Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RegSvcs.exe Infection


  • This topic is locked This topic is locked
5 replies to this topic

#1 pejakk

pejakk

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 07 February 2017 - 08:46 AM

Hello, First of all I want to say I'm new at the forum and want to apologize if my English language is misleading.

Okay, so from about two days I'm struggling with weird behavior on my laptop. Whenever my Windows completely loads or encounter my inactivity and also on other random events the antivirus reporting that there are some kind of Trojan in random-access memory >> RegSvcs.exe called NanoCore / Injector.FCD that get removed which is wrong. There aren't any bad signs apart from that the RegSvcs process is still running and take from 130-200MB of RAM and of course those random alerts from antivirus. Is there something should be worried about? I will appreciate all your help.

 

Also I have attached picture of what alerts ESET NOD32 gives me and Addition.txt

 

FRST.txt log

 

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 05-02-2017
Uruchomiony przez Admin (administrator)  L850-1N3 (07-02-2017 14:38:50)
Uruchomiony z C:\Users\Admin\Desktop
Załadowane profile: Admin (Dostępne profile: Admin)
Platform: Windows 8.1 Pro (Update) (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Big Muscle) C:\AeroGlass\aerohost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe

==================== Rejestr (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [TNOD UP] => C:\Program Files\ESET\TNod\TNODUP.exe [6729728 2016-11-19] (Tukero[X]Team)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-01-11] (Realtek Semiconductor)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== UWAGA
HKU\S-1-5-21-2345393507-1297792505-1352856717-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4015216 2017-01-26] (Tonec Inc.)
HKU\S-1-5-21-2345393507-1297792505-1352856717-1001\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-2345393507-1297792505-1352856717-1001\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-2345393507-1297792505-1352856717-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-2345393507-1297792505-1352856717-1001\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-2345393507-1297792505-1352856717-1001\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-2345393507-1297792505-1352856717-1001\...\MountPoints2: {57ea1c21-9556-11e6-82fe-20689de28d9a} - "H:\vs_enterprise.exe"
HKU\S-1-5-21-2345393507-1297792505-1352856717-1001\...\MountPoints2: {57ea1e7b-9556-11e6-82fe-20689de28d9a} - "I:\vs_enterprise.exe"
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
GroupPolicy: Ograniczenia <======= UWAGA
GroupPolicy\User: Ograniczenia <======= UWAGA
GroupPolicyScripts: Ograniczenia <======= UWAGA

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63
Tcpip\..\Interfaces\{1C9C9E33-EE56-4B1F-914E-37902323E6AB}: [DhcpNameServer] 62.179.1.62 62.179.1.63

Internet Explorer:
==================
HKU\S-1-5-21-2345393507-1297792505-1352856717-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\S-1-5-21-2345393507-1297792505-1352856717-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: Brak nazwy -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Windows\system32\OldNewExplorer64.dll [2015-08-09] (www.startisback.com)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-18] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-18] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-18] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
BHO-x32: Microsoft Web Test Recorder 14.0 Helper -> {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} -> D:\Downloads\Programming\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2015-07-06] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-18] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-10-01] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 7xe0bkmp.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xe0bkmp.default [2017-02-07]
FF Extension: (United States English Spellchecker) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xe0bkmp.default\Extensions\en-US@dictionaries.addons.mozilla.org [2017-02-07]
FF Extension: (FireGestures) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xe0bkmp.default\Extensions\firegestures@xuldev.org.xpi [2017-01-08]
FF Extension: (Session Manager) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xe0bkmp.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-01-31]
FF Extension: (Adblock Plus) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xe0bkmp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-01-10]
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF HKU\S-1-5-21-2345393507-1297792505-1352856717-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2345393507-1297792505-1352856717-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5 [2017-02-07] [Brak podpisu cyfrowego]
FF HKU\S-1-5-21-2345393507-1297792505-1352856717-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2345393507-1297792505-1352856717-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2017-02-06]
CHR Extension: (Prezentacje Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-09]
CHR Extension: (Dokumenty Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-09]
CHR Extension: (Dysk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-09]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-09]
CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Adobe Acrobat) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-01]
CHR Extension: (Arkusze Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-09]
CHR Extension: (IDM Integration Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-12-12]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-22]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-09]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-01]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-01-26]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-01-26]

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3697352 2017-01-29] (Microsoft Corporation)
S3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe [1446592 2017-02-02] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2815520 2016-10-11] (ESET)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [Brak podpisu cyfrowego]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [Brak podpisu cyfrowego]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2015-02-05] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Brak podpisu cyfrowego]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Brak podpisu cyfrowego]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [320512 2017-01-11] (Realtek Semiconductor)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [Brak podpisu cyfrowego]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH) [Brak podpisu cyfrowego]
S3 VSStandardCollectorService140; D:\Downloads\Programming\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2016-04-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2016-04-25] (Microsoft Corporation)
S2 AGSService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23240 2016-02-26] (Advanced Micro Devices, Inc.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102400 2016-02-26] (Advanced Micro Devices)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
R3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30264 2016-07-09] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [232072 2016-10-13] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15488 2016-08-16] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [177792 2016-10-13] (ESET)
R1 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [67712 2016-10-13] (ESET)
S3 GeneStor; C:\Windows\system32\DRIVERS\GeneStor.sys [130648 2016-08-22] (GenesysLogic)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [777944 2016-01-13] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realsil Semiconductor Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics Co., Ltd.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2016-04-04] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2016-04-25] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2016-04-25] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2016-04-25] (Microsoft Corporation)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2016-05-04] (wisecleaner.com)
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-02-07 14:38 - 2017-02-07 14:39 - 00023685 _____ C:\Users\Admin\Desktop\FRST.txt
2017-02-07 14:38 - 2017-02-07 14:38 - 00000000 ____D C:\FRST
2017-02-07 14:38 - 2017-02-07 14:37 - 02421248 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2017-02-06 21:48 - 2016-04-25 19:26 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll.bak
2017-02-06 21:48 - 2016-04-25 19:26 - 00483328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll.bak
2017-02-06 21:48 - 2014-11-21 05:59 - 03307112 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll.bak
2017-02-06 21:48 - 2014-11-21 05:59 - 02890296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll.bak
2017-02-06 21:48 - 2014-11-21 05:59 - 01843712 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe.bak
2017-02-06 21:48 - 2014-11-21 05:59 - 01478144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe.bak
2017-02-06 21:48 - 2014-11-21 05:59 - 00821696 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll.bak
2017-02-06 21:48 - 2014-11-21 05:59 - 00705008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll.bak
2017-02-06 21:48 - 2014-03-18 05:06 - 01757184 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2017-02-06 21:48 - 2014-03-18 05:06 - 01392640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe
2017-02-06 21:47 - 2017-02-06 21:47 - 00000000 ____D C:\Program Files\Shark007
2017-02-06 21:47 - 2016-05-08 04:19 - 03642880 _____ (x264vfw project) C:\Windows\system32\x264vfw.dll
2017-02-06 21:47 - 2015-05-03 20:49 - 02034176 _____ (xy-VSFilter Team) C:\Windows\system32\VSFilter.dll
2017-02-06 21:47 - 2015-03-04 19:45 - 00260184 _____ C:\Windows\system32\unrar.dll
2017-02-06 21:47 - 2013-04-06 08:26 - 01679360 _____ C:\Windows\SysWOW64\ac3filter.acm.new
2017-02-06 21:47 - 2013-04-05 23:27 - 02231296 _____ C:\Windows\system32\ac3filter.acm.new
2017-02-06 21:47 - 2013-04-05 23:27 - 02231296 _____ C:\Windows\system32\ac3filter.acm
2017-02-06 21:47 - 2013-04-05 23:27 - 00324608 _____ (IntelleSoft) C:\Windows\system32\BugTrap-x64.dll
2017-02-06 21:47 - 2009-08-11 20:22 - 00580096 _____ C:\Windows\system32\ac3filter.acm.old
2017-02-06 21:47 - 2009-01-23 00:51 - 00124909 _____ (Open Source Software community project) C:\Windows\system32\pthreadGC2.dll
2017-02-06 21:46 - 2017-02-06 21:47 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Advanced
2017-02-06 21:46 - 2017-02-06 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs
2017-02-06 21:46 - 2017-02-06 21:46 - 00000000 ____D C:\Program Files (x86)\Shark007
2017-02-06 16:02 - 2017-02-06 16:03 - 00001194 _____ C:\Users\Admin\Desktop\Adobe Animate CC 2017.lnk
2017-02-06 15:47 - 2017-02-06 16:03 - 00001200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Adobe Animate CC 2017.lnk
2017-02-06 15:47 - 2016-11-19 12:35 - 00000000 ____D C:\ProgramData\Adobe
2017-02-06 15:08 - 2017-02-06 15:08 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign8b1513b1c898d6fa
2017-02-06 15:08 - 2017-02-06 15:08 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign0de8d4ad1c428af2
2017-02-06 15:07 - 2017-02-06 15:07 - 00000033 _____ C:\Users\Admin\AppData\Roaming\AdobeWLCMCache.dat
2017-02-06 15:06 - 2017-02-06 15:06 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignc5bcb9d16b99b899
2017-02-06 15:06 - 2017-02-06 15:06 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign9d411698d706a3a8
2017-02-06 15:06 - 2017-02-06 15:06 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign4cf40704988f14ef
2017-02-06 15:04 - 2017-02-07 14:13 - 00001112 _____ C:\Users\Admin\Desktop\Adobe Photoshop CC 2017.lnk
2017-02-06 14:56 - 2017-02-06 14:56 - 00001080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk
2017-02-06 14:52 - 2017-02-07 14:13 - 00001575 _____ C:\Users\Admin\Desktop\Adobe Illustrator CC 2017.lnk
2017-02-06 14:52 - 2017-02-06 14:52 - 00001537 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Adobe Illustrator CC 2017.lnk
2017-02-06 14:45 - 2017-02-06 15:47 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-02-06 14:41 - 2017-02-06 15:44 - 00000000 ____D C:\Program Files\Adobe
2017-02-06 14:09 - 2017-02-06 14:09 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsigncc21588494d3b9c1
2017-02-06 14:09 - 2017-02-06 14:09 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign61d4645f7e4dfc63
2017-02-05 19:19 - 2017-02-07 13:55 - 00000000 ____D C:\Users\Admin\AppData\Roaming\FFC48928-6020-48B1-A0A2-06267930057F
2017-02-05 19:19 - 2017-02-05 19:19 - 00003566 _____ C:\Windows\System32\Tasks\gtctk
2017-02-05 19:19 - 2017-02-05 19:19 - 00000000 __SHD C:\Users\Admin\gtctk
2017-02-05 19:19 - 2017-02-05 19:19 - 00000000 ____D C:\Program Files (x86)\Adobe Systems Incorporated
2017-02-05 19:19 - 2013-08-10 01:54 - 00045128 ___SH (Microsoft Corporation) C:\Users\Admin\RegSvcs.exe
2017-02-05 18:47 - 2017-02-07 14:13 - 00001799 _____ C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
2017-02-05 18:47 - 2017-02-05 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
2017-02-01 12:57 - 2017-02-01 12:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\MPC-BE
2017-02-01 12:57 - 2017-02-01 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-BE x64
2017-02-01 12:57 - 2017-02-01 12:57 - 00000000 ____D C:\Program Files\MPC-BE x64
2017-02-01 12:37 - 2017-02-01 12:37 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-01-29 00:54 - 2017-01-29 00:55 - 00000000 __HDC C:\ProgramData\{26D50850-6D69-43FC-9849-A295F57119F5}
2017-01-26 15:41 - 2016-10-17 16:35 - 00223464 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2017-01-25 16:44 - 2017-01-25 16:44 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2015 Tools for Unity
2017-01-25 16:44 - 2017-01-25 16:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity
2017-01-25 16:32 - 2017-01-25 16:32 - 00000825 _____ C:\Users\Public\Desktop\Unity 5.5.1f1 (64-bit).lnk
2017-01-25 16:32 - 2017-01-25 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.5.1f1 (64-bit)
2017-01-25 16:26 - 2017-01-16 07:26 - 00165504 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
2017-01-25 16:26 - 2017-01-16 07:26 - 00131712 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus.sys
2017-01-25 16:05 - 2017-01-25 16:05 - 00001775 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-25 16:05 - 2017-01-25 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-25 16:04 - 2017-01-25 16:05 - 00000000 ____D C:\Program Files\iTunes
2017-01-25 16:04 - 2017-01-25 16:04 - 00000000 ____D C:\Program Files\iPod
2017-01-25 00:06 - 2017-01-25 00:06 - 00003180 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2345393507-1297792505-1352856717-1001
2017-01-25 00:06 - 2017-01-25 00:06 - 00003172 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-25 00:06 - 2017-01-25 00:06 - 00002352 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive dla Firm.lnk
2017-01-22 11:28 - 2017-01-22 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisableStartup
2017-01-22 11:23 - 2017-01-22 11:23 - 00000000 ____D C:\ProgramData\WEBREG
2017-01-22 11:22 - 2017-01-22 11:23 - 00000000 ____D C:\Users\Admin\AppData\Roaming\HP
2017-01-22 11:22 - 2017-01-22 11:22 - 00000000 ____D C:\Users\Admin\AppData\Local\HP
2017-01-22 11:03 - 2017-01-22 11:03 - 00000000 ____D C:\Users\Admin\AppData\Roaming\HpUpdate
2017-01-22 11:02 - 2017-01-22 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-01-22 11:02 - 2017-01-22 11:02 - 00000000 ____D C:\Windows\SysWOW64\spool
2017-01-22 11:00 - 2017-01-22 14:14 - 00000000 ____D C:\Program Files (x86)\HP
2017-01-21 12:22 - 2017-01-21 12:22 - 00002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-01-18 23:20 - 2017-01-18 23:20 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2017-01-18 23:20 - 2017-01-11 11:38 - 09124224 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2017-01-18 23:20 - 2017-01-11 11:38 - 05545472 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2017-01-18 23:20 - 2017-01-11 11:38 - 03503048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2017-01-18 23:20 - 2017-01-11 11:38 - 03410832 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2017-01-18 23:20 - 2017-01-11 11:38 - 03203584 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2017-01-18 23:20 - 2017-01-11 11:38 - 03203424 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2017-01-18 23:20 - 2017-01-11 11:38 - 03122656 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2017-01-18 23:20 - 2017-01-11 11:38 - 03014144 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2017-01-18 23:20 - 2017-01-11 11:38 - 01382232 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2017-01-18 23:20 - 2017-01-11 11:38 - 01353824 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2017-01-18 23:20 - 2017-01-11 11:38 - 00984912 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2017-01-18 23:20 - 2017-01-11 11:38 - 00873464 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2017-01-18 23:20 - 2017-01-11 11:38 - 00689880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2017-01-18 23:20 - 2017-01-11 11:38 - 00387312 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2017-01-18 23:20 - 2017-01-11 11:38 - 00343704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2017-01-18 23:20 - 2017-01-11 11:38 - 00321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2017-01-18 23:20 - 2017-01-11 11:38 - 00321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2017-01-18 23:20 - 2017-01-11 11:38 - 00214832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2017-01-18 23:20 - 2017-01-11 11:38 - 00192976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2017-01-18 23:20 - 2017-01-11 11:38 - 00158696 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2017-01-18 23:20 - 2017-01-11 11:38 - 00110984 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2017-01-18 23:20 - 2017-01-11 11:38 - 00088344 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2017-01-18 23:20 - 2017-01-11 11:38 - 00075536 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2017-01-18 23:20 - 2017-01-11 11:38 - 00023688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2017-01-18 23:19 - 2017-01-11 11:38 - 02201600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2017-01-18 23:19 - 2017-01-11 11:37 - 03302272 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2017-01-18 23:19 - 2017-01-11 11:37 - 01615656 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2017-01-18 23:19 - 2017-01-11 11:37 - 01529136 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64Proxy.dll
2017-01-18 23:19 - 2017-01-11 11:37 - 00574752 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2017-01-18 23:19 - 2017-01-11 11:37 - 00122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2017-01-18 23:19 - 2017-01-11 11:37 - 00118592 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2017-01-18 00:41 - 2017-01-18 00:41 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-01-18 00:41 - 2017-01-18 00:38 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-01-18 00:39 - 2017-01-18 00:40 - 00000000 ____D C:\Program Files\Java
2017-01-18 00:38 - 2017-01-18 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-18 00:37 - 2017-01-18 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-01-18 00:36 - 2017-01-18 00:37 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-15 16:26 - 2017-01-15 16:26 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign8f34309d63e56945
2017-01-15 16:24 - 2017-01-15 16:24 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignf2e185f69e399072
2017-01-15 16:24 - 2017-01-15 16:24 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign85d110372871d3a0
2017-01-15 16:24 - 2017-01-15 16:24 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign5cb80caf68cebe6e
2017-01-15 11:26 - 2017-01-15 11:26 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ESET
2017-01-11 23:20 - 2017-01-11 23:20 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign8b4f855a602cdb87
2017-01-11 23:20 - 2017-01-11 23:20 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign6c5de41848366ce6
2017-01-11 22:43 - 2017-01-11 22:43 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsigne144b62aef6a2e68
2017-01-11 22:30 - 2017-01-11 22:30 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign548ec6a2f5736ef8
2017-01-11 22:29 - 2017-01-11 22:29 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsigncfcea65b5228f846
2017-01-11 21:53 - 2017-01-11 21:53 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignacd499174c432c8c
2017-01-11 21:53 - 2017-01-11 21:53 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign7c62ff99e145aa26
2017-01-11 21:53 - 2017-01-11 21:53 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign594d6957dcc6e006
2017-01-11 21:53 - 2017-01-11 21:53 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign4891cd73f0f14766
2017-01-11 21:53 - 2017-01-11 21:53 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign04f14f68165ac0c6
2017-01-11 21:14 - 2017-01-11 21:14 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignad02aada60c85b68
2017-01-11 21:14 - 2017-01-11 21:14 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign40248a0ccfee408f
2017-01-11 21:14 - 2017-01-11 21:14 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign1a7f7d33c6dec512
2017-01-11 20:56 - 2017-01-11 20:56 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsigna4dda140dda26957
2017-01-11 20:56 - 2017-01-11 20:56 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign95e81550e3182480
2017-01-11 20:53 - 2017-01-11 20:53 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignbc7b5dfc4c0bf3a6
2017-01-11 20:52 - 2017-01-11 20:52 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign9b944e3268ec0985
2017-01-11 20:52 - 2017-01-11 20:52 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign1c1cd75fd1c4a92b
2017-01-11 14:03 - 2017-01-11 14:03 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsigna1318484eeab6deb
2017-01-11 14:03 - 2017-01-11 14:03 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign5deea31ddb3fe21d
2017-01-11 14:03 - 2017-01-11 14:03 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign13d9ddfb752b4098
2017-01-11 14:01 - 2017-01-11 14:01 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignd94cc7bfc9ff9f77
2017-01-11 14:01 - 2017-01-11 14:01 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign9e28565c01c9f76f
2017-01-11 13:33 - 2016-12-22 23:42 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-11 13:33 - 2016-12-22 23:42 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 22:02 - 2017-01-10 22:02 - 00002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2017-01-10 22:01 - 2017-01-10 22:01 - 00002179 _____ C:\Users\Admin\Desktop\Atom.lnk
2017-01-10 21:40 - 2017-01-10 21:40 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign5915e62645c3c947
2017-01-10 21:40 - 2017-01-10 21:40 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign44db045f27c6b035
2017-01-10 20:16 - 2017-01-10 20:16 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignadb66c1eb102852e
2017-01-10 20:16 - 2017-01-10 20:16 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign74c6e2fb3f50a1fb
2017-01-10 20:16 - 2017-01-10 20:16 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign4e0140d390a09e41
2017-01-10 20:15 - 2017-01-10 20:15 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsigndf57f3eb701453d0
2017-01-10 20:15 - 2017-01-10 20:15 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignc6db25e3bf5e0be9
2017-01-10 20:15 - 2017-01-10 20:15 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign24efcf5847bf12d9
2017-01-10 20:14 - 2017-01-10 20:14 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsigna5e7bd61e6094628
2017-01-10 20:13 - 2017-01-10 20:13 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignaa9462e571eb4db5
2017-01-10 19:56 - 2017-01-10 19:56 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignea76289b68272702
2017-01-10 19:55 - 2017-01-10 19:55 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignfd1e949eb82900b9
2017-01-10 19:55 - 2017-01-10 19:55 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsigna1308d07826aa66d
2017-01-10 19:33 - 2017-01-10 19:33 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-10 17:24 - 2017-01-10 17:24 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign91af628b30033900
2017-01-10 17:24 - 2017-01-10 17:24 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign361ee0cf2454f36b
2017-01-10 16:38 - 2017-01-10 16:38 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign9458427713e3db32
2017-01-10 16:38 - 2017-01-10 16:38 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign66f9e30142e689a6
2017-01-10 16:35 - 2017-01-10 16:35 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign1e6c282aecb299e4
2017-01-10 16:35 - 2017-01-10 16:35 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign1106c773869a657a
2017-01-09 23:33 - 2017-01-09 23:33 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign7ab7f730cd89a74b
2017-01-09 23:30 - 2017-01-09 23:30 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignfc9d000dd382686a
2017-01-09 23:14 - 2017-01-09 23:14 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign16f3e1487b3f40b2
2017-01-09 23:07 - 2017-01-09 23:07 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignbe679e846e40adae
2017-01-09 23:01 - 2017-01-09 23:01 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign0eeda50d60cb1a52
2017-01-09 23:01 - 2017-01-09 23:01 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign05261863cc67394a
2017-01-09 22:54 - 2017-01-09 22:54 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsigna415fd1c03edec13
2017-01-09 22:53 - 2017-01-09 22:53 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignfec30681a1769529
2017-01-09 22:53 - 2017-01-09 22:53 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign57eca537ae8d123e
2017-01-09 22:31 - 2017-01-09 22:31 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsigne279d52110de5ef4
2017-01-09 22:31 - 2017-01-09 22:31 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign7ce21784add03b5c
2017-01-09 22:29 - 2017-01-09 22:29 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsigneeaea1c11ecb83f3
2017-01-09 22:29 - 2017-01-09 22:29 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsigna57bea078f9eaadd
2017-01-09 01:21 - 2017-01-09 01:21 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignd559abca7c954095
2017-01-09 01:21 - 2017-01-09 01:21 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign535a29163a823324
2017-01-09 01:14 - 2017-01-09 01:14 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign6144f27a841d08ee
2017-01-09 01:13 - 2017-01-09 01:13 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsigne04f06de28fbcc61
2017-01-09 01:13 - 2017-01-09 01:13 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign748a4acc7f34067b
2017-01-09 01:09 - 2017-01-09 01:09 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignf745a15342ffee66
2017-01-09 01:09 - 2017-01-09 01:09 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsigna4303e775a211201
2017-01-09 01:09 - 2017-01-09 01:09 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign4be9ad591ba7ab8d
2017-01-09 01:09 - 2017-01-09 01:09 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign4a44dbb94f67a589
2017-01-09 01:07 - 2017-01-09 01:07 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsigne019017a7a9a6ad9
2017-01-09 01:07 - 2017-01-09 01:07 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsigncceb7582b0b542d2
2017-01-09 01:07 - 2017-01-09 01:07 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignbaa9a4b7ac8cc2a8
2017-01-09 01:07 - 2017-01-09 01:07 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign96c03944918c96e7
2017-01-09 01:01 - 2017-01-09 01:01 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign616d08c134f7d8f8
2017-01-09 00:54 - 2017-01-09 00:54 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignda39c2db3b621c84
2017-01-09 00:54 - 2017-01-09 00:54 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignb834e22b8ff45f36
2017-01-09 00:51 - 2017-01-09 00:51 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsigndfd1805953839f8e
2017-01-09 00:51 - 2017-01-09 00:51 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign506e968ed4b2c83e
2017-01-09 00:51 - 2017-01-09 00:51 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign204cce005a515e75
2017-01-09 00:08 - 2017-01-09 00:08 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignd38c49f4a82b3993
2017-01-09 00:08 - 2017-01-09 00:08 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign0c4539a94f15dc1e
2017-01-08 23:58 - 2017-01-08 23:58 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignfa6a3a2555e1be52
2017-01-08 23:58 - 2017-01-08 23:58 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign9a9f28dc66ac3a7b
2017-01-08 23:46 - 2017-01-08 23:46 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignb80c7e07e99df97a
2017-01-08 21:33 - 2017-01-08 21:33 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign764307e1f1141cbc
2017-01-08 21:33 - 2017-01-08 21:33 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign72ea4915e63d4071
2017-01-08 20:58 - 2017-01-08 20:58 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign80e5a2552f155322
2017-01-08 20:58 - 2017-01-08 20:58 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign045dc47128f99294
2017-01-08 20:58 - 2017-01-08 20:58 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign01fddd6e0b4ade83
2017-01-08 20:54 - 2017-01-08 20:54 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign9dcd5a9894fefb4c
2017-01-08 18:54 - 2017-01-08 18:54 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign86d325c3677542ee
2017-01-08 18:54 - 2017-01-08 18:54 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign2b0ad27ec3b8da9f
2017-01-08 18:53 - 2017-01-08 18:53 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign9d0d0174c07dd574
2017-01-08 18:53 - 2017-01-08 18:53 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign46116510882b73a6
2017-01-08 18:53 - 2017-01-08 18:53 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign4433357763bee811
2017-01-08 17:46 - 2017-01-08 17:46 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign7efb3784144973aa
2017-01-08 17:46 - 2017-01-08 17:46 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign0772f853c3279e38
2017-01-08 17:40 - 2017-01-08 17:40 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignad186470c1d7c164
2017-01-08 17:40 - 2017-01-08 17:40 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign9093a71207e579de
2017-01-08 17:40 - 2017-01-08 17:40 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign2f203d3039ef73f5
2017-01-08 17:28 - 2017-01-08 17:28 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign90f834c23be27254
2017-01-08 17:04 - 2017-01-08 17:04 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign8ab090dea7c60669
2017-01-08 13:45 - 2017-01-08 13:45 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign2db8040ba706584a
2017-01-08 13:43 - 2017-01-08 13:43 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign3bcb377b0e188fb4
2017-01-08 13:42 - 2017-01-08 13:42 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsigncd7483227cbc6a97
2017-01-08 13:42 - 2017-01-08 13:42 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign9ecad998799fe4a5
2017-01-08 12:19 - 2017-01-08 12:19 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign69a6e71f1d791dc1
2017-01-08 12:15 - 2017-01-08 12:15 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignf1df2c39f23c91e0
2017-01-08 12:15 - 2017-01-08 12:15 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign2bb1cd78f7b18ab9
2017-01-08 11:15 - 2017-01-08 11:15 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign51e10bfe9d441467
2017-01-08 10:57 - 2017-01-08 10:57 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignc706dea052234962
2017-01-08 10:57 - 2017-01-08 10:57 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignac0894a4f6e40de2
2017-01-08 10:57 - 2017-01-08 10:57 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign2d380ddb1f6097e4
2017-01-08 02:44 - 2017-01-08 02:44 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignc8c938052ba4f11f
2017-01-08 02:44 - 2017-01-08 02:44 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign793846d12dbbfd63
2017-01-08 00:54 - 2017-01-08 00:54 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign5a1a248d697ef20c
2017-01-08 00:25 - 2017-01-08 00:25 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignf3045a31e3c1fcce
2017-01-08 00:25 - 2017-01-08 00:25 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsignacb80170a4760ee5
2017-01-08 00:25 - 2017-01-08 00:25 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign9bd03b11257297e3
2017-01-08 00:25 - 2017-01-08 00:25 - 00000000 ____D C:\Users\Admin\AppData\Local\Tempzxpsign7fb3e225cd143f8c

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2017-02-07 14:37 - 2016-07-09 01:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\DMCache
2017-02-07 14:02 - 2016-07-09 01:01 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-07 13:58 - 2016-11-15 17:10 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2017-02-07 13:55 - 2016-07-08 23:12 - 00003754 _____ C:\Windows\System32\Tasks\AutoKMS
2017-02-07 13:52 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-07 01:57 - 2016-07-08 23:39 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2345393507-1297792505-1352856717-1001
2017-02-06 22:43 - 2016-07-09 01:14 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mp3tag
2017-02-06 21:58 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2017-02-06 21:47 - 2016-11-15 18:06 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Shark007
2017-02-06 21:47 - 2016-11-15 18:06 - 00000000 ____D C:\ProgramData\Shark007
2017-02-06 21:47 - 2016-07-09 01:07 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-02-06 21:47 - 2016-07-09 01:06 - 00000000 ____D C:\ProgramData\Advanced
2017-02-06 21:27 - 2016-07-09 02:03 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-06 21:26 - 2016-08-12 16:31 - 00000000 ____D C:\Users\Admin\AppData\Roaming\uTorrent
2017-02-06 21:23 - 2016-07-09 01:42 - 00000000 ____D C:\Program Files (x86)\FlashFXP 5
2017-02-06 16:46 - 2016-07-08 23:06 - 00000000 ____D C:\Users\Admin\AppData\Local\Packages
2017-02-06 16:45 - 2016-10-06 20:43 - 00000000 ____D C:\Users\Admin\Desktop\School
2017-02-06 15:07 - 2016-07-08 23:06 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2017-02-06 14:56 - 2016-10-11 15:56 - 00000000 ____D C:\Users\Admin\Documents\Adobe
2017-02-06 14:16 - 2016-07-09 01:00 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2017-02-05 19:25 - 2016-10-11 14:30 - 00000000 ___HD C:\adobeTemp
2017-02-05 19:19 - 2016-07-08 23:05 - 00000000 ____D C:\Users\Admin
2017-02-05 18:56 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2017-02-05 18:47 - 2016-11-24 11:44 - 00000000 ____D C:\Program Files\DAEMON Tools Pro
2017-02-05 17:04 - 2014-11-21 05:46 - 01824886 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-05 17:04 - 2014-11-21 05:07 - 00807160 _____ C:\Windows\system32\perfh015.dat
2017-02-05 17:04 - 2014-11-21 05:07 - 00163478 _____ C:\Windows\system32\perfc015.dat
2017-02-02 21:32 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-02-02 20:49 - 2016-07-09 00:57 - 00002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-01 15:43 - 2016-10-10 10:52 - 00000000 ____D C:\Users\Admin\AppData\Local\Deployment
2017-02-01 12:37 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-01 12:37 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-01 12:35 - 2016-07-09 01:48 - 00000000 ____D C:\Program Files\Microsoft Office
2017-01-29 01:42 - 2016-07-09 01:01 - 00000992 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-29 01:42 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-29 01:16 - 2016-11-15 17:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-29 00:54 - 2016-07-09 01:41 - 00000000 ____D C:\Users\Admin\AppData\Local\IIIQF
2017-01-28 14:39 - 2016-07-09 01:36 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-01-28 14:39 - 2016-07-09 00:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-27 00:06 - 2016-10-16 21:02 - 00000000 ____D C:\Users\Admin\AppData\Local\atom
2017-01-27 00:05 - 2016-10-16 21:02 - 00000000 ____D C:\Users\Admin\AppData\Local\SquirrelTemp
2017-01-26 23:45 - 2016-07-09 01:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\IDM
2017-01-25 16:38 - 2016-10-18 20:28 - 00000000 ____D C:\Users\Public\Documents\Unity Projects
2017-01-25 16:04 - 2016-07-09 01:44 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-23 19:44 - 2016-10-06 21:38 - 00000000 ____D C:\Users\Admin\Documents\Visual Studio 2015
2017-01-23 19:38 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2017-01-22 16:29 - 2016-07-09 01:21 - 00000000 ____D C:\Program Files\WinRAR
2017-01-22 16:23 - 2016-05-04 17:52 - 00000000 ____D C:\Program Files\7-Zip
2017-01-22 16:22 - 2016-05-04 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-01-22 14:05 - 2016-07-08 22:55 - 00502400 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-22 14:04 - 2016-12-11 19:46 - 00000000 ____D C:\ProgramData\HP
2017-01-22 11:22 - 2016-12-11 19:46 - 00200908 _____ C:\Windows\hpoins21.dat
2017-01-22 11:22 - 2013-08-22 14:25 - 00000127 _____ C:\Windows\win.ini
2017-01-18 23:20 - 2016-07-08 23:32 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-01-18 23:19 - 2016-12-07 22:59 - 00000000 ____D C:\Program Files (x86)\Realtek
2017-01-18 23:19 - 2016-07-08 23:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-18 00:41 - 2016-07-09 02:10 - 00000000 ____D C:\Users\Admin\.nbi
2017-01-18 00:38 - 2016-07-09 02:12 - 00000000 ____D C:\Users\Admin\.oracle_jre_usage
2017-01-17 21:48 - 2016-07-09 02:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TeamViewer
2017-01-17 13:08 - 2016-10-26 21:35 - 00000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2017-01-11 13:55 - 2016-07-09 15:51 - 00000000 ____D C:\Users\Admin\AppData\Local\Jagex
2017-01-11 13:55 - 2016-07-09 15:51 - 00000000 ____D C:\ProgramData\Jagex
2017-01-11 13:33 - 2016-07-09 00:21 - 00000000 ____D C:\Windows\system32\MRT
2017-01-11 13:29 - 2016-05-01 13:26 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2017-01-10 22:30 - 2016-07-09 01:01 - 00003956 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-01-10 22:30 - 2016-07-09 01:01 - 00003818 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 22:02 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-10 22:01 - 2016-10-16 21:03 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-01-10 00:00 - 2016-07-09 02:25 - 00000000 ____D C:\Program Files (x86)\TeamViewer

==================== Pliki w katalogu głównym wybranych folderów =======

2017-02-06 15:07 - 2017-02-06 15:07 - 0000033 _____ () C:\Users\Admin\AppData\Roaming\AdobeWLCMCache.dat
2016-11-21 21:15 - 2016-11-21 21:15 - 0000036 _____ () C:\Users\Admin\AppData\Local\housecall.guid.cache
2016-07-09 01:19 - 2016-07-09 01:19 - 0000001 _____ () C:\Users\Admin\AppData\Local\llftool.4.40.agreement
2016-07-09 01:20 - 2016-07-09 01:20 - 0000019 _____ () C:\Users\Admin\AppData\Local\llftool.license
2016-12-11 19:46 - 2017-01-22 14:13 - 0012728 _____ () C:\ProgramData\hpzinstall.log

Pliki do przeniesienia lub usunięcia:
====================
C:\Users\Admin\RegSvcs.exe


Niektóre pliki w TEMP:
====================
2017-02-07 01:58 - 2017-02-05 19:20 - 0099929 _____ () C:\Users\Admin\AppData\Local\Temp\Uninstall.exe

==================== Bamital & volsnap ======================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo


testsigning: ==> Ustawiony "Tryb testu". Sprawdź obecność niepodpisanego sterownika <===== UWAGA

LastRegBack: 2017-02-05 19:04

==================== Koniec  FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:35 PM

Posted 07 February 2017 - 10:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [TNOD UP] => C:\Program Files\ESET\TNod\TNODUP.exe [6729728 2016-11-19] (Tukero[X]Team)
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== UWAGA
GroupPolicy: Ograniczenia <======= UWAGA
GroupPolicy\User: Ograniczenia <======= UWAGA
GroupPolicyScripts: Ograniczenia <======= UWAGA
CHR Extension: (Platnosci w sklepie Chrome Web Store) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-22]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-01]
S2 AGSService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]
C:\Program Files\ESET\TNod\TNODUP.exe
Task: {0D2EB355-5665-4CB7-918B-32D6FD5F26D3} - System32\Tasks\gtctk => C:\Users\Admin\gtctk\hcgyciy.exe [2016-10-09] (AutoIt Team)
Task: {E40015B7-93EE-4427-A0E7-3F3DF0C35A5E} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-07-08] ()
C:\Users\Admin\gtctk
C:\Windows\AutoKMS

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.


Please post the logs and let me know what problem persists.

#3 pejakk

pejakk
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 07 February 2017 - 11:16 AM

Hello, thanks for you reply.

 

Zoek seems to get stuck at Checking Input, attached screen.

Nevertheless the RegSvcs.exe process seems to be gone.

 

Here is Fixlog.txt which FRST created after successful reboot.

 

Is there anything else I could do to be one hundred percent sure I'm safe?

 

Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 05-02-2017
Uruchomiony przez Admin (07-02-2017 16:32:36) Run:1
Uruchomiony z C:\Users\Admin\Desktop
Załadowane profile: Admin (Dostępne profile: Admin)
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [TNOD UP] => C:\Program Files\ESET\TNod\TNODUP.exe [6729728 2016-11-19] (Tukero[X]Team)
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== UWAGA
GroupPolicy: Ograniczenia <======= UWAGA
GroupPolicy\User: Ograniczenia <======= UWAGA
GroupPolicyScripts: Ograniczenia <======= UWAGA
CHR Extension: (Platnosci w sklepie Chrome Web Store) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-22]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-01]
S2 AGSService; "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]
C:\Program Files\ESET\TNod\TNODUP.exe
Task: {0D2EB355-5665-4CB7-918B-32D6FD5F26D3} - System32\Tasks\gtctk => C:\Users\Admin\gtctk\hcgyciy.exe [2016-10-09] (AutoIt Team)
Task: {E40015B7-93EE-4427-A0E7-3F3DF0C35A5E} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-07-08] ()
C:\Users\Admin\gtctk
C:\Windows\AutoKMS

End
*****************

Błąd: (0) Nie udało się utworzyć punktu przywracania.
Procesy zostały pomyślnie zamknięte.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TNOD UP => Wartość pomyślnie usunięto
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore => klucz pomyślnie usunięto
C:\Windows\system32\GroupPolicy\Machine => pomyślnie przeniesiono
C:\Windows\system32\GroupPolicy\GPT.ini => pomyślnie przeniesiono
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => pomyślnie przeniesiono
C:\Windows\system32\GroupPolicy\User => pomyślnie przeniesiono
"C:\Windows\system32\GroupPolicy\Machine" => nie znaleziono.
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => pomyślnie przeniesiono
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => pomyślnie przeniesiono
HKLM\System\CurrentControlSet\Services\AGSService => klucz pomyślnie usunięto
AGSService => serwis pomyślnie usunięto
HKLM\System\CurrentControlSet\Services\RSUSBSTOR => klucz pomyślnie usunięto
RSUSBSTOR => serwis pomyślnie usunięto
C:\Program Files\ESET\TNod\TNODUP.exe => pomyślnie przeniesiono
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D2EB355-5665-4CB7-918B-32D6FD5F26D3} => klucz pomyślnie usunięto
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D2EB355-5665-4CB7-918B-32D6FD5F26D3} => klucz pomyślnie usunięto
C:\Windows\System32\Tasks\gtctk => pomyślnie przeniesiono
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gtctk => klucz pomyślnie usunięto
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E40015B7-93EE-4427-A0E7-3F3DF0C35A5E} => klucz pomyślnie usunięto
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E40015B7-93EE-4427-A0E7-3F3DF0C35A5E} => klucz pomyślnie usunięto
C:\Windows\System32\Tasks\AutoKMS => pomyślnie przeniesiono
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => klucz pomyślnie usunięto
C:\Users\Admin\gtctk => pomyślnie przeniesiono
C:\Windows\AutoKMS => pomyślnie przeniesiono

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31215112 B
Java, Flash, Steam htmlcache => 610 B
Windows/system/drivers => 4142354 B
Edge => 0 B
Chrome => 2848659 B
Firefox => 205759165 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 554438 B
NetworkService => 34788 B
Admin => 221761304 B
Administrator => 0 B

RecycleBin => 0 B
EmptyTemp: => 452.7 MB danych tymczasowych Usunięto.

================================


System wymagał restartu.

==== Koniec  Fixlog 16:32:43 ====

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:35 PM

Posted 07 February 2017 - 02:17 PM


Error: (0) Failed to create a restore point.
your system failed to create a restore point.


Now thay you have restarted the computer after the fix try to create one.

How to.
http://www.dummies.com/computers/operating-systems/windows-8/how-to-create-a-restore-point-for-windows-8/

Let me know of any errors.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:35 PM

Posted 13 February 2017 - 08:53 AM

Are you still with me?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:35 PM

Posted 19 February 2017 - 10:19 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users