Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Process using too much resources


  • This topic is locked This topic is locked
5 replies to this topic

#1 QBsheon

QBsheon

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 18 August 2017 - 03:08 AM

Hello, from few days i noticed that my PC is getting too hot.

It's becouse of a process named "jaureg.exe" i made a bit of research and it should be Java process, but i guess it is not in my case.

The process is using 60% of my GPU and 25% of my CPU non stop until i close it with Resource Manager.

I reinstalled Java - nothing, i uninstalled Java - still nothing.

 

My PC specs:

CPU: Intel Core i5 4670

GPU: Gigabyte GTX 1060 6GB windforce OC

OC: Windows 7 64-bit



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 AM

Posted 18 August 2017 - 07:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Lets start with this scanning program.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post or attach the FRST and Addition.txt logs for my review.

#3 QBsheon

QBsheon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 18 August 2017 - 02:18 PM

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 18-08-2017
Uruchomiony przez PC (administrator)  PC-KOMPUTER (18-08-2017 21:15:37)
Uruchomiony z C:\Users\PC\Downloads
Załadowane profile: PC (Dostępne profile: PC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: "C:\Users\PC\AppData\Local\Torch\Application\torch.exe" -- "%1")
Tryb startu: Normal
 
==================== Procesy (filtrowane) =================
 
(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.26\AsusFanControlService.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() D:\NetTime\NetTimeService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) D:\Kies\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) D:\TeamViewer\TeamViewer_Service.exe
(TorchMedia Inc.) C:\Users\PC\AppData\Local\Torch\Update\TorchCrashHandler.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Discord Inc.) C:\Users\PC\AppData\Local\Discord\app-0.0.298\Discord.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() D:\NetTime\NetTime.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Discord Inc.) C:\Users\PC\AppData\Local\Discord\app-0.0.298\Discord.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Discord Inc.) C:\Users\PC\AppData\Local\Discord\app-0.0.298\Discord.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Valve Corporation) D:\Steam\Steam.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(BitTorrent Inc.) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\PC\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
(BitTorrent Inc.) C:\Users\PC\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
(Torch Media Inc.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\PC\AppData\Local\Torch\Update\55.0.0.12195\TorchUpdate.exe
(Torch Media Inc.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
 
==================== Rejestr (filtrowane) ====================
 
(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [NetTime] => D:\NetTime\NetTime.exe [772096 2012-05-12] ()
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3111613574-2524581245-2586426736-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3111613574-2524581245-2586426736-1000\...\Run: [Discord] => C:\Users\PC\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-3111613574-2524581245-2586426736-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\PC\DOCUME~1\VISUAL~1\Projects\winlog\winlog\log.scr
HKU\S-1-5-18\...\Run: [] => [X]
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
 
==================== Internet (filtrowane) ====================
 
(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)
 
AutoConfigURL: [HKLM-x32] => hxxp://127.0.0.1:9090/proxy.pac
Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{0E2DB5C9-F242-4B1E-81E6-8857DAB83068}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{30B5B952-DCE6-4925-81AF-D355ED6413F9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AF63FFCD-3967-413C-8ED5-F090F2EC33E5}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{E42E9C9B-E07A-4312-BC9F-ABA6BFF1A028}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{E67658AE-67BE-4DDF-85A0-ABE7D2D02D4B}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131207712340945767&GUID=55526A47-9EB7-4A60-8517-6CA5B146F259
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131207712340945767&GUID=55526A47-9EB7-4A60-8517-6CA5B146F259
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3111613574-2524581245-2586426736-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-06-01] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\3h52e213.default [2017-08-17]
FF Homepage: Mozilla\Firefox\Profiles\3h52e213.default -> hxxps://mysearch.avg.com?cid={01A90A96-5A6D-453C-8B0D-BDA9F6FE5F71}&mid=51deef8cfa0747d2b9a6d94961e4e99c-48baa216a0bb69fb63a364111a9eff6c6d68ef91&lang=pl&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-12-10 19:11:09&v=4.0.5.7&pid=wtu&sg=&sap=hp
FF NetworkProxy: Mozilla\Firefox\Profiles\3h52e213.default -> type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [Brak pliku]
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-04-23] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [Brak pliku]
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [Brak pliku]
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [Brak pliku]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [Brak pliku]
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-04-23] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-08-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-08-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-3111613574-2524581245-2586426736-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-29] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3111613574-2524581245-2586426736-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [Brak pliku]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.pl/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.google.pl/"
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default [2017-08-16]
CHR Extension: (Dark Grid) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bckdgimndkgpahkbdobngfeifbihdidl [2015-07-27]
CHR Extension: (Adblock Plus) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-22]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2017-07-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-09]
CHR Extension: (Little Alchemy) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-09-09]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-22]
CHR Extension: (Chrome Media Router) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-22]
CHR Extension: (Canvas Rider) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-07-16]
CHR HKU\S-1-5-21-3111613574-2524581245-2586426736-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\PC\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <nie znaleziono>
CHR HKU\S-1-5-21-3111613574-2524581245-2586426736-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Usługi (filtrowane) ====================
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-06-04] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.26\AsusFanControlService.exe [1652024 2013-06-25] (ASUSTeK Computer Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1517576 2017-06-27] ()
S3 Disc Soft Lite Bus Service; D:\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-07-12] (EasyAntiCheat Ltd)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-07-12] (Hi-Rez Studios) [Brak podpisu cyfrowego]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Brak podpisu cyfrowego]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [Brak podpisu cyfrowego]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Brak podpisu cyfrowego]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation)
R2 NetTimeSvc; D:\NetTime\NetTimeService.exe [473088 2012-05-12] () [Brak podpisu cyfrowego]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-07-26] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2169696 2017-07-26] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3149672 2017-07-26] (Electronic Arts)
S3 PAExec; C:\Windows\PAExec.exe [189112 2016-09-01] (Power Admin LLC)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-05-21] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-07-06] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation)
R2 ss_conn_service; D:\Kies\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 TeamViewer; D:\TeamViewer\TeamViewer_Service.exe [7757040 2017-02-02] (TeamViewer GmbH)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2017-04-08] (Microsoft Corporation) [Brak podpisu cyfrowego]
R2 TorchCrashHandler; C:\Users\PC\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217344 2017-03-07] (TorchMedia Inc.) <==== UWAGA
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-14] (Microsoft Corporation)
 
===================== Sterowniki (filtrowane) ======================
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== UWAGA (Brak ServiceDLL)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-28] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2014-12-10] (AVG Technologies)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-07-16] (Disc Soft Ltd)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2015-11-14] (Echobit, LLC)
S3 fwlanusb6_860; C:\Windows\System32\DRIVERS\fwlanusb6_860.sys [2274336 2015-07-20] (AVM GmbH)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [43456 2010-10-02] (hxxp://libusb-win32.sourceforge.net)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 npcap; C:\Windows\System32\DRIVERS\npcap.sys [71888 2016-12-15] (Insecure.Com LLC.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-07-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [76840 2017-04-01] (NVIDIA Corporation)
S3 pspdisp; C:\Windows\System32\DRIVERS\pspdisp_x64.sys [4608 2011-01-18] (JJS) [Brak podpisu cyfrowego]
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
S3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [23552 2014-06-30] (Windows ® Win 7 DDK provider)
S3 splitcam_hd_driver; C:\Windows\System32\DRIVERS\splitcam_hd_driver.sys [37496 2014-06-30] (Windows ® Win 7 DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-07-16] (Duplex Secure Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125008 2015-07-09] (Oracle Corporation)
S3 VCam_WDM; C:\Windows\System32\DRIVERS\VCam_WDM.sys [121224 2012-11-26] (e2eSoft)
S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) [Brak podpisu cyfrowego]
S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [13472 2009-10-08] (Headsoft) [Brak podpisu cyfrowego]
U3 avm6e9uv; Brak ImagePath
 
==================== NetSvcs (filtrowane) ===================
 
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
 
 
==================== Jeden miesiąc - utworzone pliki i foldery ========
 
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
 
2017-08-18 21:15 - 2017-08-18 21:15 - 000024350 _____ C:\Users\PC\Downloads\FRST.txt
2017-08-18 21:15 - 2017-08-18 21:15 - 000000000 ____D C:\FRST
2017-08-18 21:14 - 2017-08-18 21:14 - 002395648 _____ (Farbar) C:\Users\PC\Downloads\FRST64.exe
2017-08-18 13:32 - 2017-08-18 13:32 - 000000702 _____ C:\Users\Public\Desktop\Prison Architect.lnk
2017-08-18 13:04 - 2017-08-18 13:04 - 000000000 ____D C:\Users\PC\AppData\LocalLow\uTorrent
2017-08-17 11:51 - 2017-08-17 11:51 - 000000603 _____ C:\Users\PC\Desktop\MSI Afterburner.lnk
2017-08-17 11:48 - 2017-08-17 11:48 - 000000000 ____D C:\Users\PC\Documents\temp
2017-08-17 11:48 - 2017-08-17 11:48 - 000000000 ____D C:\GvTemp
2017-08-17 11:47 - 2017-08-17 11:48 - 000003166 _____ C:\Windows\System32\Tasks\GIGABYTE OC GURU
2017-08-17 11:42 - 2017-08-10 00:21 - 000135616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-08-17 11:40 - 2017-08-10 02:22 - 040239552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 035805632 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 035314296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 028930496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 023075016 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 018804976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 017807936 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 015425984 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-08-17 11:40 - 2017-08-10 02:22 - 013649992 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 012133296 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 011585736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 009982968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 003803768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 003359680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 001988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438528.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 001598072 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438528.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 001067640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 001005176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 000972920 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 000924096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 000689808 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 000609912 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 000578056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 000512856 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 000499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 000429920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 000407248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 000171200 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 000154392 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 000149224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-08-17 11:40 - 2017-08-10 02:22 - 000132072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-08-17 11:34 - 2017-07-26 19:09 - 000048064 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-08-16 14:42 - 2017-08-16 14:42 - 000019830 _____ C:\Users\PC\AppData\Local\recently-used.xbel
2017-08-14 09:47 - 2017-08-14 09:47 - 000003322 _____ C:\Windows\System32\Tasks\Java Update Registration
2017-08-12 17:40 - 2017-08-14 09:47 - 000000641 _____ C:\Users\PC\Desktop\Car Mechanic Simulator 2018.lnk
2017-08-12 17:40 - 2017-08-12 17:40 - 000000000 ____D C:\MonkeyGames
2017-08-09 10:33 - 2017-07-29 16:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-08-09 10:33 - 2017-07-21 16:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2017-08-09 10:33 - 2017-07-21 16:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
2017-08-09 10:33 - 2017-07-21 16:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2017-08-09 10:33 - 2017-07-21 16:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2017-08-09 10:33 - 2017-07-15 20:35 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-08-09 10:33 - 2017-07-15 19:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-08-09 10:33 - 2017-07-14 17:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-08-09 10:33 - 2017-07-14 17:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-08-09 10:33 - 2017-07-14 17:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-08-09 10:33 - 2017-07-14 17:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-08-09 10:33 - 2017-07-14 17:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-08-09 10:33 - 2017-07-14 17:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-08-09 10:33 - 2017-07-14 17:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-08-09 10:33 - 2017-07-14 17:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-08-09 10:33 - 2017-07-14 17:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-08-09 10:33 - 2017-07-14 17:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-08-09 10:33 - 2017-07-14 17:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-08-09 10:33 - 2017-07-14 17:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-08-09 10:33 - 2017-07-14 17:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-08-09 10:33 - 2017-07-14 17:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-08-09 10:33 - 2017-07-14 17:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-08-09 10:33 - 2017-07-14 17:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-08-09 10:33 - 2017-07-14 17:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-08-09 10:33 - 2017-07-14 17:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-08-09 10:33 - 2017-07-14 17:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-08-09 10:33 - 2017-07-14 17:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-08-09 10:33 - 2017-07-14 17:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-08-09 10:33 - 2017-07-14 17:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-08-09 10:33 - 2017-07-14 17:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-08-09 10:33 - 2017-07-14 17:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-08-09 10:33 - 2017-07-14 17:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-08-09 10:33 - 2017-07-14 17:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-08-09 10:33 - 2017-07-14 17:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-08-09 10:33 - 2017-07-14 16:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-08-09 10:33 - 2017-07-14 16:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-08-09 10:33 - 2017-07-14 16:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-08-09 10:33 - 2017-07-14 16:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-08-09 10:33 - 2017-07-14 16:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2017-08-09 10:33 - 2017-07-14 09:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-08-09 10:33 - 2017-07-14 09:15 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-08-09 10:33 - 2017-07-14 08:49 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-08-09 10:33 - 2017-07-14 08:47 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-08-09 10:33 - 2017-07-14 08:45 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-08-09 10:33 - 2017-07-14 08:45 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-08-09 10:33 - 2017-07-14 08:44 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-08-09 10:33 - 2017-07-14 08:44 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-08-09 10:33 - 2017-07-14 08:38 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-08-09 10:33 - 2017-07-14 08:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-08-09 10:33 - 2017-07-14 08:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-08-09 10:33 - 2017-07-14 08:22 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-08-09 10:33 - 2017-07-14 08:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-08-09 10:33 - 2017-07-14 08:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-08-09 10:33 - 2017-07-14 08:19 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-08-09 10:33 - 2017-07-14 08:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-08-09 10:33 - 2017-07-14 08:08 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-08-09 10:33 - 2017-07-14 08:02 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-08-09 10:33 - 2017-07-14 07:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-08-09 10:33 - 2017-07-14 07:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-08-09 10:33 - 2017-07-14 07:47 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-08-09 10:33 - 2017-07-14 07:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-08-09 10:33 - 2017-07-14 07:40 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-08-09 10:33 - 2017-07-14 07:35 - 005981184 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-08-09 10:33 - 2017-07-14 07:35 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-08-09 10:33 - 2017-07-14 07:33 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-08-09 10:33 - 2017-07-14 07:16 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-08-09 10:33 - 2017-07-14 07:11 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-08-09 10:33 - 2017-07-14 07:10 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-08-09 10:33 - 2017-07-14 07:09 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-08-09 10:33 - 2017-07-14 07:09 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-08-09 10:33 - 2017-07-14 06:40 - 015254016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-08-09 10:33 - 2017-07-14 06:23 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-08-09 10:33 - 2017-07-14 06:07 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-08-09 10:33 - 2017-07-14 05:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-08-09 10:33 - 2017-07-14 05:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-08-09 10:33 - 2017-07-14 04:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-08-09 10:33 - 2017-07-14 04:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-08-09 10:33 - 2017-07-14 04:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-08-09 10:33 - 2017-07-14 04:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-08-09 10:33 - 2017-07-14 04:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-08-09 10:33 - 2017-07-14 04:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-08-09 10:33 - 2017-07-14 04:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-08-09 10:33 - 2017-07-14 04:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-08-09 10:33 - 2017-07-14 04:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-08-09 10:33 - 2017-07-14 04:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-08-09 10:33 - 2017-07-14 04:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-08-09 10:33 - 2017-07-14 04:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-08-09 10:33 - 2017-07-14 04:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-08-09 10:33 - 2017-07-14 04:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-08-09 10:33 - 2017-07-14 04:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-08-09 10:33 - 2017-07-14 04:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-08-09 10:33 - 2017-07-14 04:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-08-09 10:33 - 2017-07-14 04:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-08-09 10:33 - 2017-07-14 04:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-08-09 10:33 - 2017-07-14 04:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-08-09 10:33 - 2017-07-14 04:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-08-09 10:33 - 2017-07-14 04:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-08-09 10:33 - 2017-07-14 04:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-08-09 10:33 - 2017-07-14 04:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-08-09 10:33 - 2017-07-14 04:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-08-09 10:33 - 2017-07-14 04:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-08-09 10:33 - 2017-07-14 04:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-08-09 10:33 - 2017-07-14 03:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-08-09 10:33 - 2017-07-14 03:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-08-09 10:33 - 2017-07-14 03:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-08-09 10:33 - 2017-07-08 17:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-08-09 10:33 - 2017-07-08 17:00 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-08-09 10:33 - 2017-07-07 17:37 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-08-09 10:33 - 2017-07-07 17:33 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-08-09 10:33 - 2017-07-07 17:33 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-08-09 10:33 - 2017-07-07 17:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-08-09 10:33 - 2017-07-07 17:33 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-08-09 10:33 - 2017-07-07 17:33 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-08-09 10:33 - 2017-07-07 17:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-08-09 10:33 - 2017-07-07 17:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-08-09 10:33 - 2017-07-07 17:13 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-08-09 10:33 - 2017-07-07 17:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-08-09 10:33 - 2017-07-07 17:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-08-09 10:33 - 2017-07-07 17:11 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-08-09 10:33 - 2017-07-07 17:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-08-09 10:33 - 2017-07-07 17:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-08-09 10:33 - 2017-07-07 17:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-08-09 10:33 - 2017-07-07 17:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-08-09 10:33 - 2017-07-07 17:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-08-09 10:33 - 2017-07-07 17:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-08-09 10:33 - 2017-07-07 17:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-08-09 10:33 - 2017-07-07 17:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-08-09 10:33 - 2017-07-07 17:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-08-09 10:33 - 2017-07-07 17:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-08-09 10:33 - 2017-07-07 17:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-08-09 10:33 - 2017-07-07 17:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 17:02 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-08-09 10:33 - 2017-07-07 17:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-08-09 10:33 - 2017-07-07 17:01 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-08-09 10:33 - 2017-07-07 17:01 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-08-09 10:33 - 2017-07-07 16:58 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-08-09 10:33 - 2017-07-07 16:57 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-08-09 10:33 - 2017-07-07 16:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-08-09 10:33 - 2017-07-07 16:54 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-08-09 10:33 - 2017-07-07 16:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-08-09 10:33 - 2017-07-07 16:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-08-09 10:33 - 2017-07-07 16:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-08-09 10:33 - 2017-07-07 16:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-08-09 10:33 - 2017-07-07 16:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-08-09 10:33 - 2017-07-07 16:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-08-09 10:33 - 2017-07-07 16:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-08-09 10:33 - 2017-07-07 16:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-08-09 10:33 - 2017-07-07 16:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-08-09 10:33 - 2017-07-07 16:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 16:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 16:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 10:33 - 2017-07-07 16:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-08-09 10:33 - 2017-07-01 15:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2017-08-09 10:33 - 2017-07-01 15:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2017-08-09 10:33 - 2017-07-01 15:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-08-09 10:33 - 2017-07-01 15:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2017-08-09 10:33 - 2017-07-01 15:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2017-08-09 10:33 - 2017-07-01 15:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2017-08-09 10:33 - 2017-07-01 15:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2017-08-09 10:33 - 2017-07-01 15:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-08-09 10:33 - 2017-07-01 15:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2017-08-09 10:33 - 2017-07-01 15:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2017-08-09 10:33 - 2017-07-01 15:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-08-09 10:33 - 2017-07-01 15:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2017-08-09 10:28 - 2017-08-09 10:28 - 000000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-08-07 22:21 - 2017-08-07 22:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2017-08-05 09:26 - 2017-08-05 09:26 - 000000602 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2017-07-31 22:15 - 2017-07-31 22:15 - 000000000 ____D C:\winlog
2017-07-31 22:14 - 2017-07-31 22:15 - 000000000 ____D C:\Users\PC\AppData\Local\Temporary Projects
2017-07-30 15:30 - 2017-07-30 15:30 - 000000947 _____ C:\Users\PC\Desktop\crysis.lnk
2017-07-29 17:22 - 2017-07-29 17:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2017-07-29 17:22 - 2014-05-23 16:37 - 001930240 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athurx.sys
2017-07-29 17:22 - 2014-05-23 16:37 - 001930240 _____ (Atheros Communications, Inc.) C:\Windows\system32\athurx.sys
2017-07-29 17:22 - 2014-05-23 16:37 - 000007518 _____ C:\Windows\system32\athurextx.cat
2017-07-29 15:02 - 2017-07-29 15:24 - 000000000 ____D C:\Program Files (x86)\MyDrive Connect
2017-07-29 11:49 - 2017-07-29 11:49 - 000000000 ____D C:\Users\PC\AppData\Local\TomTom
2017-07-29 11:49 - 2017-07-29 11:49 - 000000000 ____D C:\Program Files (x86)\TomTom International B.V
2017-07-28 13:16 - 2017-07-28 13:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.7
2017-07-25 11:44 - 2017-08-17 11:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-07-25 11:42 - 2017-07-19 02:37 - 001988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438494.dll
2017-07-25 11:42 - 2017-07-19 02:37 - 001598072 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438494.dll
2017-07-24 10:53 - 2017-07-24 10:51 - 001018399 _____ C:\Users\PC\Desktop\20170724_1046_germany-G02_Hummel_23_westfeld.wotreplay
2017-07-22 10:46 - 2017-05-01 07:25 - 001458856 _____ (Sysinternals - www.sysinternals.com) C:\Users\PC\Desktop\procexp64.exe
2017-07-20 14:18 - 2017-07-20 14:19 - 000001658 _____ C:\Users\PC\Desktop\chrome.exe — skrót.lnk
2017-07-20 11:41 - 2017-07-20 11:34 - 001048704 _____ C:\Users\PC\Desktop\PzII_Luchs_turret_02_AM.dds
2017-07-20 00:03 - 2017-07-20 11:35 - 001297767 _____ C:\Users\PC\Desktop\PzII_Luchs_turret_02_AM.xcf
2017-07-19 17:34 - 2017-07-19 17:34 - 000000596 _____ C:\Users\Public\Desktop\Minecraft.lnk
2017-07-19 17:34 - 2017-07-19 17:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
 
==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========
 
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
 
2017-08-18 21:15 - 2015-06-05 11:38 - 000000000 ____D C:\Users\PC\AppData\Roaming\Skype
2017-08-18 21:14 - 2014-02-07 16:20 - 000000000 ____D C:\Users\PC\AppData\Roaming\uTorrent
2017-08-18 19:29 - 2016-02-09 14:28 - 000000382 _____ C:\Windows\Tasks\update-sys.job
2017-08-18 17:27 - 2016-02-09 14:28 - 000000382 _____ C:\Windows\Tasks\update-S-1-5-21-3111613574-2524581245-2586426736-1000.job
2017-08-18 16:58 - 2014-04-13 08:56 - 000007603 _____ C:\Users\PC\AppData\Local\Resmon.ResmonCfg
2017-08-18 13:10 - 2009-07-14 06:45 - 000034720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-18 13:10 - 2009-07-14 06:45 - 000034720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-18 12:25 - 2016-09-09 17:32 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-18 10:41 - 2016-07-05 14:05 - 000000000 ____D C:\Users\PC\Documents\BeamNG.drive
2017-08-18 09:18 - 2011-04-12 15:21 - 008749984 _____ C:\Windows\system32\perfh015.dat
2017-08-18 09:18 - 2011-04-12 15:21 - 002956630 _____ C:\Windows\system32\perfc015.dat
2017-08-18 09:18 - 2009-07-14 07:13 - 000011272 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-18 09:12 - 2017-03-08 15:50 - 000000000 ____D C:\ProgramData\TorchCrashHandler
2017-08-18 09:11 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-17 14:54 - 2009-07-14 07:08 - 000032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-08-17 14:06 - 2014-02-07 19:51 - 000000000 ____D C:\Users\PC\AppData\Roaming\Audacity
2017-08-17 11:51 - 2014-04-05 09:54 - 000000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2017-08-17 11:48 - 2015-07-16 20:14 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-08-17 11:42 - 2016-12-15 12:47 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-08-17 11:42 - 2016-09-09 17:31 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-17 11:42 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-08-17 11:34 - 2017-05-22 21:09 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-17 11:34 - 2016-12-15 12:25 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-17 11:34 - 2016-09-22 17:29 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-17 11:34 - 2016-09-09 19:26 - 000003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-17 11:34 - 2016-09-09 19:26 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-17 11:34 - 2016-09-09 19:26 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-17 11:34 - 2016-09-09 19:26 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-17 11:34 - 2016-09-09 19:26 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-17 11:34 - 2016-09-09 17:30 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-08-17 11:34 - 2014-12-03 12:30 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-08-16 21:50 - 2014-12-02 14:01 - 000000000 ____D C:\Program Files (x86)\Java
2017-08-16 19:38 - 2014-05-05 19:56 - 000000000 ____D C:\Users\PC\AppData\Local\Spotify
2017-08-16 18:58 - 2014-05-05 19:55 - 000000000 ____D C:\Users\PC\AppData\Roaming\Spotify
2017-08-16 18:18 - 2017-04-26 13:51 - 000000000 ____D C:\Users\PC\AppData\Roaming\discord
2017-08-16 14:43 - 2014-02-19 17:08 - 000000000 ____D C:\Users\PC\.gimp-2.8
2017-08-16 14:42 - 2014-02-19 17:27 - 000000000 ____D C:\Users\PC\AppData\Local\gtk-2.0
2017-08-16 10:31 - 2014-02-28 17:05 - 000000000 ____D C:\Users\PC\AppData\Local\CrashDumps
2017-08-15 12:43 - 2016-08-10 14:49 - 000000000 ____D C:\Users\PC\AppData\LocalLow\DefaultCompany
2017-08-14 09:47 - 2015-12-30 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2017-08-14 09:47 - 2015-09-29 15:52 - 000000000 ____D C:\Users\PC\AppData\Roaming\BANDISOFT
2017-08-13 09:40 - 2014-08-21 16:21 - 000000000 ____D C:\Users\PC\AppData\Local\Adobe
2017-08-13 09:39 - 2017-02-01 19:41 - 000004550 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-08-13 09:39 - 2014-02-04 13:14 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-13 09:39 - 2014-02-04 13:14 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-13 09:39 - 2014-02-04 13:14 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-13 09:39 - 2014-02-04 13:09 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-12 17:44 - 2014-03-05 17:45 - 000000000 ____D C:\Users\PC\AppData\LocalLow\Red Dot Games
2017-08-12 17:44 - 2014-02-08 14:19 - 000000000 ____D C:\ProgramData\Steam
2017-08-12 17:40 - 2014-02-07 20:32 - 000000000 ____D C:\Windows\SysWOW64\directx
2017-08-12 16:07 - 2017-06-28 11:56 - 000000153 _____ C:\Users\PC\BullseyeCoverageError.txt
2017-08-10 23:01 - 2014-07-23 18:10 - 000000000 ____D C:\Users\PC\AppData\Roaming\TS3Client
2017-08-10 11:45 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
2017-08-10 02:22 - 2017-05-22 21:37 - 018705072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-08-10 02:22 - 2016-10-21 18:29 - 000491536 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-08-10 02:22 - 2016-09-09 17:31 - 021403392 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-08-10 02:22 - 2016-09-09 17:31 - 014689632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-08-10 02:22 - 2016-09-09 17:31 - 004187336 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-08-10 02:22 - 2016-09-09 17:31 - 003691704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-08-10 02:22 - 2016-09-09 17:31 - 000044200 _____ C:\Windows\system32\nvinfo.pb
2017-08-10 00:53 - 2016-09-09 17:31 - 006463608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-08-10 00:53 - 2016-09-09 17:31 - 002479224 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-08-10 00:53 - 2016-09-09 17:31 - 001762936 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-08-10 00:53 - 2016-09-09 17:31 - 000549496 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-08-10 00:53 - 2016-09-09 17:31 - 000392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-08-10 00:53 - 2016-09-09 17:31 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-08-10 00:53 - 2016-09-09 17:31 - 000069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-08-10 00:47 - 2016-09-09 19:26 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2017-08-09 20:26 - 2009-07-14 06:45 - 000458616 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-09 18:39 - 2014-02-04 13:50 - 000000000 ____D C:\Windows\system32\MRT
2017-08-09 18:38 - 2014-02-04 13:50 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-09 10:28 - 2017-04-26 13:51 - 000002156 _____ C:\Users\PC\Desktop\Discord.lnk
2017-08-09 10:28 - 2017-04-26 13:51 - 000000000 ____D C:\Users\PC\AppData\Local\Discord
2017-08-08 17:13 - 2014-03-23 13:57 - 000000000 ____D C:\ProgramData\Origin
2017-08-08 14:32 - 2014-03-23 13:58 - 000000000 ____D C:\Users\PC\AppData\Roaming\Origin
2017-08-08 11:39 - 2016-09-09 17:31 - 008112721 _____ C:\Windows\system32\nvcoproc.bin
2017-08-07 17:56 - 2016-04-09 11:33 - 000000266 __RSH C:\ProgramData\ntuser.pol
2017-08-07 11:29 - 2015-10-27 17:37 - 000000000 ___RD C:\Users\PC\Virtual Machines
2017-08-07 10:45 - 2014-02-04 12:29 - 000000000 ____D C:\Users\PC\AppData\Local\VirtualStore
2017-07-31 22:12 - 2014-02-10 14:42 - 000000000 ____D C:\Users\PC\Documents\Visual Studio 2010
2017-07-30 15:24 - 2014-02-07 19:38 - 000000000 ____D C:\Users\PC\Documents\My Games
2017-07-30 10:35 - 2014-04-11 16:40 - 000000000 ____D C:\Windows\Minidump
2017-07-26 19:09 - 2017-07-05 10:13 - 000179136 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-07-26 19:09 - 2017-07-05 10:13 - 000146368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-07-26 19:09 - 2016-09-09 17:32 - 001922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-07-26 19:09 - 2016-09-09 17:32 - 001755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-07-26 19:09 - 2016-09-09 17:32 - 001505728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-07-26 19:09 - 2016-09-09 17:32 - 001317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-07-26 19:09 - 2016-09-09 17:32 - 000121280 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-07-26 15:40 - 2017-04-07 13:21 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-07-26 13:36 - 2017-01-31 12:43 - 000000000 ____D C:\Program Files (x86)\Origin
2017-07-22 12:29 - 2014-03-05 20:37 - 000000000 ____D C:\Users\PC\AppData\Local\Ubisoft Game Launcher
2017-07-20 16:13 - 2014-04-13 13:34 - 000032768 ___SH C:\Users\PC\Thumbs.db
2017-07-20 14:32 - 2017-04-19 20:44 - 000000000 ____D C:\Users\PC\.zenmap
2017-07-20 14:01 - 2017-02-06 13:09 - 000000000 ____D C:\Users\PC\AppData\Roaming\.minecraft
 
==================== Pliki w katalogu głównym wybranych folderów =======
 
2014-06-01 10:13 - 2014-06-01 10:13 - 000000132 _____ () C:\Users\PC\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-05-21 19:32 - 2016-05-21 19:32 - 000000009 _____ () C:\Users\PC\AppData\Roaming\update.dat
2014-04-25 15:33 - 2015-10-12 19:59 - 000015360 _____ () C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-14 18:25 - 2016-01-14 18:25 - 000000001 _____ () C:\Users\PC\AppData\Local\llftool.4.40.agreement
2017-08-16 14:42 - 2017-08-16 14:42 - 000019830 _____ () C:\Users\PC\AppData\Local\recently-used.xbel
2014-04-13 08:56 - 2017-08-18 16:58 - 000007603 _____ () C:\Users\PC\AppData\Local\Resmon.ResmonCfg
2016-02-09 14:28 - 2016-02-09 14:28 - 000000003 _____ () C:\Users\PC\AppData\Local\updater.log
2016-02-09 14:28 - 2017-05-06 13:09 - 000000425 _____ () C:\Users\PC\AppData\Local\UserProducts.xml
2017-04-19 20:44 - 2017-04-19 20:44 - 000000000 _____ () C:\Users\PC\AppData\Local\zenmap.exe.log
2015-10-28 17:38 - 2015-10-28 17:38 - 000000000 _____ () C:\Users\PC\AppData\Local\{84A047B4-0BED-4D81-BEAC-1A05E0522837}
2016-07-19 17:13 - 2016-07-19 17:14 - 000000000 _____ () C:\Users\PC\AppData\Local\{AFD7FC67-025C-4343-A087-6BAB50ECFDC9}
2016-07-19 17:13 - 2016-07-19 17:14 - 000000000 _____ () C:\Users\PC\AppData\Local\{D0EE5302-98E1-4BC2-A28E-8A0943BA43D9}
2014-02-25 15:29 - 2014-02-25 15:29 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-15 12:26 - 2017-01-18 17:32 - 000005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-15 12:26 - 2017-01-18 10:32 - 000005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
 
Niektóre pliki w TEMP:
====================
2017-08-12 16:07 - 2017-08-12 16:07 - 000010256 _____ () C:\Users\PC\AppData\Local\Temp\BullseyeCoverage-2-x64.dll
2017-06-28 11:56 - 2017-06-28 11:56 - 000008720 _____ () C:\Users\PC\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
2017-07-24 09:28 - 2017-07-24 09:28 - 000739904 _____ (Oracle Corporation) C:\Users\PC\AppData\Local\Temp\jre-8u141-windows-au.exe
2017-04-07 13:21 - 2017-07-19 00:38 - 000758472 _____ (NVIDIA Corporation) C:\Users\PC\AppData\Local\Temp\nvSCPAPI.dll
2017-04-26 15:22 - 2017-07-19 00:38 - 000368760 _____ (NVIDIA Corporation) C:\Users\PC\AppData\Local\Temp\nvStInst.exe
2017-08-13 09:38 - 2017-08-13 09:40 - 058782680 _____ (Skype Technologies S.A.) C:\Users\PC\AppData\Local\Temp\SkypeSetup.exe
 
==================== Bamital & volsnap ======================
 
(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)
 
C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo
C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll
[2016-12-14 16:44] - [2016-11-10 18:32] - 001008640 _____ (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E
 
C:\Windows\SysWOW64\User32.dll
[2017-06-27 21:43] - [2017-06-27 21:43] - 000833024 _____ (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356
 
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo
 
LastRegBack: 2017-08-12 15:55
 
==================== Koniec  FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 AM

Posted 19 August 2017 - 08:31 AM

Hi,

Zapora systemu Windows [funkcja wylaczona]
ATTENTION: System Restore is disabled
Turn your System Restore ON - Windows Help
https://support.microsoft.com/en-us/help/17228/windows-protect-my-pc-from-viruses
===

Torch has been found to be bundled with 3rd party software. If you have not purposefully installed this, you should be safe uninstalling it.

Remove this program in bold via the Control Panel > Programs > Programs and Features.
Torch (HKU\S-1-5-21-3111613574-2524581245-2586426736-1000\...\Torch) (Version: 55.0.0.12195 - Torch Media, Inc) <==== UWAGA

===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
HKU\S-1-5-18\...\Run: [] => [X]
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [Brak pliku]
FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [Brak pliku]
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [Brak pliku]
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [Brak pliku]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [Brak pliku]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin HKU\S-1-5-21-3111613574-2524581245-2586426736-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [Brak pliku]
CHR Extension: (Platnosci w sklepie Chrome Web Store) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-22]
CHR Extension: (Chrome Media Router) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-22]
CHR HKU\S-1-5-21-3111613574-2524581245-2586426736-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\PC\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <nie znaleziono>
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== UWAGA (Brak ServiceDLL)
U3 avm6e9uv; Brak ImagePath
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> Brak pliku
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> Brak pliku
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> Brak pliku
Task: {657E73F7-4E26-4A13-BB45-1AA5DA1C99CF} - \Aterrelegocotion Renew -> Brak pliku <==== UWAGA
Task: {7A94815A-E611-4057-91DF-D39CC4BA8791} - \ChelfNotify Task -> Brak pliku <==== UWAGA
Task: {908FCCD1-6BF7-421E-AE69-44B5E2DFF63A} - System32\Tasks\Java Update Registration => C:\Users\PC\AppData\Roaming\BANDISOFT\Java Update\jaureg.exe [2017-08-14] ()
Task: {9FF985B2-481C-4B2A-89C3-606FE9321D01} - \b2929b72a96a471893ecaa9c51368bae -> Brak pliku <==== UWAGA
Task: C:\Windows\Tasks\0214dUpdateInfo.job => C:\ProgramData\Avg_Update_0214d\0214d_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0414bUpdateInfo.job => C:\ProgramData\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe
C:\Windows\System32\Tasks\Java Update Registration
C:\Users\PC\AppData\Roaming\BANDISOFT\Java Update\jaureg.exe
AlternateDataStreams: C:\ProgramData:NT [40]
AlternateDataStreams: C:\ProgramData:NT2 [346]
AlternateDataStreams: C:\Users\All Users:NT [40]
AlternateDataStreams: C:\Users\All Users:NT2 [346]
AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
AlternateDataStreams: C:\ProgramData\Application Data:NT2 [346]
AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT [40]
AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2 [346]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [346]
AlternateDataStreams: C:\ProgramData\TEMP:DED17083 [294]
AlternateDataStreams: C:\Users\PC\Dane aplikacji:NT [40]
AlternateDataStreams: C:\Users\PC\Dane aplikacji:NT2 [346]
AlternateDataStreams: C:\Users\PC\AppData\Roaming:NT [40]
AlternateDataStreams: C:\Users\PC\AppData\Roaming:NT2 [346]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please let me know what problem persists with this computer.

#5 QBsheon

QBsheon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 19 August 2017 - 11:55 AM

Well, torch is not virus, its my browser.

I deleted folder C:\Users\PC\AppData\Roaming\BANDISOFT in which was jaureg.exe and i think i solved the problem.


Edited by QBsheon, 19 August 2017 - 11:56 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 AM

Posted 19 August 2017 - 01:14 PM

Hi

When Torch is installed by you from the owner's site there is not problems.

As the Article says, it may be malware when installed without your knowledge.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users