes JMP 00007ffa583d04c0 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffad8297240 5 bytes JMP 00007ffa583d02f0 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffad8297260 5 bytes JMP 00007ffa583d0350 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffad8297320 5 bytes JMP 00007ffa583d0290 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffad82973e0 5 bytes JMP 00007ffa583d02b0 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffad8297440 5 bytes JMP 00007ffa583d0370 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffad8297460 5 bytes JMP 00007ffa583d0330 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffad8297a80 5 bytes JMP 00007ffa583d0460 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtResumeProcess 00007ffad8297d40 5 bytes JMP 00007ffa583d0420 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffad8297ea0 5 bytes JMP 00007ffa583d0250 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffad8297ec0 5 bytes JMP 00007ffa583d0260 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffad8297f00 5 bytes JMP 00007ffa583d0400 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffad82982e0 5 bytes JMP 00007ffa583d01e0 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffad8298300 5 bytes JMP 00007ffa583d0200 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffad8298420 5 bytes JMP 00007ffa583d01f0 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffad8298500 5 bytes JMP 00007ffa583d0430 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffad8298520 5 bytes JMP 00007ffa583d0450 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffad8298540 5 bytes JMP 00007ffa583d0210 .text C:\WINDOWS\Explorer.EXE[5348] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffad8298760 5 bytes JMP 00007ffa583d0270 ? C:\WINDOWS\system32\apphelp.dll [1040] entry point in ".rdata" section 000000006f4a0380 ? C:\Windows\SYSTEM32\ActXPrxy.dll [7972] entry point in ".rdata" section 000000006b1ebd10 ? C:\WINDOWS\system32\apphelp.dll [5308] entry point in ".rdata" section 000000006f4a0380 ? C:\WINDOWS\SYSTEM32\MPRAPI.dll [5308] entry point in ".rdata" section 000000006bec36a0 ? C:\WINDOWS\system32\apphelp.dll [8096] entry point in ".rdata" section 000000006f4a0380 ? C:\WINDOWS\system32\apphelp.dll [1620] entry point in ".rdata" section 000000006f4a0380 ? C:\WINDOWS\system32\apphelp.dll [2492] entry point in ".rdata" section 000000006f4a0380 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [2492] entry point in ".rdata" section 000000006c84bb10 ? C:\WINDOWS\system32\apphelp.dll [9016] entry point in ".rdata" section 000000006f4a0380 ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\svchost.exe [520:2036] 00007ffac7744530 Thread C:\WINDOWS\system32\svchost.exe [520:360] 00007ffad3b16b60 Thread C:\WINDOWS\system32\svchost.exe [520:7052] 00007ffac51ec040 Thread C:\WINDOWS\system32\svchost.exe [520:7056] 00007ffac51ec040 Thread C:\WINDOWS\system32\svchost.exe [520:7060] 00007ffac51ec040 Thread C:\WINDOWS\system32\svchost.exe [520:3344] 00007ffac5ec94e0 Thread C:\WINDOWS\system32\svchost.exe [520:4680] 00007ffac5ebbe40 Thread C:\WINDOWS\system32\svchost.exe [520:3900] 00007ffac7bf9cb0 Thread C:\WINDOWS\system32\svchost.exe [1336:2172] 00007ffad3b16b60 Thread C:\WINDOWS\system32\svchost.exe [1336:2192] 00007ffad3b16b60 Thread C:\WINDOWS\system32\svchost.exe [1336:2200] 00007ffad3b16b60 Thread C:\WINDOWS\system32\svchost.exe [1336:2208] 00007ffac643e110 Thread C:\WINDOWS\system32\svchost.exe [1336:2216] 00007ffac66682e0 Thread C:\WINDOWS\system32\svchost.exe [1336:2340] 00007ffac643fc10 Thread C:\WINDOWS\system32\svchost.exe [1336:2344] 00007ffac642e720 Thread C:\WINDOWS\system32\svchost.exe [1336:2348] 00007ffac643f120 Thread C:\WINDOWS\system32\svchost.exe [1336:2532] 00007ffac61c6aa0 Thread C:\WINDOWS\system32\svchost.exe [1336:2644] 00007ffac61cb0c0 Thread C:\WINDOWS\system32\svchost.exe [1336:3180] 00007ffac4a61240 Thread C:\WINDOWS\system32\svchost.exe [1336:3184] 00007ffac4a79490 Thread C:\WINDOWS\system32\svchost.exe [1336:3188] 00007ffac49229b0 Thread C:\WINDOWS\system32\svchost.exe [1336:3392] 00007ffad12a3d30 Thread C:\WINDOWS\system32\svchost.exe [1336:5712] 00007ffad12a22b0 Thread C:\WINDOWS\system32\svchost.exe [1336:3520] 00007ffac7bd4350 Thread C:\WINDOWS\system32\svchost.exe [1836:6640] 00007ffacde42fd0 Thread C:\WINDOWS\system32\svchost.exe [1836:6280] 00007ffacdaa1a20 Thread C:\WINDOWS\System32\spoolsv.exe [2116:7108] 00007ffab1546320 Thread C:\WINDOWS\System32\spoolsv.exe [2116:7112] 00007ffab15229a0 Thread C:\WINDOWS\System32\spoolsv.exe [2116:7120] 00007ffabf261180 Thread C:\WINDOWS\System32\spoolsv.exe [2116:7124] 00007ffab176cd90 Thread C:\WINDOWS\system32\rundll32.exe [7220:7740] 00007ffacde84f80 Thread C:\WINDOWS\system32\csrss.exe [4952:4332] fffff96185374060 Thread C:\WINDOWS\system32\svchost.exe [3360:1644] 00007ffac51ec040 Thread C:\WINDOWS\system32\taskhostw.exe [128:7948] 00007ffad1811230 Thread C:\WINDOWS\system32\taskhostw.exe [128:7436] 00007ffad7c45300 Thread C:\WINDOWS\system32\taskhostw.exe [128:6912] 00007ffac9762020 Thread C:\WINDOWS\system32\taskhostw.exe [128:6916] 00007ffad2f430f0 Thread C:\WINDOWS\system32\taskhostw.exe [128:7180] 00007ffac51ec040 Thread C:\Windows\System32\RuntimeBroker.exe [4320:560] 00007ffad2ec0880 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:2252] 00007ffad7e67bd0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:2280] 00007ffad48d8f90 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:2264] 00007ffaba8eb530 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:2276] 00007ffacfd9e200 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:6072] 00007ffad48d8f90 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:7512] 00007ffaba8eb530 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:2700] 00007ffad7e67bd0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:1068] 00007ffad48d8f90 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:2720] 00007ffaba8eb530 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:6808] 00007ffaced1fc00 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:4912] 00007ffaced1fc00 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:2288] 00007ffaba705530 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:628] 00007ffaba705530 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:7432] 00007ffaba705530 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:6376] 00007ffaba705530 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:7276] 00007ffad48d8f90 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:7928] 00007ffaba8eb530 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:8304] 00007ffaced1fc00 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:9236] 00007ffad48d8f90 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:4056] 00007ffaba8eb530 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:9136] 00007ffaced1fc00 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:4576] 00007ffabf2bbd30 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:7040] 00007ffabbda6580 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:9212] 00007ffabbda6580 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:2320] 00007ffad48da090 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:7472] 00007ffad7e67bd0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:4500] 00007ffad7e67bd0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:1648] 00007ffad7e67bd0 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:8524] 00007ffaba686a00 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:2312] 00007ffaba686a00 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:8072] 00007ffaba686a00 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:5708] 00007ffaba686a00 Thread C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [8032:9060] 00007ffaba686a00 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1564:7128] 00007ffad48d8f90 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1564:4900] 00007ffaba8eb530 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1564:7848] 00007ffacfd9e200 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1564:3804] 00007ffaced1fc00 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1564:4420] 00007ffad5f0b0f0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1564:7836] 00007ffab02c2c40 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1564:3468] 00007ffab02aab20 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1564:7564] 00007ffab0313b90 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1564:6300] 00007ffab02b3020 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1564:3820] 00007ffab0313b90 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1564:4220] 00007ffad5f0b0f0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1564:6496] 00007ffad5f0b0f0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1564:1408] 00007ffab03108e0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1564:6940] 00007ffad7e67bd0 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1564:8340] 00007ffad7e67bd0 Thread C:\WINDOWS\system32\conhost.exe [3168:656] 00007ffabc749b40 Thread C:\WINDOWS\system32\conhost.exe [4372:5780] 00007ffabc749b40 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1611057048 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\142d273a8a5c Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\142d273a8a5c@9cd35ba524ef 0xF7 0x22 0x91 0xC9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@Bluetooth_UniqueID {00001116-0000-1000-8000-00805f9b34fb}#9CD35BA524EF_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001@Bluetooth_UniqueID {00001105-0000-1000-8000-00805f9b34fb}#9CD35BA524EF_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0001@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002@Bluetooth_UniqueID {00001112-0000-1000-8000-00805f9b34fb}#9CD35BA524EF_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0002@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@Bluetooth_UniqueID {0000110c-0000-1000-8000-00805f9b34fb}#9CD35BA524EF_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0004@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005@Bluetooth_UniqueID {00001115-0000-1000-8000-00805f9b34fb}#9CD35BA524EF_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0005@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0006 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0006@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0006@Bluetooth_UniqueID {0000112d-0000-1000-8000-00805f9b34fb}#9CD35BA524EF_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0006@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0009 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0009@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0009@Bluetooth_UniqueID {0000111f-0000-1000-8000-00805f9b34fb}#9CD35BA524EF_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0009@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0010 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0010@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0010@Bluetooth_UniqueID {00000000-0000-0000-0000-000000000000}#9CD35BA524EF_00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0010@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0011 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0011@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0011@Bluetooth_UniqueID {0000110a-0000-1000-8000-00805f9b34fb}#9CD35BA524EF_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0011@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0012 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0012@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0012@Bluetooth_UniqueID {0000112f-0000-1000-8000-00805f9b34fb}#9CD35BA524EF_C00000000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0012@ConnectionCount 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\9@Timestamp 0xF9 0x11 0xF3 0x1E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{16F4E041-5312-42ED-8C90-441159F533B7}@NetbiosOptions 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 8544 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 1436 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{16F4E041-5312-42ED-8C90-441159F533B7}@DhcpIPAddress 100.109.186.105 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{16F4E041-5312-42ED-8C90-441159F533B7}@DhcpSubnetMask 255.255.255.255 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{16F4E041-5312-42ED-8C90-441159F533B7}@NameServer 213.158.199.1 213.158.199.5 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x9A 0xD4 0x2C 0x50 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x9A 0x3C 0xF1 0xB1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x9A 0x6C 0x68 0xEE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount 0x9E 0xBE 0x53 0x02 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsRequestBucketCounter 197 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0x91 0x1E 0x42 0x99 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0x91 0x1E 0x42 0x99 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0x91 0x1E 0x42 0x99 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter 197 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0x91 0x1E 0x42 0x99 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0x55 0x53 0x44 0x77 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds E7CF176E110C211B?Chrome? Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 45 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----

Dodano 15.05.2016 22:59:43:
shortcut

Kod: Zaznacz wszystko: Rezultat skanowania skrótów użytkowników (x64) Wersja:14-05-2016 Uruchomiony przez Adam (2016-05-15 23:58:50) Uruchomiony z C:\Users\Adam\Downloads Tryb startu: Normal ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) Shortcut: C:\Users\Adam\Links\Desktop.lnk -> C:\Users\Adam\Desktop () Shortcut: C:\Users\Adam\Links\Downloads.lnk -> C:\Users\Adam\Downloads () Shortcut: C:\Users\Adam\Documents\Lenovo Solution Center.lnk -> C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe () Shortcut: C:\Users\Adam\Documents\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Adam\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\SendTo\Transfer plików Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Bandizip.lnk -> C:\Program Files\Bandizip\Bandizip64.exe (Bandisoft.com) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Downloads.lnk -> C:\Users\Adam\Downloads () Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Manager.lnk -> C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe () Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) Shortcut: C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) Shortcut: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\Adam\Documents () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\Adam\Downloads () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\Adam\Music () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\Adam\Pictures () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\Adam\Videos () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\Adam () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk -> C:\Windows\DevicesFlow\DevicesFlow.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LenovoEMC Storage Connector Help.lnk -> C:\Program Files\LenovoEMC\StorageConnector\Help\lesc_help-en.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LenovoEMCStorageConnector.lnk -> C:\Program Files\LenovoEMC\StorageConnector\StorageConnector.exe (LenovoEMC Products USA, LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VT Niemiecki Kurs podstawowy mp3\Usuń VT Niemiecki Kurs podstawowy mp3.lnk -> C:\Edgard\VT Niemiecki Kurs podstawowy mp3\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VT Niemiecki Kurs podstawowy mp3\VT Niemiecki Kurs podstawowy mp3.lnk -> C:\Edgard\VT Niemiecki Kurs podstawowy mp3\vt.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ThinkPad OneLink Dock Management.lnk -> C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD Create\PowerDVD Create.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD Create\PDVDCreate.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD Create\PowerDVD.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD Create\Power2Go\ISO Viewer.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\IsoViewer.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD Create\Power2Go\Power2Go.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD Create\CyberLink PowerProducer 5.5\CyberLink PowerProducer 5.5.lnk -> C:\Program Files (x86)\CyberLink\PowerProducer\Producer.exe (CyberLink Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 2.4\OpenOffice.org Base.lnk -> C:\Program Files (x86)\OpenOffice.org 2.4\program\sbase.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 2.4\OpenOffice.org Calc.lnk -> C:\Program Files (x86)\OpenOffice.org 2.4\program\scalc.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 2.4\OpenOffice.org Draw.lnk -> C:\Program Files (x86)\OpenOffice.org 2.4\program\sdraw.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 2.4\OpenOffice.org Impress.lnk -> C:\Program Files (x86)\OpenOffice.org 2.4\program\simpress.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 2.4\OpenOffice.org Math.lnk -> C:\Program Files (x86)\OpenOffice.org 2.4\program\smath.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 2.4\OpenOffice.org Writer.lnk -> C:\Program Files (x86)\OpenOffice.org 2.4\program\swriter.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\Silverlight.Configuration.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Deinstalacja programu Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools\Active Protection System.lnk -> C:\Windows\System32\TpShCPL.cpl (Lenovo.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools\Lenovo PC Experience.lnk -> D:\Windows\System32\Dxpserver.exe (Brak pliku) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools\Lenovo Solution Center.lnk -> C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools\Lenovo User Guide.lnk -> C:\ProgramData\Lenovo\userguides\viewer\LenovoUserGuide.exe (Lenovo) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools\System Update.lnk -> C:\Program Files (x86)\Lenovo\System Update\tvsu.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools\Warranty Information.lnk -> C:\Program Files (x86)\Lenovo\Warranty Viewer\WarrantyViewer.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Messenger.lnk -> C:\Program Files (x86)\Lenovo\Lenovo Messenger\NotificationsViewHost.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo QuickControl.lnk -> C:\Program Files (x86)\Lenovo\QuickControl\QuickControlUI.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Solutions for Small Business.lnk -> C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe (Intel Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\System Update.lnk -> C:\Program Files (x86)\Lenovo\System Update\tvsu.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Manager\Internet Manager.lnk -> C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Manager\Uninstall.lnk -> C:\Program Files (x86)\T-Mobile\InternetManager_H\uninst.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Management Engine Components\Intel(R) Management and Security Status.lnk -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby\Dolby Digital Plus.lnk -> C:\Program Files\Dolby Digital Plus\ddpe.exe (Dolby Laboratories Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 3\CyberLink PhotoDirector 3.lnk -> C:\Program Files (x86)\CyberLink\PhotoDirector3\PhotoDirector3.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant\SAII\SmartAudio.lnk -> C:\Program Files\CONEXANT\SAII\SmartAudio.exe (Conexant Systems, Inc) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandizip\Bandizip.lnk -> C:\Program Files\Bandizip\Bandizip64.exe (Bandisoft.com) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandizip\Odinstaluj.lnk -> C:\Program Files\Bandizip\Uninstall.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Lenovo\SystemUpdate\Session\Repository\sushortcutfix01\tvsu_32.lnk -> C:\Program Files (x86)\Lenovo\System Update\tvsu.exe () Shortcut: C:\ProgramData\Lenovo\SystemUpdate\Session\Repository\sushortcutfix01\tvsu_64.lnk -> C:\Program Files (x86)\Lenovo\System Update\tvsu.exe () Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\Users\Public\Desktop\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) ShortcutWithArgument: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\SendTo\Odbiorca faksu.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto: ShortcutWithArgument: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E} ShortcutWithArgument: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System ShortcutWithArgument: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions ShortcutWithArgument: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures ShortcutWithArgument: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D} ShortcutWithArgument: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\Adam\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Properties (Touchpad Clickpad Trackpad TrackPoint Mouse Pointer Pointing Pad).lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> mouse ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> -sta {C90FB8CA-3295-4462-A721-2935E83694BA} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX ShortcutWithArgument: C:\ProgramData\Lenovo\LenovoTvtTools\Lenovo PC Experience.lnk -> C:\Windows\System32\Dxpserver.exe (Microsoft Corporation) -> /c ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} InternetURL: C:\Users\Adam\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142 InternetURL: C:\Users\Adam\Favorites\Lenovo Recommended Websites\Home.url -> hxxp://www.lenovo.com/welcome/thinkpad InternetURL: C:\Users\Adam\Favorites\Lenovo Recommended Websites\My Lenovo Cloud.url -> hxxp://www.mylenovocloud.com/ InternetURL: C:\Users\Adam\Favorites\Lenovo Recommended Websites\News.url -> hxxp://www.lenovo.com/news/us/en InternetURL: C:\Users\Adam\Favorites\Lenovo Recommended Websites\Product Registration.url -> hxxp://www.lenovo.com/register InternetURL: C:\Users\Adam\Favorites\Lenovo Recommended Websites\Products.url -> hxxp://www.lenovo.com/products/us/en InternetURL: C:\Users\Adam\Favorites\Lenovo Recommended Websites\Services, Software, and Accessories.url -> hxxp://www.lenovo.com/accessories InternetURL: C:\Users\Adam\Favorites\Lenovo Recommended Websites\Support and Downloads.url -> hxxp://www.lenovo.com/support InternetURL: C:\Users\Adam\Favorites\Lenovo Recommended Websites\The Intel WiMAX website.url -> hxxp://www.intel.com/go/getwimax InternetURL: C:\Users\Adam\Favorites\Lenovo Recommended Websites\ThinkVantage Technologies.url -> hxxp://www.lenovo.com/thinkvantage InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> hxxp://support.steampowered.com/ ==================== Koniec Shortcut.txt =============================

Dodano 15.05.2016 23:00:29:
Addition

Kod: Zaznacz wszystko: Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja:14-05-2016 Uruchomiony przez Adam (2016-05-15 23:56:51) Uruchomiony z C:\Users\Adam\Downloads Windows 10 Home Wersja 1511 (X64) (2015-11-19 13:48:37) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Adam (S-1-5-21-395553583-66053808-1738365731-1001 - Administrator - Enabled) => C:\Users\Adam Administrator (S-1-5-21-395553583-66053808-1738365731-500 - Administrator - Disabled) Gość (S-1-5-21-395553583-66053808-1738365731-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-395553583-66053808-1738365731-1003 - Limited - Enabled) Konto domyślne (S-1-5-21-395553583-66053808-1738365731-503 - Limited - Disabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software) Bandizip (HKLM\...\Bandizip) (Version: 5.01 - Bandisoft.com) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant) CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.) CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden Dependency Package Update (x32 Version: 1.6.38.00 - Lenovo Group Limited) Hidden Dependency Package Update (x32 Version: 1.6.38.01 - Lenovo Group Limited) Hidden Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.) Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Integrated Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10236 - Realtek Semiconductor Corp.) Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1014 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation) Intel(R) Update Manager (x32 Version: 1.0.0.36888 - Intel Corporation) Hidden Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.18.17.49 - Huawei Technologies Co.,Ltd) Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.10 - ) Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited) Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.17 - Lenovo) Lenovo QuickControl (HKLM-x32\...\{4855C42F-5197-4AAD-A50D-5066D2CC4647}) (Version: 1.50 - Lenovo Group Limited) Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.1.12.100 - Lenovo Corporation) Lenovo Settings - Location Awareness (HKLM-x32\...\{C79D4402-E622-4922-9C02-89F9080BF081}_is1) (Version: 1.3.0.8 - Lenovo Group Limited) Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.0.0.9 - Lenovo Group Limited) Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.1.0.2 - Lenovo Group Limited) Lenovo Solution Center (HKLM\...\{49277B39-D2E8-4342-9CE8-FC080C3FA344}) (Version: 2.8.007.00 - Lenovo Group Limited) Lenovo Solutions for Small Business (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.2.42.8185 - Intel(R) Corporation) Lenovo Solutions for Small Business Customizations (HKLM-x32\...\{AFD7B869-3B70-40C7-8983-769256BA3BD2}) (Version: 2.2.0003.00 - Lenovo Group Limited) Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0003 - Lenovo) Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited) Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo) LenovoEMC Storage Connector (HKLM\...\LenovoEMC) (Version: 1.1.2.26394 - LenovoEMC) Malwarebytes Anti-Malware wersja 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden Microsoft Office 365 - pl-pl (HKLM\...\O365HomePremRetail - pl-pl) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 46.0.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 pl)) (Version: 46.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.42.20 - ) OpenOffice.org 2.4 (HKLM-x32\...\{E33DB440-A008-4928-8A4E-5FC5ADDED608}) (Version: 2.4.9364 - OpenOffice.org) Pakiet sterowników systemu Windows - Intel Corporation (iaStorA) HDC (08/01/2013 12.8.0.1016) (HKLM\...\C8A921233C0C441A4E4EAABC2AB08C872FD77A6E) (Version: 08/01/2013 12.8.0.1016 - Intel Corporation) Pakiet sterowników systemu Windows - Lenovo 1.67.04.04 (11/07/2013 1.67.04.04) (HKLM\...\70FB73D983446AEE2932B0ED51A770D1BD1348DA) (Version: 11/07/2013 1.67.04.04 - Lenovo) Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.) PowerDVD Create 10 (x32 Version: 10.0.1.2704 - CyberLink Corp.) Hidden RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 2.1.1.0 - Lenovo) REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.773.101113 - REALTEK Semiconductor Corp.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek) REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.) SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.1.0.9134 - Microsoft Corporation) Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.102 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.27 - Synaptics Incorporated) ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.25 - Lenovo) ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.78.0.10 - Lenovo) Validity WBF DDK 5011 (HKLM\...\{FF5E324F-1FFF-49D4-8F71-0D25EDF12764}) (Version: 4.5.240.0 - Validity Sensors, Inc.) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VT Niemiecki Kurs podstawowy mp3 (HKLM-x32\...\vt30niemmp3_is1) (Version: - ) WaveEditor (x32 Version: 1.0.1.4514 - CyberLink Corp.) Hidden ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) CustomCLSID: HKU\S-1-5-21-395553583-66053808-1738365731-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com) CustomCLSID: HKU\S-1-5-21-395553583-66053808-1738365731-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {15253601-3ACD-49A2-9DB4-20AB302EC6E6} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-12-14] () Task: {20756577-2000-4FC6-AC44-32A1DBECF3D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.) Task: {3435619E-12F7-4D13-B10D-7C87C112CB28} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe Task: {3494046A-943F-4A56-B11F-9D0D62636D51} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe Task: {4DDAFC40-61A9-462A-A3B2-F4E7080AAF5D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {58B180ED-D066-43A5-A240-3C220083A6BA} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-01-08] (Lenovo) Task: {64244DBC-6DE7-4F14-BE81-37248FA11C1F} - System32\Tasks\{706BA7C7-D22E-4173-B434-70E9C6C03A0D} => pcalua.exe -a "C:\Program Files (x86)\T-Mobile\InternetManager_H\uninst.exe" Task: {6B29A057-F7D6-4AE3-B6EC-AE409A3E716E} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-01-08] () Task: {72BA38E3-3145-4387-928B-6FA5CEEFC22B} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [2013-06-28] (CyberLink Corp.) Task: {74674D36-D099-4BD3-BE0C-B2DD25271647} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2016-01-08] (Lenovo) Task: {8504367F-25B4-4830-B7C0-E519053500CF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {9B8E8683-088E-4C11-9040-DD560B03109C} - System32\Tasks\SafeZone scheduled Autoupdate 1455553702 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software) Task: {9BE176B4-8945-44D2-BB5C-21A83C30B85F} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2016-01-08] (Lenovo) Task: {A3DB36FB-2A05-4393-9055-D004ED3DFE6E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-14] (AVAST Software) Task: {A6BFD066-E8BF-4BD6-948B-1248DEDC94AB} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-25] (Synaptics Incorporated) Task: {C0AE073A-80A2-46F6-A7ED-E9E8EFFA441B} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2013-03-06] (CyberLink) Task: {D3E34902-0E8F-441F-9B29-C51B4D5F591F} - System32\Tasks\SafeZone scheduled Autoupdate 1458426270 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software) Task: {DA4612D5-67C5-4047-AA8D-7D2DE12CDF29} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe Task: {DBA2AD47-8DDD-4348-8C14-AE97728D1CFC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated) Task: {ECE94F82-649E-4FBC-B3EC-C64125C27AA4} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-01-08] () Task: {F1BB6CFC-4554-432D-ADAA-D039D674A256} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-07-01] () Task: {F21D4E6A-9985-4042-A6A0-23666251E6AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ==================== Załadowane moduły (filtrowane) ============== 2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2014-05-16 11:26 - 2013-10-11 07:44 - 00104960 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.dll 2014-09-25 23:16 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-01-15 05:42 - 2014-01-15 05:42 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2016-05-15 20:29 - 2014-04-26 08:15 - 00682064 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe 2016-04-19 15:45 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-19 15:45 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-04-19 22:37 - 2016-04-19 22:37 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2015-12-20 01:30 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-05-11 16:05 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-05-11 16:07 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-05-11 16:07 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-05-11 16:08 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-05-11 16:08 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-11-19 15:24 - 2010-10-26 13:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe 2014-05-16 10:42 - 2013-10-28 16:48 - 00915968 _____ () C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe 2014-05-16 11:26 - 2013-10-11 07:44 - 00104960 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL 2016-05-15 20:28 - 2014-08-13 11:16 - 00090704 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe 2014-05-16 11:26 - 2013-11-01 17:16 - 00467720 _____ () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe 2014-05-16 11:26 - 2013-11-01 17:16 - 00013064 _____ () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe 2016-05-14 16:07 - 2016-05-14 16:07 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-05-14 16:07 - 2016-05-14 16:07 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-05-15 18:12 - 2016-05-15 18:12 - 02906112 _____ () C:\Program Files\AVAST Software\Avast\defs\16051500\algo.dll 2016-05-14 16:07 - 2016-05-14 16:07 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll 2016-05-14 16:07 - 2016-05-14 16:07 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-05-15 23:45 - 2016-05-15 23:45 - 02906624 _____ () C:\Program Files\AVAST Software\Avast\defs\16051502\algo.dll 2014-05-16 11:14 - 2014-05-16 11:14 - 00033520 _____ () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll 2016-05-15 20:29 - 2013-08-16 08:53 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll 2016-05-15 20:29 - 2013-08-16 08:53 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll 2016-05-15 20:29 - 2014-02-15 09:31 - 02416640 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll 2016-05-15 20:29 - 2014-02-15 09:33 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll 2016-05-12 20:36 - 2016-05-12 20:36 - 01232896 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\c0fb22078317e79da774414628b9d7b7\Windows.Networking.ni.dll 2016-05-15 00:04 - 2016-05-15 00:04 - 03154432 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Devices\d14f3937e304db4b252f5f55e19b9fde\Windows.Devices.ni.dll 2016-05-12 20:31 - 2016-05-12 20:31 - 00335360 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\cbafdb4e11c9fd06e0a2e5efa6253883\Windows.Foundation.ni.dll 2016-04-19 22:37 - 2016-04-19 22:37 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-19 22:37 - 2016-04-19 22:37 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2013-03-06 21:49 - 2013-03-06 21:49 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2013-03-06 21:52 - 2013-03-06 21:52 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2016-04-22 22:33 - 2016-04-22 22:33 - 00679624 _____ () C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll 2015-12-17 00:00 - 2015-12-17 00:00 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00457808 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\core.dll 2016-05-15 20:28 - 2014-08-13 11:17 - 00282704 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\sdk.dll 2016-05-15 20:28 - 2013-08-16 08:53 - 00011362 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\mingwm10.dll 2016-05-15 20:28 - 2013-08-16 08:53 - 00043008 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\libgcc_s_dw2-1.dll 2016-05-15 20:28 - 2014-02-15 09:31 - 02416640 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll 2016-05-15 20:28 - 2014-02-15 09:44 - 09559040 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtGui4.dll 2016-05-15 20:28 - 2014-08-13 11:17 - 00397392 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Proxy.DLL 2016-05-15 20:28 - 2014-08-13 11:17 - 00164432 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Trace.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00250448 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Common.dll 2016-05-15 20:28 - 2014-08-13 11:17 - 00553040 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\PluginContainer.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00267344 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AtCodec.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00329296 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DeviceSrvPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00243792 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetSrvPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:17 - 00197200 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\XCodec.dll 2016-05-15 20:28 - 2014-08-13 11:17 - 00162896 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSDialup.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00161360 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DataServicePlugin.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00291408 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AddrBookSrvPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:17 - 00225872 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SmsSrvPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:17 - 00149072 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\USSDSrvPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00345680 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DeviceAppPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:17 - 00072272 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSPowerMgr.dll 2016-05-15 20:28 - 2014-08-13 11:17 - 00121424 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Win7Support.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00174672 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\ATR2SMgr.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 01095248 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AddrBookPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:17 - 00715344 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SmsAppPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00165456 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetConnectSrvPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00240720 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DialUpPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:17 - 00109136 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSAdapt.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00206928 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NDISPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:17 - 00138320 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSNDIS.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 01153616 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NDISAPI.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00324688 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetInfoSrvPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00566864 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DeviceMgrUIPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:17 - 00310864 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\XFramePlugin.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00826448 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\MiniFramePlugin.dll 2016-05-15 20:28 - 2014-02-15 09:32 - 00398336 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtXml4.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00104016 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NotifyServicePlugin.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00338512 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetConnectPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00426064 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DialupUIPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:17 - 00325712 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\StatusBarMgrPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00283216 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\MenuMgrPlugin.dll 2016-05-15 20:28 - 2014-02-15 09:33 - 01148416 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtNetwork4.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00123984 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\LayoutPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:17 - 00312912 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SettingUIPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00509520 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetSettingPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00315472 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetInfoRecordUIPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00107088 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\CompressRatePlugin.dll 2016-05-15 20:28 - 2014-08-13 11:17 - 00155728 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\VPNPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00525392 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetInfoUIExPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:17 - 00847952 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SMSUIPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:17 - 00116816 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\ServiceUIPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00419408 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DiagnosisPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00146512 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\HelpUIPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:17 - 00457296 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\USSDUIPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00815184 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AddrBookUIPlugin.dll 2016-05-15 20:28 - 2014-08-13 11:16 - 00719952 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\LiveUpdateInterface.DLL 2016-05-15 20:28 - 2014-02-15 10:49 - 00082944 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qgif4.dll 2016-05-15 20:28 - 2014-02-15 10:49 - 00081920 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qico4.dll 2016-05-15 20:28 - 2014-02-15 10:49 - 00192000 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qjpeg4.dll 2016-05-15 20:28 - 2014-02-15 10:49 - 00350720 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qmng4.dll 2016-05-15 20:28 - 2014-02-15 10:49 - 00370176 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qtiff4.dll 2014-05-16 10:40 - 2013-09-16 05:19 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-05-13 10:29 - 2016-05-11 13:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll 2016-05-13 10:29 - 2016-05-11 13:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\ProgramData\Temp:157E1AD3 [129] ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2013-08-22 15:25 - 2016-05-15 10:36 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-395553583-66053808-1738365731-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Adam\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg DNS Servers: 213.158.199.1 - 213.158.199.5 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Obecnie brak automatycznej naprawy dla tej sekcji.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Steam Client Service => 3 HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{B1EE66ED-D7E9-4380-B41E-19C3AF3BE54F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{A6CAB9EC-2566-488C-89C5-7FB6523C7708}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{066D0E4C-3B5F-4A0A-BCFF-8590841DA280}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3F77D2D4-8D4B-4E48-B37E-44E4D11D272A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E2B1EB03-809D-48F7-906E-83A170DFFCD6}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe FirewallRules: [{83C58653-9C9E-4083-8ACC-106DC8FBAC20}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe FirewallRules: [{2D625DDE-8148-4750-B0CB-6EC4E4E0EBD6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{C7E10971-5514-4886-9C5B-C3B906A756B4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{75EE30EC-4422-4936-9A02-326C14435D76}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{B6F31C27-288A-4554-A63C-05BF710E86FF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{3D9DDA88-6ADE-40F5-BEF0-F1E214ECD37E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{FE82692A-C40F-4358-ADC6-E4A42ADA3B8F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{E0ECF072-4D31-4471-A117-C4F1C2A1D52F}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe FirewallRules: [{2D0001DA-2DAD-4B8A-BD04-CA6477F8BDD6}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe FirewallRules: [{4BD3BB6C-2B7F-4398-BDFE-B082BB1E5E6D}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe FirewallRules: [{6994BF53-1D9F-4914-8A82-A6966E03A732}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe FirewallRules: [{34B61DD0-BA4B-4B01-A2B5-27C48308FD9C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{43662A0E-0489-49C2-B8D6-EF615600BD7C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{5CDCE01F-E7C2-43E7-A049-DA060AFEC946}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{A45CACD5-C548-46F3-BDBE-31FA8BE3C181}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{92E106AD-31E2-4736-8000-A85B404FA6DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Warface\live\nw.exe FirewallRules: [{9852149A-3786-4190-AABF-F863F0EA4037}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Warface\live\nw.exe FirewallRules: [TCP Query User{75971BBC-F91D-4BAC-9298-A1AEE9ED12C0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{15D63003-B870-4060-8DED-920709D78624}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{C8A4ED16-AF42-4887-BF66-E56E2963630C}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe FirewallRules: [{CA1FBDFD-0387-4564-9F9C-0A5573D95168}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe FirewallRules: [{D4E84749-AAAA-459E-B582-C96F279B254A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Punkty Przywracania systemu ========================= 04-05-2016 15:55:57 Zaplanowany punkt kontrolny 11-05-2016 16:36:35 Windows Update 11-05-2016 16:37:52 Windows Update 14-05-2016 14:06:53 Removed Java 8 Update 91 ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: avast! SecureLine TAP Adapter v3 Description: avast! SecureLine TAP Adapter v3 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: aswTap Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (05/15/2016 06:11:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: svchost.exe_MapsBroker, wersja: 10.0.10586.0, sygnatura czasowa: 0x5632d7ba Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000 Kod wyjątku: 0x8400000e Przesunięcie błędu: 0x0000000000000000 Identyfikator procesu powodującego błąd: 0x114c Godzina uruchomienia aplikacji powodującej błąd: 0xsvchost.exe_MapsBroker0 Ścieżka aplikacji powodującej błąd: svchost.exe_MapsBroker1 Ścieżka modułu powodującego błąd: svchost.exe_MapsBroker2 Identyfikator raportu: svchost.exe_MapsBroker3 Pełna nazwa pakietu powodującego błąd: svchost.exe_MapsBroker4 Identyfikator aplikacji względem pakietu powodującego błąd: svchost.exe_MapsBroker5 Error: (05/15/2016 12:27:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ADAM-PC) Description: Działanie pakietu windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel zostało zakończone, ponieważ operacja wstrzymywania pakietu trwała zbyt długo. Error: (05/14/2016 07:16:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ADAM-PC) Description: Działanie pakietu Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App zostało zakończone, ponieważ operacja wstrzymywania pakietu trwała zbyt długo. Error: (05/14/2016 05:10:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: NetworkUXBroker.exe, wersja: 10.0.10586.0, sygnatura czasowa: 0x5632d7f4 Nazwa modułu powodującego błąd: NetworkUXBroker.exe, wersja: 10.0.10586.0, sygnatura czasowa: 0x5632d7f4 Kod wyjątku: 0xe0464645 Przesunięcie błędu: 0x000000000000a6d6 Identyfikator procesu powodującego błąd: 0x2330 Godzina uruchomienia aplikacji powodującej błąd: 0xNetworkUXBroker.exe0 Ścieżka aplikacji powodującej błąd: NetworkUXBroker.exe1 Ścieżka modułu powodującego błąd: NetworkUXBroker.exe2 Identyfikator raportu: NetworkUXBroker.exe3 Pełna nazwa pakietu powodującego błąd: NetworkUXBroker.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: NetworkUXBroker.exe5 Error: (05/14/2016 05:04:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: NetworkUXBroker.exe, wersja: 10.0.10586.0, sygnatura czasowa: 0x5632d7f4 Nazwa modułu powodującego błąd: NetworkUXBroker.exe, wersja: 10.0.10586.0, sygnatura czasowa: 0x5632d7f4 Kod wyjątku: 0xe0464645 Przesunięcie błędu: 0x000000000000a6d6 Identyfikator procesu powodującego błąd: 0x2330 Godzina uruchomienia aplikacji powodującej błąd: 0xNetworkUXBroker.exe0 Ścieżka aplikacji powodującej błąd: NetworkUXBroker.exe1 Ścieżka modułu powodującego błąd: NetworkUXBroker.exe2 Identyfikator raportu: NetworkUXBroker.exe3 Pełna nazwa pakietu powodującego błąd: NetworkUXBroker.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: NetworkUXBroker.exe5 Error: (05/14/2016 02:07:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to back up image of binary Protokół LLDP (Link-Layer Discovery Protocol) firmy Microsoft. System Error: Odmowa dostępu. . Error: (05/14/2016 11:52:37 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ADAM-PC) Description: Działanie pakietu windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel zostało zakończone, ponieważ operacja wstrzymywania pakietu trwała zbyt długo. Error: (05/14/2016 12:51:57 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: svchost.exe, wersja: 10.0.10586.0, sygnatura czasowa: 0x5632d7ba Nazwa modułu powodującego błąd: ESENT.dll, wersja: 10.0.10586.212, sygnatura czasowa: 0x56fa1686 Kod wyjątku: 0xc0000602 Przesunięcie błędu: 0x000000000022885f Identyfikator procesu powodującego błąd: 0x89c Godzina uruchomienia aplikacji powodującej błąd: 0xsvchost.exe0 Ścieżka aplikacji powodującej błąd: svchost.exe1 Ścieżka modułu powodującego błąd: svchost.exe2 Identyfikator raportu: svchost.exe3 Pełna nazwa pakietu powodującego błąd: svchost.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: svchost.exe5 Error: (05/14/2016 12:51:57 AM) (Source: ESENT) (EventID: 908) (User: ) Description: svchost (2204) Zatrzymywanie procesu z powodu nieodwracalnego błędu: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1601(dir.cxx:753): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS) Error: (05/13/2016 04:48:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADAM-PC) Description: Aktywacja aplikacji Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Dziennik System: ============= Error: (05/15/2016 11:44:08 PM) (Source: DCOM) (EventID: 10010) (User: ZARZĄDZANIE NT) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (05/15/2016 11:41:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi QuickControlService. Error: (05/15/2016 11:41:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0 z powodu następującego błędu: %%1053 Error: (05/15/2016 11:41:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą FontCache3.0.0.0. Error: (05/15/2016 11:40:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Internet Manager. RunOuc z powodu następującego błędu: %%1053 Error: (05/15/2016 11:40:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Internet Manager. RunOuc. Error: (05/15/2016 11:40:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi SAService z powodu następującego błędu: %%2 Error: (05/15/2016 11:40:20 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000009f (0x0000000000000004, 0x000000000000012c, 0xffffe000260a6800, 0xffffd0008129b9b0)C:\WINDOWS\Minidump\051516-18671-01.dmp4b6d5dae-cac8-4f16-8c6e-7bf79c023282 Error: (05/15/2016 11:34:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa Automatyczne konfigurowanie bezprzewodowej sieci WAN zakończyła działanie; wystąpił następujący błąd: %%997 Error: (05/15/2016 11:34:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Dostęp do danych użytkownika_6cd90e niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 10000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. CodeIntegrity: =================================== Date: 2016-05-15 10:08:11.050 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-12 15:09:08.660 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-29 22:40:25.906 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-27 23:35:23.406 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-25 09:43:53.444 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-10 23:29:40.265 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-09 20:17:54.620 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-05 09:03:39.881 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-04 15:15:13.055 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-15 17:30:22.398 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz Procent pamięci w użyciu: 54% Całkowita pamięć fizyczna: 3986.65 MB Dostępna pamięć fizyczna: 1829.8 MB Całkowita pamięć wirtualna: 8082.65 MB Dostępna pamięć wirtualna: 5666.94 MB ==================== Dyski ================================ Drive c: (Windows8_OS) (Fixed) (Total:451.25 GB) (Free:404.83 GB) NTFS ==>[system z komponentami startowymi (pozyskano odczytując dysk)] Drive e: (Internet Manager) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 5E855232) Partition: GPT. ==================== Koniec Addition.txt ============================

Dodano 15.05.2016 23:01:16:
FRST

Kod: Zaznacz wszystko: Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:14-05-2016 Uruchomiony przez Adam (administrator) ADAM-PC (15-05-2016 23:55:28) Uruchomiony z C:\Users\Adam\Downloads Załadowane profile: Adam (Dostępne profile: Adam) Platform: Windows 10 Home Wersja 1511 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe () C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe (Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (LenovoEMC Products USA, LLC) C:\Program Files\LenovoEMC\StorageConnector\LenovoEMCDiscovery.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.) HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [147160 2013-06-19] (Realtek Semiconductor Corp.) HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-20] (Lenovo Group Limited) HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [384296 2013-10-28] (Lenovo.) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [600568 2013-11-05] (Lenovo Corporation) HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [402344 2015-12-19] () HKLM\...\Run: [SynLenovoHelper] => C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe [163960 2015-10-25] (Synaptics) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation) HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [750320 2014-05-16] (Lenovo) HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400576 2016-05-14] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50515584 2015-11-17] (Skype Technologies S.A.) HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {5da2bd70-195d-11e6-82f4-28d24482f56a} - "E:\AutoRun.exe" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {60794a9e-ad8f-11e4-8286-28d24482f56a} - "E:\AutoRun.exe" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {734fcbd9-19cd-11e6-82f5-28d24482f56a} - "E:\AutoRun.exe" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {734fcda7-19cd-11e6-82f5-28d24482f56a} - "E:\AutoRun.exe" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {734fce18-19cd-11e6-82f5-28d24482f56a} - "E:\AutoRun.exe" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {734fce68-19cd-11e6-82f5-28d24482f56a} - "E:\AutoRun.exe" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {734fceec-19cd-11e6-82f5-28d24482f56a} - "E:\AutoRun.exe" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {840dd4a1-8ec2-11e5-89ae-28d24482f56a} - "E:\AutoRun.exe" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {a734a652-1a78-11e6-82f7-28d24482f56a} - "E:\AutoRun.exe" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {a734a6bd-1a78-11e6-82f7-28d24482f56a} - "E:\AutoRun.exe" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {dbaca1ad-19e9-11e6-82f6-142d273a8a5b} - "E:\AutoRun.exe" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {dbaca21c-19e9-11e6-82f6-142d273a8a5b} - "E:\AutoRun.exe" HKU\S-1-5-21-395553583-66053808-1738365731-1001\...\MountPoints2: {dbaca658-19e9-11e6-82f6-28d24482f56a} - "E:\AutoRun.exe" ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-12] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-12] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-12] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-14] (AVAST Software) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-22] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-22] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-22] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ThinkPad OneLink Dock Management.lnk [2015-11-09] ShortcutTarget: ThinkPad OneLink Dock Management.lnk -> C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe () ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\..\Interfaces\{16F4E041-5312-42ED-8C90-441159F533B7}: [NameServer] 213.158.199.1 213.158.199.5 Tcpip\..\Interfaces\{20265aec-d3fd-4f1d-8540-5af401f54c87}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{859aa2a3-3ac6-487e-8b76-2b23071bfec5}: [NameServer] 77.234.40.79 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130876740676272479&GUID=A30B73EC-CDF7-48AA-A8BB-2AF559D23CDA HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-395553583-66053808-1738365731-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130876740676467617&GUID=A30B73EC-CDF7-48AA-A8BB-2AF559D23CDA HKU\S-1-5-21-395553583-66053808-1738365731-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - Brak pliku Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\bav199lt.default-1423070591943 FF Homepage: hxxps://trafficmonsoon.com/?ref=SuperMan777 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) FF Extension: Flashlight - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\bav199lt.default-1423070591943\extensions\flashlight@stephennolan.com.au [2016-04-28] FF Extension: Facebook Phishing Protector - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\bav199lt.default-1423070591943\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2016-04-27] FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-04-29] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-14] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-14] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://trafficmonsoon.com/?ref=SuperMan777" CHR Profile: C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-31] CHR Extension: (Dokumenty Google) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-31] CHR Extension: (Dysk Google) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-31] CHR Extension: (YouTube) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-31] CHR Extension: (Google Search) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-31] CHR Extension: (Arkusze Google) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-31] CHR Extension: (Dokumenty Google offline) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-15] CHR Extension: (Avast Online Security) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-01-31] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-15] CHR Extension: (Gmail) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-31] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-14] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-14] (AVAST Software) S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573432 2013-11-05] (Lenovo Corporation) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-04-29] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-04-29] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2014-05-16] (Lenovo) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] () R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Brak podpisu cyfrowego] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [54976 2013-09-24] (Intel Corporation) S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [682064 2014-04-26] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2083592 2013-11-06] (Lenovo Group Limited) R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.) S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [695800 2013-11-05] (Lenovo Corporation) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited) R2 LenovoEMCDiscovery; C:\Program Files\LenovoEMC\StorageConnector\LenovoEMCDiscovery.exe [1410888 2014-04-08] (LenovoEMC Products USA, LLC) R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [467720 2013-11-01] () S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2016-01-08] (Lenovo) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [58360 2013-10-08] (Lenovo Group Limited) R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [140280 2013-10-08] (Lenovo Group Limited) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22008 2015-07-01] () R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255096 2015-10-25] (Synaptics Incorporated) R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49968 2015-01-29] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-14] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-14] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-14] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-14] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-14] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-14] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-14] (AVAST Software) S3 aswTap; C:\Windows\System32\drivers\aswTap.sys [44640 2015-12-17] (The OpenVPN Project) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-14] (AVAST Software) R0 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [65928 2014-05-16] (Windows (R) Win 7 DDK provider) R3 hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys [124800 2014-06-11] (Huawei Technologies Co., Ltd.) R3 hwusb_wwanecm; C:\Windows\System32\drivers\ew_wwanecm.sys [379392 2014-05-04] (Huawei Technologies Co., Ltd.) R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77456 2013-08-19] (Intel Corporation) S3 kxtdrpod; C:\Users\Adam\AppData\Local\Temp\kxtdrpod.sys [56584 2016-05-15] (GMER) [Brak podpisu cyfrowego] S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S3 LGSUsbFilt; C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-18] (Realtek ) R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [593624 2015-11-19] (Realtek Semiconductor Corporation) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [761600 2015-06-15] (Realsil Semiconductor Corporation) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8244312 2013-06-19] (Realtek Semiconductor Corp.) R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [3445248 2015-10-30] (Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51320 2015-10-25] (Synaptics Incorporated) S3 SWIX64; C:\Program Files (x86)\Lenovo\System Update\tvsuhd64.sys [34976 2015-06-28] (Lenovo Group Limited) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-05-15 23:55 - 2016-05-15 23:56 - 00024962 _____ C:\Users\Adam\Downloads\FRST.txt 2016-05-15 23:44 - 2016-05-15 23:44 - 00000000 ___HD C:\OneDriveTemp 2016-05-15 20:29 - 2016-05-15 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Manager 2016-05-15 20:29 - 2016-05-15 20:29 - 00000000 ____D C:\ProgramData\Internet Manager 2016-05-15 20:28 - 2016-05-15 20:28 - 00000000 ____D C:\Program Files (x86)\T-Mobile 2016-05-15 20:28 - 2014-06-11 05:52 - 00124800 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_cdcacm.sys 2016-05-15 20:28 - 2014-05-04 12:56 - 00379392 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_wwanecm.sys 2016-05-15 20:28 - 2014-03-27 04:49 - 00457728 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbwwan.sys 2016-05-15 20:28 - 2013-11-30 13:41 - 00246272 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juwwanecm.sys 2016-05-15 20:28 - 2013-11-30 13:40 - 00110592 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcacm.sys 2016-05-15 20:28 - 2013-11-30 13:40 - 00091648 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys 2016-05-15 20:28 - 2013-11-30 13:40 - 00077312 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcecm.sys 2016-05-15 20:28 - 2013-11-30 13:40 - 00030720 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juextctrl.sys 2016-05-15 20:28 - 2013-11-30 13:25 - 00226176 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys 2016-05-15 20:28 - 2013-01-25 05:46 - 00109568 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys 2016-05-15 20:28 - 2012-12-22 06:16 - 00014976 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbenumfilter.sys 2016-05-15 20:28 - 2010-10-08 13:29 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys 2016-05-15 20:28 - 2010-09-26 14:39 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys 2016-05-14 17:59 - 2016-05-14 17:59 - 02382336 _____ (Farbar) C:\Users\Adam\Downloads\FRST64.exe 2016-05-14 17:15 - 2016-05-14 17:15 - 00003266 _____ C:\WINDOWS\System32\Tasks\{706BA7C7-D22E-4173-B434-70E9C6C03A0D} 2016-05-14 16:27 - 2016-05-14 16:27 - 00380928 _____ C:\Users\Adam\Downloads\o3hk5gxs.exe 2016-05-14 16:07 - 2016-05-14 16:07 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2016-05-14 16:07 - 2016-05-14 16:07 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2016-05-14 00:47 - 2016-05-14 00:47 - 03640384 _____ C:\Users\Adam\Downloads\AdwCleaner.exe 2016-05-14 00:43 - 2016-05-14 00:43 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf 2016-05-11 16:09 - 2016-04-23 06:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-05-11 16:09 - 2016-04-23 06:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-05-11 16:08 - 2016-04-23 07:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-05-11 16:08 - 2016-04-23 07:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-05-11 16:08 - 2016-04-23 06:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-05-11 16:08 - 2016-04-23 06:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-05-11 16:08 - 2016-04-23 06:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-05-11 16:08 - 2016-04-23 06:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-05-11 16:08 - 2016-04-23 06:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-05-11 16:08 - 2016-04-23 06:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-05-11 16:08 - 2016-04-23 06:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-05-11 16:08 - 2016-04-23 06:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-05-11 16:08 - 2016-04-23 06:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-05-11 16:08 - 2016-04-23 06:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2016-05-11 16:08 - 2016-04-23 06:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-05-11 16:08 - 2016-04-23 06:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2016-05-11 16:08 - 2016-04-23 06:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2016-05-11 16:08 - 2016-04-23 06:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-05-11 16:08 - 2016-04-23 06:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2016-05-11 16:07 - 2016-04-30 08:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-05-11 16:07 - 2016-04-30 08:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-05-11 16:07 - 2016-04-23 08:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-05-11 16:07 - 2016-04-23 08:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-05-11 16:07 - 2016-04-23 08:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-05-11 16:07 - 2016-04-23 08:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-05-11 16:07 - 2016-04-23 08:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-05-11 16:07 - 2016-04-23 08:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-05-11 16:07 - 2016-04-23 08:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-05-11 16:07 - 2016-04-23 07:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-05-11 16:07 - 2016-04-23 07:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-05-11 16:07 - 2016-04-23 07:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-05-11 16:07 - 2016-04-23 07:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-05-11 16:07 - 2016-04-23 07:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-05-11 16:07 - 2016-04-23 07:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2016-05-11 16:07 - 2016-04-23 07:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2016-05-11 16:07 - 2016-04-23 07:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-05-11 16:07 - 2016-04-23 07:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-05-11 16:07 - 2016-04-23 07:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-05-11 16:07 - 2016-04-23 07:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2016-05-11 16:07 - 2016-04-23 07:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-05-11 16:07 - 2016-04-23 07:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-05-11 16:07 - 2016-04-23 07:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-05-11 16:07 - 2016-04-23 07:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2016-05-11 16:07 - 2016-04-23 07:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-05-11 16:07 - 2016-04-23 07:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2016-05-11 16:07 - 2016-04-23 07:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-05-11 16:07 - 2016-04-23 07:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2016-05-11 16:07 - 2016-04-23 07:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2016-05-11 16:07 - 2016-04-23 07:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-05-11 16:07 - 2016-04-23 06:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2016-05-11 16:07 - 2016-04-23 06:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2016-05-11 16:07 - 2016-04-23 06:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll 2016-05-11 16:07 - 2016-04-23 06:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-05-11 16:07 - 2016-04-23 06:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-05-11 16:07 - 2016-04-23 06:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2016-05-11 16:07 - 2016-04-23 06:18 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2016-05-11 16:07 - 2016-04-23 06:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2016-05-11 16:07 - 2016-04-23 06:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2016-05-11 16:07 - 2016-04-23 06:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-05-11 16:07 - 2016-04-23 06:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-05-11 16:07 - 2016-04-23 06:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2016-05-11 16:07 - 2016-04-23 06:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2016-05-11 16:07 - 2016-04-23 06:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-05-11 16:07 - 2016-04-23 06:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-05-11 16:07 - 2016-04-23 06:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-05-11 16:07 - 2016-04-23 06:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2016-05-11 16:07 - 2016-04-23 06:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2016-05-11 16:07 - 2016-04-23 06:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-05-11 16:07 - 2016-04-23 06:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2016-05-11 16:07 - 2016-04-23 06:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-05-11 16:07 - 2016-04-23 06:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2016-05-11 16:07 - 2016-04-23 06:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2016-05-11 16:07 - 2016-04-23 06:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-05-11 16:07 - 2016-04-23 06:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-05-11 16:07 - 2016-04-23 06:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-05-11 16:07 - 2016-04-23 06:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2016-05-11 16:07 - 2016-04-23 06:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2016-05-11 16:07 - 2016-04-23 06:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-05-11 16:07 - 2016-04-23 06:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-05-11 16:07 - 2016-04-23 06:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2016-05-11 16:07 - 2016-04-23 06:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-05-11 16:07 - 2016-04-23 06:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-05-11 16:07 - 2016-04-23 06:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-05-11 16:07 - 2016-04-23 06:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2016-05-11 16:07 - 2016-04-23 06:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-05-11 16:07 - 2016-04-23 06:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2016-05-11 16:07 - 2016-04-23 06:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-05-11 16:07 - 2016-04-23 06:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-05-11 16:07 - 2016-04-23 06:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-05-11 16:07 - 2016-04-23 06:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-05-11 16:07 - 2016-04-23 06:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2016-05-11 16:07 - 2016-04-23 06:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2016-05-11 16:07 - 2016-04-23 06:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-05-11 16:07 - 2016-04-23 06:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2016-05-11 16:07 - 2016-04-23 06:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-05-11 16:07 - 2016-04-23 06:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2016-05-11 16:06 - 2016-05-06 06:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys 2016-05-11 16:06 - 2016-05-06 06:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll 2016-05-11 16:06 - 2016-05-06 06:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2016-05-11 16:06 - 2016-05-06 05:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2016-05-11 16:06 - 2016-05-06 05:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll 2016-05-11 16:06 - 2016-05-06 05:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2016-05-11 16:06 - 2016-05-06 05:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2016-05-11 16:06 - 2016-04-23 08:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-05-11 16:06 - 2016-04-23 07:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2016-05-11 16:06 - 2016-04-23 07:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2016-05-11 16:06 - 2016-04-23 07:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2016-05-11 16:06 - 2016-04-23 07:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-05-11 16:06 - 2016-04-23 07:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-05-11 16:06 - 2016-04-23 07:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2016-05-11 16:06 - 2016-04-23 07:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2016-05-11 16:06 - 2016-04-23 07:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll 2016-05-11 16:06 - 2016-04-23 07:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe 2016-05-11 16:06 - 2016-04-23 07:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2016-05-11 16:06 - 2016-04-23 07:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-05-11 16:06 - 2016-04-23 07:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2016-05-11 16:06 - 2016-04-23 07:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys 2016-05-11 16:06 - 2016-04-23 07:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2016-05-11 16:06 - 2016-04-23 07:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2016-05-11 16:06 - 2016-04-23 07:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-05-11 16:06 - 2016-04-23 07:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-05-11 16:06 - 2016-04-23 07:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-05-11 16:06 - 2016-04-23 07:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2016-05-11 16:06 - 2016-04-23 07:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2016-05-11 16:06 - 2016-04-23 07:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2016-05-11 16:06 - 2016-04-23 07:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2016-05-11 16:06 - 2016-04-23 07:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe 2016-05-11 16:06 - 2016-04-23 07:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2016-05-11 16:06 - 2016-04-23 07:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll 2016-05-11 16:06 - 2016-04-23 07:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll 2016-05-11 16:06 - 2016-04-23 07:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-05-11 16:06 - 2016-04-23 07:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2016-05-11 16:06 - 2016-04-23 07:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-05-11 16:06 - 2016-04-23 07:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2016-05-11 16:06 - 2016-04-23 07:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2016-05-11 16:06 - 2016-04-23 07:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2016-05-11 16:06 - 2016-04-23 07:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll 2016-05-11 16:06 - 2016-04-23 07:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll 2016-05-11 16:06 - 2016-04-23 07:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll 2016-05-11 16:06 - 2016-04-23 06:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2016-05-11 16:06 - 2016-04-23 06:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll 2016-05-11 16:06 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys 2016-05-11 16:06 - 2016-04-23 06:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll 2016-05-11 16:06 - 2016-04-23 06:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2016-05-11 16:06 - 2016-04-23 06:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll 2016-05-11 16:06 - 2016-04-23 06:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2016-05-11 16:06 - 2016-04-23 06:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2016-05-11 16:06 - 2016-04-23 06:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll 2016-05-11 16:06 - 2016-04-23 06:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll 2016-05-11 16:06 - 2016-04-23 06:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2016-05-11 16:06 - 2016-04-23 06:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2016-05-11 16:06 - 2016-04-23 06:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll 2016-05-11 16:06 - 2016-04-23 06:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll 2016-05-11 16:06 - 2016-04-23 06:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2016-05-11 16:06 - 2016-04-23 06:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-05-11 16:06 - 2016-04-23 06:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2016-05-11 16:06 - 2016-04-23 06:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2016-05-11 16:06 - 2016-04-23 06:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2016-05-11 16:06 - 2016-04-23 06:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2016-05-11 16:06 - 2016-04-23 06:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2016-05-11 16:06 - 2016-04-23 06:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll 2016-05-11 16:06 - 2016-04-23 06:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll 2016-05-11 16:06 - 2016-04-23 06:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll 2016-05-11 16:06 - 2016-04-23 06:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-05-11 16:06 - 2016-04-23 06:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-05-11 16:06 - 2016-04-23 06:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2016-05-11 16:06 - 2016-04-23 06:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2016-05-11 16:06 - 2016-04-23 06:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll 2016-05-11 16:06 - 2016-04-23 06:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2016-05-11 16:06 - 2016-04-23 06:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll 2016-05-11 16:06 - 2016-04-23 06:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2016-05-11 16:06 - 2016-04-23 06:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-05-11 16:06 - 2016-04-23 06:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-05-11 16:06 - 2016-04-23 06:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-05-11 16:06 - 2016-04-23 06:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2016-05-11 16:06 - 2016-04-23 06:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-05-11 16:06 - 2016-04-23 06:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2016-05-11 16:06 - 2016-04-23 06:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2016-05-11 16:06 - 2016-04-23 06:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2016-05-11 16:06 - 2016-04-23 06:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2016-05-11 16:06 - 2016-04-23 06:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2016-05-11 16:06 - 2016-04-23 06:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-05-11 16:06 - 2016-04-23 06:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-05-11 16:06 - 2016-04-23 06:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2016-05-11 16:06 - 2016-04-23 06:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2016-05-11 16:06 - 2016-04-23 06:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2016-05-11 16:06 - 2016-04-23 05:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2016-05-11 16:06 - 2016-04-23 04:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2016-05-11 16:05 - 2016-05-06 05:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2016-05-11 16:05 - 2016-04-23 07:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-05-11 16:05 - 2016-04-23 07:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-05-11 16:05 - 2016-04-23 07:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-05-11 16:05 - 2016-04-23 07:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2016-05-11 16:05 - 2016-04-23 06:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll 2016-05-11 16:05 - 2016-04-23 06:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys 2016-05-11 16:05 - 2016-04-23 06:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll 2016-05-11 16:05 - 2016-04-23 06:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2016-05-11 16:05 - 2016-04-23 06:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2016-05-11 16:05 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll 2016-05-11 16:05 - 2016-04-23 06:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe 2016-05-11 16:05 - 2016-04-23 06:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll 2016-05-11 16:05 - 2016-04-23 06:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll 2016-05-11 16:05 - 2016-04-23 06:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-05-11 16:05 - 2016-04-23 06:30 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys 2016-05-11 16:05 - 2016-04-23 06:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2016-05-11 16:05 - 2016-04-23 06:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll 2016-05-11 16:05 - 2016-04-23 06:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys 2016-05-11 16:05 - 2016-04-23 06:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll 2016-05-11 16:05 - 2016-04-23 06:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe 2016-05-11 16:05 - 2016-04-23 06:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2016-05-11 16:05 - 2016-04-23 06:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll 2016-05-11 16:05 - 2016-04-23 06:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-05-11 16:05 - 2016-04-23 06:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll 2016-05-11 16:05 - 2016-04-23 06:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll 2016-05-11 16:05 - 2016-04-23 06:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-05-11 16:05 - 2016-04-23 06:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2016-05-11 16:05 - 2016-04-23 06:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-05-11 16:05 - 2016-04-23 06:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll 2016-05-11 16:05 - 2016-04-23 06:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-05-11 16:05 - 2016-04-23 06:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll 2016-05-11 16:05 - 2016-04-23 06:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll 2016-05-11 16:05 - 2016-04-23 06:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2016-05-11 16:05 - 2016-04-23 06:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll 2016-05-11 16:05 - 2016-04-23 06:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll 2016-05-11 16:05 - 2016-04-23 06:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2016-05-11 16:05 - 2016-04-23 06:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2016-05-11 16:05 - 2016-04-23 06:18 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS 2016-05-11 16:05 - 2016-04-23 06:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll 2016-05-11 16:05 - 2016-04-23 06:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2016-05-11 16:05 - 2016-04-23 06:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2016-05-11 16:05 - 2016-04-23 06:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2016-05-11 16:05 - 2016-04-23 06:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2016-05-11 16:05 - 2016-04-23 06:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2016-05-11 16:05 - 2016-04-23 04:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml 2016-05-11 16:05 - 2016-04-19 00:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml 2016-05-01 18:26 - 2016-05-12 22:38 - 00197104 _____ C:\WINDOWS\ProcessedPackets.KTL 2016-05-01 10:09 - 2016-05-12 22:38 - 00128228 _____ C:\WINDOWS\Control.KTL 2016-04-30 20:16 - 2016-05-15 23:05 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-04-30 20:16 - 2016-05-12 23:05 - 00003916 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2016-04-29 11:11 - 2016-04-29 11:12 - 00281916 _____ C:\WINDOWS\Minidump\042916-24281-01.dmp 2016-04-27 12:47 - 2016-04-27 12:45 - 01010688 _____ C:\Users\Adam\Desktop\nowy_calc_TM.xls 2016-04-19 15:45 - 2016-04-02 05:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-04-19 15:45 - 2016-03-29 12:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-19 15:45 - 2016-03-29 10:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2016-04-19 15:45 - 2016-03-29 10:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2016-04-19 15:45 - 2016-03-29 10:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2016-04-19 15:45 - 2016-03-29 09:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2016-04-19 15:45 - 2016-03-29 09:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2016-04-19 15:45 - 2016-03-29 09:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2016-04-19 15:45 - 2016-03-29 09:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2016-04-19 15:45 - 2016-03-29 08:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-04-19 15:45 - 2016-03-29 08:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-04-19 15:45 - 2016-03-29 08:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-04-19 15:44 - 2016-04-02 06:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2016-04-19 15:44 - 2016-04-02 06:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll 2016-04-19 15:44 - 2016-04-02 06:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2016-04-19 15:44 - 2016-04-02 06:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2016-04-19 15:44 - 2016-04-02 05:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll 2016-04-19 15:44 - 2016-04-02 05:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll 2016-04-19 15:44 - 2016-04-02 05:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-04-19 15:44 - 2016-04-02 05:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll 2016-04-19 15:44 - 2016-03-29 12:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2016-04-19 15:44 - 2016-03-29 12:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-04-19 15:44 - 2016-03-29 12:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-04-19 15:44 - 2016-03-29 12:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-04-19 15:44 - 2016-03-29 12:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-04-19 15:44 - 2016-03-29 12:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-04-19 15:44 - 2016-03-29 12:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll 2016-04-19 15:44 - 2016-03-29 12:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2016-04-19 15:44 - 2016-03-29 12:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2016-04-19 15:44 - 2016-03-29 12:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2016-04-19 15:44 - 2016-03-29 12:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2016-04-19 15:44 - 2016-03-29 11:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2016-04-19 15:44 - 2016-03-29 11:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2016-04-19 15:44 - 2016-03-29 11:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2016-04-19 15:44 - 2016-03-29 11:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys 2016-04-19 15:44 - 2016-03-29 11:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll 2016-04-19 15:44 - 2016-03-29 11:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2016-04-19 15:44 - 2016-03-29 11:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2016-04-19 15:44 - 2016-03-29 11:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2016-04-19 15:44 - 2016-03-29 11:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-04-19 15:44 - 2016-03-29 11:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe 2016-04-19 15:44 - 2016-03-29 11:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll 2016-04-19 15:44 - 2016-03-29 11:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll 2016-04-19 15:44 - 2016-03-29 11:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-04-19 15:44 - 2016-03-29 11:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe 2016-04-19 15:44 - 2016-03-29 11:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll 2016-04-19 15:44 - 2016-03-29 10:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll 2016-04-19 15:44 - 2016-03-29 10:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2016-04-19 15:44 - 2016-03-29 10:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2016-04-19 15:44 - 2016-03-29 10:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll 2016-04-19 15:44 - 2016-03-29 10:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll 2016-04-19 15:44 - 2016-03-29 10:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-04-19 15:44 - 2016-03-29 10:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll 2016-04-19 15:44 - 2016-03-29 10:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2016-04-19 15:44 - 2016-03-29 10:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys 2016-04-19 15:44 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll 2016-04-19 15:44 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll 2016-04-19 15:44 - 2016-03-29 10:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll 2016-04-19 15:44 - 2016-03-29 10:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll 2016-04-19 15:44 - 2016-03-29 10:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll 2016-04-19 15:44 - 2016-03-29 10:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2016-04-19 15:44 - 2016-03-29 10:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe 2016-04-19 15:44 - 2016-03-29 10:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll 2016-04-19 15:44 - 2016-03-29 09:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe 2016-04-19 15:44 - 2016-03-29 09:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2016-04-19 15:44 - 2016-03-29 09:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-04-19 15:44 - 2016-03-29 09:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2016-04-19 15:44 - 2016-03-29 09:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll 2016-04-19 15:44 - 2016-03-29 09:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys 2016-04-19 15:44 - 2016-03-29 09:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll 2016-04-19 15:44 - 2016-03-29 09:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll 2016-04-19 15:44 - 2016-03-29 09:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll 2016-04-19 15:44 - 2016-03-29 09:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe 2016-04-19 15:44 - 2016-03-29 09:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys 2016-04-19 15:44 - 2016-03-29 09:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll 2016-04-19 15:44 - 2016-03-29 09:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll 2016-04-19 15:44 - 2016-03-29 09:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll 2016-04-19 15:44 - 2016-03-29 09:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2016-04-19 15:44 - 2016-03-29 09:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll 2016-04-19 15:44 - 2016-03-29 09:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll 2016-04-19 15:44 - 2016-03-29 09:49 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys 2016-04-19 15:44 - 2016-03-29 09:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2016-04-19 15:44 - 2016-03-29 09:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll 2016-04-19 15:44 - 2016-03-29 09:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll 2016-04-19 15:44 - 2016-03-29 09:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll 2016-04-19 15:44 - 2016-03-29 09:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-04-19 15:44 - 2016-03-29 09:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2016-04-19 15:44 - 2016-03-29 09:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2016-04-19 15:44 - 2016-03-29 09:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll 2016-04-19 15:44 - 2016-03-29 09:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll 2016-04-19 15:44 - 2016-03-29 09:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2016-04-19 15:44 - 2016-03-29 09:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys 2016-04-19 15:44 - 2016-03-29 09:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2016-04-19 15:44 - 2016-03-29 09:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll 2016-04-19 15:44 - 2016-03-29 09:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2016-04-19 15:44 - 2016-03-29 09:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll 2016-04-19 15:44 - 2016-03-29 09:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll 2016-04-19 15:44 - 2016-03-29 09:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2016-04-19 15:44 - 2016-03-29 09:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2016-04-19 15:44 - 2016-03-29 09:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll 2016-04-19 15:44 - 2016-03-29 09:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll 2016-04-19 15:44 - 2016-03-29 09:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2016-04-19 15:44 - 2016-03-29 09:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2016-04-19 15:44 - 2016-03-29 09:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll 2016-04-19 15:44 - 2016-03-29 09:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll 2016-04-19 15:44 - 2016-03-29 09:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll 2016-04-19 15:44 - 2016-03-29 09:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2016-04-19 15:44 - 2016-03-29 09:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2016-04-19 15:44 - 2016-03-29 09:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll 2016-04-19 15:44 - 2016-03-29 09:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll 2016-04-19 15:44 - 2016-03-29 09:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2016-04-19 15:44 - 2016-03-29 09:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2016-04-19 15:44 - 2016-03-29 09:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2016-04-19 15:44 - 2016-03-29 09:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2016-04-19 15:44 - 2016-03-29 09:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2016-04-19 15:44 - 2016-03-29 09:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2016-04-19 15:44 - 2016-03-29 09:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2016-04-19 15:44 - 2016-03-29 09:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2016-04-19 15:44 - 2016-03-29 09:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2016-04-19 15:44 - 2016-03-29 09:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-04-19 15:44 - 2016-03-29 09:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2016-04-19 15:44 - 2016-03-29 09:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll 2016-04-19 15:44 - 2016-03-29 09:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll 2016-04-19 15:44 - 2016-03-29 09:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll 2016-04-19 15:44 - 2016-03-29 09:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll 2016-04-19 15:44 - 2016-03-29 09:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2016-04-19 15:44 - 2016-03-29 09:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll 2016-04-19 15:44 - 2016-03-29 09:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2016-04-19 15:44 - 2016-03-29 09:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2016-04-19 15:44 - 2016-03-29 09:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe 2016-04-19 15:44 - 2016-03-29 09:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2016-04-19 15:44 - 2016-03-29 09:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll 2016-04-19 15:44 - 2016-03-29 09:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll 2016-04-19 15:44 - 2016-03-29 09:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys 2016-04-19 15:44 - 2016-03-29 09:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll 2016-04-19 15:44 - 2016-03-29 09:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2016-04-19 15:44 - 2016-03-29 09:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll 2016-04-19 15:44 - 2016-03-29 09:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll 2016-04-19 15:44 - 2016-03-29 09:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2016-04-19 15:44 - 2016-03-29 08:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2016-04-19 15:44 - 2016-03-29 08:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe 2016-04-19 15:44 - 2016-03-29 08:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2016-04-19 15:44 - 2016-03-29 08:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-04-19 15:44 - 2016-03-29 08:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll 2016-04-19 15:44 - 2016-03-29 08:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll 2016-04-19 15:44 - 2016-03-29 08:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll 2016-04-19 15:44 - 2016-03-29 08:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll 2016-04-19 15:44 - 2016-03-29 08:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll 2016-04-19 15:44 - 2016-03-29 08:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll 2016-04-19 15:44 - 2016-03-29 08:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll 2016-04-19 15:44 - 2016-03-29 08:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll 2016-04-19 15:44 - 2016-03-29 08:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2016-04-19 15:44 - 2016-03-29 08:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll 2016-04-19 15:44 - 2016-03-29 08:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll 2016-04-19 15:44 - 2016-03-29 08:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll 2016-04-19 15:44 - 2016-03-29 08:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2016-04-19 15:44 - 2016-03-29 08:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2016-04-19 15:44 - 2016-03-29 08:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2016-04-19 15:44 - 2016-03-29 08:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2016-04-19 15:44 - 2016-03-29 08:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2016-04-19 15:44 - 2016-03-29 08:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2016-04-19 15:44 - 2016-03-29 08:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2016-04-19 15:44 - 2016-03-29 08:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2016-04-19 15:44 - 2016-03-29 08:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2016-04-19 15:44 - 2016-03-29 08:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll 2016-04-19 15:44 - 2016-03-29 08:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll 2016-04-19 15:44 - 2016-03-29 08:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2016-04-19 15:44 - 2016-03-29 08:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2016-04-19 15:44 - 2016-03-29 08:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll 2016-04-19 15:44 - 2016-03-29 08:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2016-04-19 15:44 - 2016-03-29 08:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2016-04-19 15:44 - 2016-03-29 08:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll 2016-04-19 15:44 - 2016-03-29 08:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll 2016-04-19 15:44 - 2016-03-29 08:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2016-04-19 15:44 - 2016-03-29 08:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll 2016-04-19 15:44 - 2016-03-29 08:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2016-04-19 15:44 - 2016-03-29 08:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll 2016-04-19 15:44 - 2016-03-29 08:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2016-04-19 15:44 - 2016-03-29 08:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll 2016-04-19 15:44 - 2016-03-29 08:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll 2016-04-19 15:44 - 2016-03-29 08:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-04-19 15:44 - 2016-03-29 08:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-04-19 15:44 - 2016-03-29 08:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll 2016-04-19 15:44 - 2016-03-29 08:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll 2016-04-19 15:44 - 2016-03-29 08:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2016-04-19 15:44 - 2016-03-29 08:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2016-04-19 15:44 - 2016-03-29 08:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll 2016-04-19 15:44 - 2016-03-29 08:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll 2016-04-19 15:44 - 2016-03-29 08:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll 2016-04-19 15:44 - 2016-03-29 08:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2016-04-19 15:44 - 2016-03-29 07:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-04-19 15:44 - 2016-03-29 07:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2016-04-19 15:44 - 2016-03-29 07:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll 2016-04-19 15:44 - 2016-03-29 07:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-04-19 15:44 - 2016-03-29 07:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll 2016-04-19 15:44 - 2016-03-29 07:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-04-19 15:44 - 2016-03-29 07:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2016-04-19 15:44 - 2016-03-29 07:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll 2016-04-19 15:44 - 2016-03-29 07:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll 2016-04-19 15:44 - 2016-03-29 07:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2016-04-19 15:44 - 2016-03-29 07:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll 2016-04-19 15:44 - 2016-03-29 07:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL 2016-04-19 15:44 - 2016-03-29 07:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll 2016-04-19 15:44 - 2016-03-29 07:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL 2016-04-19 15:44 - 2016-03-29 07:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll 2016-04-17 20:59 - 2016-05-14 14:06 - 00000596 _____ C:\Users\Adam\Desktop\cykl.txt ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-05-15 23:55 - 2015-11-09 00:08 - 00000000 ____D C:\FRST 2016-05-15 23:44 - 2015-08-06 10:10 - 00000000 ___RD C:\Users\Adam\OneDrive 2016-05-15 23:43 - 2016-01-31 12:09 - 00001068 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-15 23:43 - 2014-05-16 11:14 - 833163264 ___SH C:\WINDOWS\lenovo_fastboot.img 2016-05-15 23:42 - 2015-08-06 10:07 - 00000000 __SHD C:\Users\Adam\IntelGraphicsProfiles 2016-05-15 23:41 - 2015-11-19 15:23 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-05-15 23:40 - 2015-12-16 14:53 - 00000000 ____D C:\WINDOWS\Minidump 2016-05-15 23:40 - 2015-11-19 15:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-05-15 23:40 - 2015-11-19 15:22 - 00000000 ____D C:\ProgramData\Validity 2016-05-15 23:40 - 2014-05-16 10:25 - 00196551 ____N C:\WINDOWS\Minidump\051516-18671-01.dmp 2016-05-15 23:28 - 2016-01-31 12:09 - 00001072 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-15 22:15 - 2014-11-27 00:46 - 00000000 ____D C:\Users\Adam\AppData\LocalLow\Temp 2016-05-15 21:25 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-05-15 21:17 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF 2016-05-15 20:30 - 2015-10-30 21:19 - 00818302 _____ C:\WINDOWS\system32\perfh015.dat 2016-05-15 20:30 - 2015-10-30 21:19 - 00157970 _____ C:\WINDOWS\system32\perfc015.dat 2016-05-15 20:30 - 2015-08-06 09:51 - 01845594 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-05-15 20:29 - 2015-02-09 15:57 - 00000000 ____D C:\ProgramData\DatacardService 2016-05-15 18:12 - 2014-07-17 23:49 - 00004202 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8E1D0878-E5DB-4924-BDA0-3028CE274BD3} 2016-05-15 10:39 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-05-15 10:14 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-05-15 10:07 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-05-15 00:42 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache 2016-05-15 00:05 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-05-14 23:57 - 2014-07-18 23:48 - 00007657 _____ C:\Users\Adam\AppData\Local\Resmon.ResmonCfg 2016-05-14 18:46 - 2015-02-04 19:35 - 00000000 ____D C:\Users\Adam\AppData\Roaming\OpenOffice.org2 2016-05-14 18:38 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-05-14 17:44 - 2015-12-17 00:01 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2016-05-14 17:40 - 2016-03-20 00:24 - 00004072 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458426270 2016-05-14 17:40 - 2016-03-20 00:24 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-05-14 17:17 - 2015-11-24 11:18 - 00000000 ____D C:\Users\Adam\AppData\Local\ElevatedDiagnostics 2016-05-14 17:10 - 2015-03-22 12:57 - 00000000 ____D C:\Users\Adam\AppData\Local\CrashDumps 2016-05-14 16:07 - 2016-03-20 00:24 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2016-05-14 16:07 - 2015-12-17 00:01 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2016-05-14 16:07 - 2015-12-17 00:01 - 00465792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2016-05-14 16:07 - 2015-12-17 00:01 - 00287528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2016-05-14 16:07 - 2015-12-17 00:01 - 00166432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2016-05-14 16:07 - 2015-12-17 00:01 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2016-05-14 16:07 - 2015-12-17 00:01 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2016-05-14 16:07 - 2015-12-17 00:01 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2016-05-14 16:07 - 2015-12-17 00:01 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2016-05-14 12:11 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\ModemLogs 2016-05-13 15:07 - 2015-04-19 12:56 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-05-13 11:37 - 2014-07-17 22:51 - 00000000 ____D C:\Users\Adam\AppData\Local\Packages 2016-05-13 10:29 - 2016-01-31 12:09 - 00002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-13 09:52 - 2015-06-01 17:50 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-05-13 09:52 - 2015-06-01 17:49 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-05-13 00:28 - 2015-11-19 15:28 - 00000000 ____D C:\Users\Adam 2016-05-12 23:05 - 2015-12-08 23:29 - 05995712 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2016-05-12 22:38 - 2016-02-07 12:09 - 05761145 _____ C:\WINDOWS\NGIPacket.KTL 2016-05-12 22:38 - 2016-02-07 12:09 - 00288104 _____ C:\WINDOWS\SentOSPackets.KTL 2016-05-12 22:38 - 2015-08-06 10:27 - 00293088 _____ C:\WINDOWS\NGIControl.KTL 2016-05-12 15:10 - 2014-07-17 22:49 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-05-12 15:06 - 2016-04-12 23:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-05-12 15:06 - 2014-07-18 00:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-05-12 00:10 - 2015-10-30 21:23 - 00000000 ____D C:\Program Files\Windows Journal 2016-05-12 00:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-05-12 00:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-05-12 00:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning 2016-05-12 00:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-05-12 00:09 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2016-05-11 21:57 - 2015-10-30 09:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-05-11 21:57 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-11 17:45 - 2015-11-19 15:23 - 00000000 ____D C:\ProgramData\Lenovo 2016-05-11 16:49 - 2014-07-18 12:07 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-05-11 16:38 - 2014-07-18 12:07 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-05-10 23:22 - 2016-01-31 12:09 - 00004130 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-10 23:22 - 2016-01-31 12:09 - 00003898 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-01 13:07 - 2014-09-07 00:15 - 00000000 ____D C:\Program Files (x86)\Steam 2016-05-01 00:46 - 2015-12-04 02:21 - 00000000 ____D C:\Users\Adam\Desktop\TM 2016-04-30 20:22 - 2014-07-18 00:06 - 00001195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-04-30 20:16 - 2015-03-22 02:41 - 00000000 ____D C:\Users\Adam\AppData\Local\Adobe 2016-04-30 09:39 - 2014-05-16 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo 2016-04-29 11:11 - 2015-12-16 14:53 - 687374111 _____ C:\WINDOWS\MEMORY.DMP 2016-04-27 23:33 - 2015-11-19 15:18 - 00369736 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-04-27 17:18 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-04-27 17:18 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2016-04-27 14:40 - 2015-04-19 12:56 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Skype 2016-04-27 12:26 - 2015-09-26 11:18 - 00000000 ____D C:\Users\Adam\.oracle_jre_usage 2016-04-27 12:26 - 2015-06-17 11:33 - 00000000 ____D C:\ProgramData\Oracle 2016-04-22 22:33 - 2015-08-06 10:10 - 00002449 _____ C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-04-15 23:23 - 2014-07-17 22:52 - 00000000 ____D C:\Users\Adam\AppData\Local\Lenovo 2016-04-15 23:23 - 2014-05-16 11:11 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo 2016-04-15 23:23 - 2014-05-16 10:42 - 00000000 ____D C:\Program Files (x86)\Lenovo ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-03-21 16:22 - 2015-08-06 08:47 - 0333528 _____ () C:\Users\Adam\AppData\Local\BTServer.log 2014-07-17 22:52 - 2014-07-17 20:58 - 0000193 _____ () C:\Users\Adam\AppData\Local\RegisteredPackageInformation.xml 2014-07-18 23:48 - 2016-05-14 23:57 - 0007657 _____ () C:\Users\Adam\AppData\Local\Resmon.ResmonCfg 2015-11-19 15:24 - 2015-11-19 15:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-05-16 11:21 - 2014-05-16 11:21 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log 2014-05-16 11:18 - 2014-05-16 11:19 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2014-05-16 11:19 - 2014-05-16 11:20 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log 2014-05-16 11:20 - 2014-05-16 11:21 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log Pliki do przeniesienia lub usunięcia: ==================== C:\Users\Public\VOIP.dat ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-05-08 20:26 ==================== Koniec FRST.txt ============================

**Posty:** 4765 · przez **ordynat** 16 Maj 2016, 07:15

W tych nowych logach nie ma już żadnych oznak infekcji.

Kosmetyka:
Otwórz Notatnik i wklej w nim:

Task: {64244DBC-6DE7-4F14-BE81-37248FA11C1F} - System32\Tasks\{706BA7C7-D22E-4173-B434-70E9C6C03A0D} => pcalua.exe -a "C:\Program Files (x86)\T-Mobile\InternetManager_H\uninst.exe"
C:\Users\Public\VOIP.dat
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).
.