Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-10-2015 Ran by z00269rd (administrator) on WAW711096NB (17-10-2015 20:58:44) Running from C:\DYSK D\SZJ\Postępowanie w przypadku wykrycia naruszeń zasad Compliance - reguły prowadzenia procesu dyscyplinarnego Loaded Profiles: z00269rd (Available Profiles: z00269rd & z002ueza-a01) Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 10 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\nslsvice.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe () C:\ProgramData\DataCardService\HWDeviceService64.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe (IBM) C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRTScan.exe (O2Micro International) C:\Windows\SysWOW64\o2flash.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSierra.exe (Siemens AG) C:\Program Files\Siemens\UCMS\Core\UCMS.exe () C:\Program Files (x86)\OneClickInternet\WTGService.exe (Microsoft Corporation) C:\Windows\SysWOW64\CCM\CcmExec.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Atos IT Solutions and Services GmbH) C:\Program Files\CardOS API\bin\cardoscp.exe (Sonix) C:\Windows\vsnp2uvc.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Atos IT Solutions and Services Sp. z o.o.) C:\Program Files (x86)\Siemens\Quality Survey\hs.exe (TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe (Microsoft Corporation) C:\Windows\System32\wscript.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe (FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files (x86)\EMET 4.0\EMET_Agent.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNT.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TSC64.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2013-09-11] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663464 2013-09-11] (Realtek Semiconductor) HKLM\...\Run: [CardOS API] => C:\Program Files\CardOS API\bin\cardoscp.exe [169472 2013-09-11] (Atos IT Solutions and Services GmbH) HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [662016 2009-08-12] (Sonix) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM-x32\...\Run: [USM] => C:\Program Files (x86)\Siemens\USM\USM.exe [57344 2007-11-07] (Siemens AG) HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164712 2013-04-10] (Microsoft Corporation) HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2295992 2013-07-24] (Trend Micro Inc.) HKLM-x32\...\Run: [QualitySurvey] => C:\Program Files (x86)\Siemens\Quality Survey\hs.exe [172032 2014-03-21] (Atos IT Solutions and Services Sp. z o.o.) HKLM-x32\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [662016 2009-08-12] (Sonix) HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED) HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-06-16] (FUJITSU LIMITED) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.) HKLM-x32\...\Run: [Plus Internet] => C:\Program Files (x86)\Plus Internet\PlusInternetChecker.exe [492864 2012-04-20] () HKLM-x32\...\Run: [EMET Agent] => C:\Program Files (x86)\EMET 4.0\EMET_agent.exe [78496 2013-06-14] (Microsoft Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2670592 2015-06-01] (Sony Corporation) HKLM-x32\...\Run: [JavaProfileFix] => C:\Program Files (x86)\Java\Profile Fix\JAVA_Fix 4.exe [57344 2010-01-20] (Siemens and Partners) HKLM\...\RunOnce: [DCERegBootClean64] => C:\Windows\RegBootClean64.exe [240176 2015-10-17] (Trend Micro Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoPublishingWizard] 1 HKLM\...\Policies\Explorer: [NoWebServices] 1 HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1 HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1 HKLM\...\Policies\Explorer: [NoAutorun] 1 HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 1 HKU\S-1-5-21-1343024091-1935655697-839522115-42261\...\Run: [Siemens_HS] => C:\Program Files (x86)\Siemens\Quality Survey\hs.exe [172032 2014-03-21] (Atos IT Solutions and Services Sp. z o.o.) HKU\S-1-5-21-1343024091-1935655697-839522115-42261\...\Run: [Mobile Partner] => C:\Program Files (x86)\WEB Partner\WEB Partner HKU\S-1-5-21-1343024091-1935655697-839522115-42261\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom) HKU\S-1-5-21-1343024091-1935655697-839522115-42261\...\Run: [99] => wscript.exe //B "C:\Users\z00269rd\AppData\Roaming\99.vbs" HKU\S-1-5-21-1343024091-1935655697-839522115-42261\...\Policies\system: [HideLogonScripts] 0 HKU\S-1-5-21-1343024091-1935655697-839522115-42261\...\Policies\system: [HideLogoffScripts] 0 HKU\S-1-5-21-1343024091-1935655697-839522115-42261\...\Policies\system: [HideLegacyLogonScripts] 0 HKU\S-1-5-21-1343024091-1935655697-839522115-42261\...\Policies\Explorer: [NoStartMenuMyGames] 1 HKU\S-1-5-21-1343024091-1935655697-839522115-42261\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-1343024091-1935655697-839522115-42261\...\Policies\Explorer: [NoWindowsUpdate] 1 HKU\S-1-5-21-1343024091-1935655697-839522115-42261\...\Policies\Explorer: [NoInplaceSharing] 1 HKU\S-1-5-21-1343024091-1935655697-839522115-42261\...\MountPoints2: {639d4d10-d4e9-11e3-b74e-0023268c7df0} - D:\AutoRun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2013-09-12] ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe () Startup: C:\Users\z00269rd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\99_c94.VIR [2015-10-14] () CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [S-1-5-21-1343024091-1935655697-839522115-42261] => hxxp://proxyconf.siemens.pl/ Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{0A63797E-4C10-46C6-AF9B-3FF75C45B2A4}: [NameServer] 212.2.96.51 212.2.96.52 Tcpip\..\Interfaces\{EFFF7A3A-6336-4E09-A79C-832502BCB714}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1343024091-1935655697-839522115-42261\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1343024091-1935655697-839522115-42261\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1343024091-1935655697-839522115-42261\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://intranet.entry.siemens.com SearchScopes: HKU\S-1-5-21-1343024091-1935655697-839522115-42261 -> {D6A3FC93-699F-4880-B5A8-5583FFF78E82} URL = hxxps://www.google.com/search?q={searchTerms} BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg.dll [2013-07-01] (Trend Micro Inc.) BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg32.dll [2013-07-01] (Trend Micro Inc.) BHO-x32: PDFXChange 2012 -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} -> C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll [2013-02-25] (Tracker Software Products (Canada) Ltd.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-31] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-31] (Oracle Corporation) Toolbar: HKLM-x32 - PDFXChange 2012 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll [2013-02-25] (Tracker Software Products (Canada) Ltd.) DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {1ad2de06-0e2d-440a-ba6a-689a25c9c57c} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_Calendar.cab DPF: HKLM-x32 {25aeb462-f578-4c60-b373-1b031353c8b3} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_Test_Automation.cab DPF: HKLM-x32 {3DC87637-DE84-4C2C-A75F-7F5398F15670} hxxps://hdxsiebelservicep.ww005.siemens.net/eMedical_deu/18393/applets/SiebelAx_HI_Client.cab DPF: HKLM-x32 {453738a0-2128-485b-b017-d9dd3079099e} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_CTI_Toolbar.cab DPF: HKLM-x32 {461d6f62-dad7-4485-b024-20fe729b255c} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_Marketing_HTML_Editor.cab DPF: HKLM-x32 {484e693c-e417-48e7-8c6f-8f4604f1e660} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_iHelp.cab DPF: HKLM-x32 {546E50B3-FD7B-4DC3-925E-4F57A36646F2} hxxps://hdx-siebelservice-prod.siemens.com/emedical_eng/23030/applets/SiebelAx_Gantt_Chart.cab DPF: HKLM-x32 {56F93C40-C2AA-4918-B9E8-D280D2D0A3C4} hxxps://hdxsiebelservicep.ww005.siemens.net/eMedical_deu/18393/applets/SiebelAx_Gantt_Chart.cab DPF: HKLM-x32 {5b2405b8-fd81-4d43-962e-43242e24ee01} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_OutBound_mail.cab DPF: HKLM-x32 {5ce5859d-4e09-4b84-8969-028247c0d623} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_UInbox.cab DPF: HKLM-x32 {64c820cc-3e4c-4dfd-a06c-e4cd24577135} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_Marketing_Calendar.cab DPF: HKLM-x32 {6dd7f7e0-7b77-4b71-86bc-0dd0893f7e83} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_Smartscript.cab DPF: HKLM-x32 {7066F4E2-EABF-4F73-90E6-F01D18000F56} hxxp://localhost:8080/swservice/plugins/Annotation.cab DPF: HKLM-x32 {8c244272-1dc1-4ce7-9c6c-fabca09eb543} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_Desktop_Integration.cab DPF: HKLM-x32 {ab48b760-4d1a-42c6-8f2c-81ead95db518} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_Gantt_Chart.cab DPF: HKLM-x32 {abd4052a-554d-4ce4-8210-8689ea7bcfa5} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_Microsite_Layout.cab DPF: HKLM-x32 {b5d4d23e-58b1-4332-bdf1-d25adb99ccfd} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_HI_Client.cab DPF: HKLM-x32 {be780fb9-8d11-4025-9b58-b3dcbb96e37f} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_Marketing_Allocation.cab DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab DPF: HKLM-x32 {EFB7D763-97A3-11CF-AE19-00608CEADE00} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/iTools.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab DPF: HKLM-x32 {F8A5BF9B-0226-4C90-AA04-39E6099B3654} hxxps://hdx-siebelservice-prod.siemens.com/emedical_eng/23030/applets/SiebelAx_HI_Client.cab Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg.dll [2013-07-01] (Trend Micro Inc.) Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg32.dll [2013-07-01] (Trend Micro Inc.) FireFox: ======== FF ProfilePath: C:\Users\z00269rd\AppData\Roaming\Mozilla\Firefox\Profiles\lqmankyf.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-21] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-02-25] (Tracker Software Products (Canada) Ltd.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-02-25] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-28] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-09-07] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-02-25] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.75.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2015-07-31] (Oracle Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.79.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2015-07-31] (Oracle Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-31] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre1.7.0_75\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files (x86)\Java\jre1.7.0_79\bin\plugin2\npjp2.dll [2015-04-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-31] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-02-25] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-27] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2013-02-25] (Tracker Software Products (Canada) Ltd.) FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtension FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtension [2015-10-16] [not signed] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 LNSUSvc; C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe [189832 2011-09-16] (IBM Corp) R2 Lotus Notes Diagnostics; C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [4453768 2011-09-16] (IBM) R2 Lotus Notes Single Logon; C:\Program Files (x86)\IBM\Lotus\Notes\nslsvice.exe [62856 2011-09-16] (IBM Corp) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed] R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [3404832 2013-09-17] (Trend Micro Inc.) R2 O2Flash; C:\Windows\SysWOW64\o2flash.exe [65536 2007-02-13] (O2Micro International) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [494592 2015-06-01] (Sony Corporation) S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed] R2 QDLService2kSierra; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSierra.exe [331512 2010-08-12] (QUALCOMM, Inc.) S3 smstsmgr; C:\Windows\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation) R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [571928 2013-06-13] (Trend Micro Inc.) R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [3442640 2013-07-23] (Trend Micro Inc.) R3 TmProxy; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [917016 2013-07-01] (Trend Micro Inc.) R2 UCMS; C:\Program Files\Siemens\UCMS\core\ucms.exe [158208 2013-09-11] (Siemens AG) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WTGService; C:\Program Files (x86)\OneClickInternet\WTGService.exe [329168 2010-05-20] () ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BCMTPM; C:\Windows\system32\drivers\btpmwx64.sys [32096 2013-09-11] (Broadcom Corp.) R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] () S3 d554gps; C:\Windows\system32\drivers\d554gps64.sys [101416 2013-09-11] (Ericsson AB) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2013-09-11] (Ericsson AB) S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2013-09-11] (Ericsson AB) R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2013-09-11] (FUJITSU LIMITED) R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2013-09-11] (FUJITSU LIMITED) S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [411208 2013-09-11] (MCCI Corporation) S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [419912 2013-09-11] (MCCI Corporation) S3 O2MDFRDR; C:\Windows\system32\drivers\O2MDFxpx64.sys [71968 2013-09-11] (O2Micro ) R3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [58400 2009-05-13] (O2Micro ) S3 O2MDRRDR; C:\Windows\system32\drivers\O2MDRxpx64.sys [74400 2013-09-11] (O2Micro ) R3 O2SCBUS; C:\Windows\System32\DRIVERS\ozscrx64.sys [107808 2009-05-15] (O2Micro) R3 prepdrvr; C:\Windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation) S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation ) S3 RtsUIR; C:\Windows\system32\drivers\RtsUIR.sys [19968 2013-09-11] (Realtek Semiconductor Corp.) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3530624 2009-05-20] () R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [85376 2013-06-13] (Trend Micro Inc.) R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [173992 2013-06-27] (Trend Micro Inc.) R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [65336 2013-06-13] (Trend Micro Inc.) R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [351032 2014-08-30] (Trend Micro Inc.) R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [44856 2014-08-30] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [109080 2013-06-18] (Trend Micro Inc.) R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2316600 2014-08-30] (Trend Micro Inc.) S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-17 20:56 - 2015-10-17 20:59 - 00000000 ____D C:\FRST 2015-10-16 09:51 - 2015-10-17 21:02 - 00005936 _____ C:\Windows\RegBootClean64.CFG 2015-10-16 09:29 - 2015-10-16 09:29 - 00015097 _____ C:\Users\z00269rd\Desktop\Kopia badania_centralink (2).xlsx 2015-10-14 21:59 - 2015-10-14 22:00 - 00000000 ____D C:\Users\z00269rd\Desktop\Nowy folder (3) 2015-10-14 21:57 - 2015-09-07 20:37 - 106775432 ___SH C:\Users\z00269rd\Desktop\Lexmark_E260_ACG_Admin.exe 2015-10-14 21:54 - 2015-10-16 09:53 - 00000000 ___RD C:\Users\z00269rd\Desktop\Nowy folder (2) 2015-10-14 15:38 - 2014-02-24 09:29 - 00239543 ___SH C:\Users\z00269rd\AppData\Roaming\99.vbs 2015-10-14 15:37 - 2015-10-15 16:32 - 00086673 _____ C:\Users\z00269rd\Desktop\DEVPARAM A1200.xlsx 2015-10-13 20:28 - 2015-10-14 21:57 - 00000000 ____D C:\Users\z00269rd\Desktop\pen 13102015 2015-10-02 13:15 - 2015-10-02 13:15 - 00155312 _____ C:\Users\z00269rd\Desktop\output.csv 2015-09-28 10:02 - 2015-09-28 10:02 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-09-28 10:02 - 2015-09-28 10:02 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-09-25 15:27 - 2015-09-25 15:41 - 00000000 ____D C:\Users\z00269rd\Desktop\Nowy folder 2015-09-24 08:53 - 2015-09-24 08:53 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2015-09-23 14:11 - 2015-09-23 14:18 - 00000000 ____D C:\Users\z00269rd\Desktop\Koszalin 2015-09-21 16:51 - 2015-09-02 05:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-09-21 16:51 - 2015-09-02 05:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-21 16:51 - 2015-09-02 05:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-09-21 16:51 - 2015-09-02 05:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-09-21 16:51 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-09-21 16:51 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-09-21 16:51 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-09-21 16:51 - 2015-09-02 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-09-21 16:51 - 2015-09-02 03:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-21 16:51 - 2015-09-02 03:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-21 16:51 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-09-21 16:50 - 2015-08-22 16:40 - 14383616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-09-21 16:50 - 2015-08-22 16:40 - 13774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-09-21 16:50 - 2015-08-22 16:40 - 02865664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-09-21 16:50 - 2015-08-22 16:40 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-09-21 16:50 - 2015-08-22 16:40 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-09-21 16:50 - 2015-08-22 16:40 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-09-21 16:50 - 2015-08-22 16:40 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-09-21 16:50 - 2015-08-22 16:40 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-09-21 16:50 - 2015-08-22 16:40 - 00525312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-09-21 16:50 - 2015-08-22 16:40 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-09-21 16:50 - 2015-08-22 16:40 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-09-21 16:50 - 2015-08-22 16:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-09-21 16:50 - 2015-08-22 16:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-09-21 16:50 - 2015-08-22 16:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-09-21 16:50 - 2015-08-22 16:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-09-21 16:50 - 2015-08-22 16:40 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2015-09-21 16:50 - 2015-08-22 16:40 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-09-21 16:50 - 2015-08-22 16:40 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-09-21 16:50 - 2015-08-22 16:40 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-09-21 16:50 - 2015-08-22 16:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-09-21 16:50 - 2015-08-22 15:51 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-09-21 16:50 - 2015-08-22 15:51 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-09-21 16:50 - 2015-08-22 15:51 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-09-21 16:50 - 2015-08-22 15:51 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-09-21 16:50 - 2015-08-22 15:50 - 19291648 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-09-21 16:50 - 2015-08-22 15:50 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-09-21 16:50 - 2015-08-22 15:50 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-09-21 16:50 - 2015-08-22 15:50 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-09-21 16:50 - 2015-08-22 15:50 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-09-21 16:50 - 2015-08-22 15:50 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-09-21 16:50 - 2015-08-22 15:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-09-21 16:50 - 2015-08-22 15:50 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-09-21 16:50 - 2015-08-22 15:50 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-09-21 16:50 - 2015-08-22 15:50 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-09-21 16:50 - 2015-08-22 15:50 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-09-21 16:50 - 2015-08-22 15:50 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-09-21 16:50 - 2015-08-22 15:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-09-21 16:50 - 2015-08-22 15:50 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-09-21 16:50 - 2015-08-22 15:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-09-21 16:50 - 2015-08-22 15:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-09-21 16:50 - 2015-08-22 15:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-09-21 16:50 - 2015-08-20 20:53 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-09-21 16:50 - 2015-08-20 20:46 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-09-21 16:50 - 2015-08-20 20:21 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-09-21 16:50 - 2015-08-20 20:19 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-09-21 16:50 - 2015-08-20 19:56 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2015-09-21 16:50 - 2015-08-20 19:55 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2015-09-21 16:47 - 2015-08-05 19:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-09-21 16:47 - 2015-08-05 19:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-09-21 16:47 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-09-21 16:47 - 2015-08-04 20:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-09-21 16:47 - 2015-08-04 20:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-09-21 16:47 - 2015-08-04 19:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-09-21 16:47 - 2015-08-04 19:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-09-21 16:47 - 2015-08-04 19:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-09-21 16:47 - 2015-08-04 19:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-09-21 16:47 - 2015-08-04 19:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-09-21 16:47 - 2015-08-04 19:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-09-21 16:47 - 2015-08-04 18:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-09-21 16:40 - 2015-08-05 19:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-19 00:17 - 2015-09-19 21:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-17 21:02 - 2015-03-04 23:50 - 00240176 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe 2015-10-17 21:00 - 2009-07-14 06:45 - 00019120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-10-17 21:00 - 2009-07-14 06:45 - 00019120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-10-17 20:54 - 2013-09-11 00:47 - 00000000 ____D C:\Narzędzia 2015-10-17 20:50 - 2013-09-12 09:49 - 00000000 ____D C:\POCZTA 2015-10-17 20:46 - 2013-09-25 20:30 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-10-17 19:28 - 2015-09-02 13:37 - 00000931 _____ C:\Users\z00269rd\Desktop\SHARE EMEA & LAM (PKI).lnk 2015-10-17 19:27 - 2013-09-11 19:06 - 00000000 ____D C:\Windows\system32\log 2015-10-17 19:15 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\restore 2015-10-17 18:48 - 2013-09-11 18:26 - 01759208 _____ C:\Windows\WindowsUpdate.log 2015-10-17 11:12 - 2013-09-25 20:30 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-10-16 16:40 - 2013-09-12 14:22 - 00002114 _____ C:\Users\z00269rd\Desktop\WAW711096NB z00269rd.lnk 2015-10-16 16:24 - 2011-03-08 19:43 - 00812544 _____ C:\Users\z00269rd\Desktop\Pieniadze.xls 2015-10-16 15:50 - 2013-09-11 18:28 - 00007680 _____ C:\Windows\system32\config\netlogon.ftl 2015-10-16 15:49 - 2013-09-12 14:23 - 00000000 ____D C:\Users\z00269rd\Tracing 2015-10-16 15:49 - 2013-09-11 19:11 - 00009645 _____ C:\Windows\cfgall.ini 2015-10-16 11:29 - 2013-09-11 09:27 - 00000000 ____D C:\delegacje 2015-10-16 10:28 - 2015-06-16 17:31 - 00708608 _____ C:\Users\z00269rd\Desktop\kontakty.mdb 2015-10-16 10:28 - 2014-03-10 15:54 - 00000000 ____D C:\Users\z00269rd\Desktop\Wnioski do wypełnienia jak najszybciej 2015-10-16 10:27 - 2015-02-04 16:18 - 00000000 ____D C:\Program Files (x86)\Java 2015-10-16 10:01 - 2013-09-12 14:20 - 00060732 __RSH C:\Users\z00269rd\ntuser.pol 2015-10-16 10:01 - 2013-09-12 14:20 - 00000000 ____D C:\Users\z00269rd 2015-10-16 09:58 - 2013-09-24 13:50 - 00009842 _____ C:\Windows\TMFilter.log 2015-10-16 09:56 - 2014-03-31 16:43 - 05562860 _____ C:\Windows\SysWOW64\TmInstall.log 2015-10-16 09:56 - 2013-09-11 19:05 - 03189524 _____ C:\Windows\system32\TmInstall.log 2015-10-16 09:48 - 2013-08-27 09:16 - 00000509 _____ C:\Windows\SMSCFG.INI 2015-10-16 09:44 - 2013-09-12 09:02 - 00090328 _____ C:\SUService.log 2015-10-16 09:44 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-10-16 09:44 - 2009-07-14 06:51 - 00079626 _____ C:\Windows\setupact.log 2015-10-16 09:27 - 2011-03-08 19:43 - 00177152 _____ C:\Users\z00269rd\Desktop\Rozliczenie 2.xls 2015-10-15 17:06 - 2014-04-21 23:06 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-10-15 15:12 - 2013-09-11 20:14 - 00495326 __RSH C:\ProgramData\ntuser.pol 2015-10-15 12:04 - 2014-12-26 21:09 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-10-11 16:05 - 2013-09-11 01:00 - 00000000 ____D C:\Users\z00269rd\Desktop\AMEX 2015-10-09 11:31 - 2011-03-08 19:43 - 00005949 _____ C:\Users\z00269rd\Desktop\Lipski, Marcin - lipsmarx.PIN.txt 2015-09-30 11:36 - 2013-09-11 18:06 - 00774138 _____ C:\Windows\system32\perfh015.dat 2015-09-30 11:36 - 2013-09-11 18:06 - 00166668 _____ C:\Windows\system32\perfc015.dat 2015-09-30 11:36 - 2009-07-14 07:13 - 01760858 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-27 18:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-09-27 16:19 - 2009-07-14 06:45 - 00440832 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-27 16:15 - 2010-11-21 08:30 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-27 16:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-09-24 08:53 - 2015-01-24 17:06 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2015-09-19 21:57 - 2013-11-04 17:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-09-19 21:57 - 2010-11-21 05:47 - 00055802 _____ C:\Windows\PFRO.log 2015-09-18 23:41 - 2013-09-25 20:30 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-09-18 23:41 - 2013-09-25 20:30 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-09-18 14:50 - 2013-09-11 18:42 - 00000000 ____D C:\ProgramData\Microsoft Help ==================== Files in the root of some directories ======= 2014-02-15 23:11 - 2014-02-15 23:11 - 49940480 _____ () C:\Program Files (x86)\GUT4A98.tmp 2014-05-08 12:19 - 2014-05-08 12:19 - 6103040 _____ () C:\Program Files (x86)\GUT5C2E.tmp 2015-10-14 15:38 - 2014-02-24 09:29 - 0239543 ___SH () C:\Users\z00269rd\AppData\Roaming\99.vbs 2015-06-16 17:32 - 2015-06-16 17:36 - 0038471 _____ () C:\Users\z00269rd\AppData\Roaming\Microsoft Access 97-2003.ADR 2014-04-30 08:48 - 2014-04-30 08:48 - 0004096 ____H () C:\Users\z00269rd\AppData\Local\keyfile3.drm 2014-02-02 17:40 - 2014-02-02 17:40 - 0000017 _____ () C:\Users\z00269rd\AppData\Local\resmon.resmoncfg Some files in TEMP: ==================== C:\Users\waws0672\AppData\Local\Temp\vpnclient_setup.exe C:\Users\z00269rd\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\z00269rd\AppData\Local\Temp\dsHostCheckerSetup.exe C:\Users\z00269rd\AppData\Local\Temp\ICReinstall_EasyRecovery-Home(11720)-dp.exe C:\Users\z00269rd\AppData\Local\Temp\JuniperSetupClientInstaller.exe C:\Users\z00269rd\AppData\Local\Temp\neoNCSetup64.exe C:\Users\z00269rd\AppData\Local\Temp\ResetDevice.exe C:\Users\z00269rd\AppData\Local\Temp\SkypeSetup.exe C:\Users\z00269rd\AppData\Local\Temp\vlc-2.1.3-win32.exe C:\Users\z00269rd\AppData\Local\Temp\vlc-2.1.5-win32.exe C:\Users\z00269rd\AppData\Local\Temp\vlc-2.2.1-win32.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-10-11 18:06 ==================== End of FRST.txt ============================