E-Peek v 1.9.9.0 ENHANCED 4 © Emphyrio/Onsia Patrick 2013-2016 [url=http://www.antimalwarehelp.be/EDev/Tools/E-Peek/EPeekDL.html]E Dev[/url] Run at Pn 29 sie 2016 22:51 . Windows 7 Ultimate (64 bits) C:\Windows [NTFS - Fixed] Default Browser: Internet Explorer Boot mode: Normal boot User logged in: Dominik . Java x86: n/a Java x64: n/a . AS : Windows Defender [Updated - Running] FW : Windows firewall . ==================== Files and Folders history ================================= Folders Created Last 7 days : 29-08-2016 ##### r-h-s-d+a- C:\Users\Dominik\AppData\Roaming\E Dev 29-08-2016 ##### r-h-s-d+a- C:\Program Files (x86)\E Dev 29-08-2016 ##### r-h-s-d+a- C:\FRST Files Modified Last 7 days : 29-08-2016 00010016 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 29-08-2016 00010016 r-h+s-d-a+ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 28-08-2016 04911320 r-h-s-d-a+ C:\Windows\system32\FNTCACHE.DAT Files Created Last 7 days : 23-08-2016 00001496 r-h-s-d-a+ C:\Users\Dominik\AppData\Local\Adobe Zapisz dla Internetu 13.0 Prefs ==================== RUNNING PROCESSES ========================================= [aswMBR] -Dominik- C:\Users\Dominik\Downloads\aswMBR.exe - (AVAST Software) [audiodg] -USŁUGA LOKALNA- C:\Windows\System32\audiodg.exe - (audiodg.exe) [chrome] -Dominik- C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe - (Google Inc.) [chrome] -Dominik- C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe - (Google Inc.) [chrome] -Dominik- C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe - (Google Inc.) [chrome] -Dominik- C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe - (Google Inc.) [chrome] -Dominik- C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe - (Google Inc.) [chrome] -Dominik- C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe - (Google Inc.) [chrome] -Dominik- C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe - (Google Inc.) [chrome] -Dominik- C:\Users\Dominik\AppData\Local\Google\Chrome\Application\chrome.exe - (Google Inc.) [conhost] -SYSTEM- C:\Windows\system32\conhost.exe - (Microsoft Corporation) [conhost] -SYSTEM- C:\Windows\system32\conhost.exe - (Microsoft Corporation) [csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation) [csrss] -SYSTEM- C:\Windows\system32\csrss.exe - (Microsoft Corporation) [dwm] -Dominik- C:\Windows\system32\Dwm.exe - (Microsoft Corporation) [E-Peek 1.9.9.0] -Dominik- C:\Program Files (x86)\E Dev\E-Peek\E-Peek 1.9.9.0.exe - (E Dev) [ETGMSrv] -SYSTEM- C:\Program Files (x86)\MSI Gaming Series\Interceptor DS100\ETGMSrv.exe - () [explorer] -Dominik- C:\Windows\Explorer.EXE - (Microsoft Corporation) [FRST64] -Dominik- C:\Users\Dominik\Downloads\FRST64.exe - (Farbar) [GfExperienceService] -SYSTEM- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe - (NVIDIA Corporation) [lsass] -SYSTEM- C:\Windows\system32\lsass.exe - (Microsoft Corporation) [lsm] -SYSTEM- C:\Windows\system32\lsm.exe - (Microsoft Corporation) [msiexec] -SYSTEM- C:\Windows\system32\msiexec.exe - (Microsoft Corporation) [notepad] -Dominik- C:\Windows\system32\notepad.exe - (Microsoft Corporation) [notepad] -Dominik- C:\Windows\system32\notepad.exe - (Microsoft Corporation) [notepad] -Dominik- C:\Windows\system32\notepad.exe - (Microsoft Corporation) [NvBackend] -Dominik- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe - (NVIDIA Corporation) [NvNetworkService] -SYSTEM- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe - (NVIDIA Corporation) [nvscpapisvr] -SYSTEM- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe - (NVIDIA Corporation) [NvStreamNetworkService] -USŁUGA SIECIOWA- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe - (NVIDIA Corporation) [NvStreamService] -SYSTEM- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe - (NVIDIA Corporation) [NvStreamUserAgent] -SYSTEM- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe - (NVIDIA Corporation) [nvtray] -Dominik- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe - (NVIDIA Corporation) [nvvsvc] -SYSTEM- C:\Windows\system32\nvvsvc.exe - (NVIDIA Corporation) [nvxdsync] -SYSTEM- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe - (NVIDIA Corporation) [RAVCpl64] -Dominik- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe - (Realtek Semiconductor) [raysat_3dsmax2010_32server] -SYSTEM- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe - () [raysat_3dsmax2010_64server] -SYSTEM- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe - () [RtlService] -SYSTEM- C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe - (Realtek Semiconductor Corp.) [SearchFilterHost] -SYSTEM- C:\Windows\system32\SearchFilterHost.exe - (Microsoft Corporation) [SearchIndexer] -SYSTEM- C:\Windows\system32\SearchIndexer.exe - (Microsoft Corporation) [SearchProtocolHost] -SYSTEM- C:\Windows\system32\SearchProtocolHost.exe - (Microsoft Corporation) [services] -SYSTEM- C:\Windows\system32\services.exe - (Microsoft Corporation) [Skype] -Dominik- C:\Program Files (x86)\Skype\Phone\Skype.exe - (Skype Technologies S.A.) [smss] -SYSTEM- C:\Windows\system32\smss.exe - (Microsoft Corporation) [SMSvcHost] -USŁUGA LOKALNA- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe - (Microsoft Corporation) [spoolsv] -SYSTEM- C:\Windows\System32\spoolsv.exe - (Microsoft Corporation) [System] -N/A- - (System) [taskhost] -Dominik- C:\Windows\system32\taskhost.exe - (Microsoft Corporation) [ts3client_win32] -Dominik- C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe - (TeamSpeak Systems GmbH) [wininit] -SYSTEM- C:\Windows\system32\wininit.exe - (Microsoft Corporation) [winlogon] -SYSTEM- C:\Windows\system32\winlogon.exe - (Microsoft Corporation) [wlanext] -SYSTEM- C:\Windows\system32\WLANExt.exe - (Microsoft Corporation) [WmiPrvSE] -USŁUGA SIECIOWA- C:\Windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation) [wmpnetwk] -USŁUGA SIECIOWA- C:\Program Files\Windows Media Player\wmpnetwk.exe - (Microsoft Corporation) ==================== IE PAGES ================================================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 Local Page = C:\Windows\SysWOW64\blank.htm Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} DisplayName = @ieframe.dll,-12512 URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC ==================== IE PAGES x64 ============================================== HKLM\Software\Microsoft\Internet Explorer\Main Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 Local Page = C:\Windows\System32\blank.htm Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\SearchScopes DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} DisplayName = @ieframe.dll,-12512 URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC ==================== Auto Load ================================================= HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit = userinit.exe Shell = explorer.exe ==================== Auto Load x64 ============================================= HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit = C:\Windows\system32\userinit.exe, Shell = explorer.exe ==================== Browsers present ========================================== Google Chrome.5N7W5LXKGLVXXITZZEPTBRNB2A IEXPLORE.EXE ==================== Windows Host File ========================================= ==================== Auto Start Programs ======================================= HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run SwitchBoard = C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun ==================== Auto Start Programs x64 =================================== HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx RTHDVCPL = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s HKCU\Software\Microsoft\Windows\CurrentVersion\Run Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun ==================== Extra Items IE ============================================ HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP 1.1 settings HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\PRINT @ Text = Printing HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\SEARCHING @ Text = Search from the Address bar ==================== Extra Items IE x64 ======================================== HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE @ Text = Browsing HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO @ Text = Security HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\HTTP @ Text = HTTP 1.1 settings HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\INTERNATIONAL @ Text = International HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA @ Text = Multimedia HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\PRINT @ Text = Printing HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\SEARCHING @ Text = Search from the Address bar ==================== Internet Default Prefix =================================== HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix Default = http:// HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes WWW = http:// ==================== Internet Default Prefix x64 =============================== HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix Default = http:// HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes WWW = http:// ==================== ShellServiceObjectDelayLoad =============================== HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present] ==================== ShellServiceObjectDelayLoad x64 ========================= HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} => HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} [CLSID not present] ==================== Extra (Torpig/ConduitSearch) ============================== HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ Default = {217FC9C0-3AEA-1069-A2DB-08002B30309D} => HKCR\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32 @ Default = C:\Windows\system32\shell32.dll HKCR\Directory\shellex\CopyHookHandlers\Sharing @ Default = {40dd6e20-7c17-11ce-a804-00aa003ca9f6} => HKCR\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32 @ Default = C:\Windows\system32\ntshrui.dll ==================== DRIVERS and SERVICES ====================================== *** Win32OwnProcess *** SERV - R2 - [ETGMGlcsSrv] - ET Gaming Mouse Service - c:\program files (x86)\msi gaming series\interceptor ds100\etgmsrv.exe SERV - R2 - [GfExperienceService] - NVIDIA GeForce Experience Service - c:\program files\nvidia corporation\geforce experience service\gfexperienceservice.exe SERV - R2 - [mi-raysat_3dsmax2010_32] - mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit - c:\program files (x86)\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe SERV - R2 - [mi-raysat_3dsmax2010_64] - mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit - c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe SERV - R2 - [NvNetworkService] - NVIDIA Network Service - c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe SERV - R2 - [NvStreamSvc] - NVIDIA Streamer Service - c:\program files\nvidia corporation\nvstreamsrv\nvstreamservice.exe SERV - R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe SERV - R2 - [RealtekCU] - RealtekCU - c:\program files (x86)\realtek\usb wireless lan utility\rtlservice.exe SERV - R2 - [Stereo Service] - NVIDIA Stereoscopic 3D Driver Service - c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe SERV - R2 - [WMPNetworkSvc] - Usługa udostępniania w sieci programu Windows Media Player - c:\program files\windows media player\wmpnetwk.exe SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe SERV - R3 - [msiserver] - Instalator Windows - c:\windows\system32\msiexec.exe SERV - R3 - [NvStreamNetworkSvc] - NVIDIA Streamer Network Service - c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe SERV - S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe SERV - S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe SERV - S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe SERV - S2 - [sppsvc] - Ochrona oprogramowania - c:\windows\system32\sppsvc.exe SERV - S3 - [ALG] - Usługa bramy warstwy aplikacji - c:\windows\system32\alg.exe SERV - S3 - [aspnet_state] - „Usługa stanu ASP.NET - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe SERV - S3 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe SERV - S3 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe SERV - S3 - [COMSysApp] - Aplikacja systemowa modelu COM+ - c:\windows\system32\dllhost.exe SERV - S3 - [ehRecvr] - Usługa Odbiornik Windows Media Center - c:\windows\ehome\ehrecvr.exe SERV - S3 - [ehSched] - Usługa harmonogramu programu Windows Media Center - c:\windows\ehome\ehsched.exe SERV - S3 - [Fax] - Faks - c:\windows\system32\fxssvc.exe SERV - S3 - [FLEXnet Licensing Service 64] - FLEXnet Licensing Service 64 - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice64.exe SERV - S3 - [FLEXnet Licensing Service] - FLEXnet Licensing Service - c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe SERV - S3 - [FontCache3.0.0.0] - Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe SERV - S3 - [MSDTC] - Koordynator transakcji rozproszonych - c:\windows\system32\msdtc.exe SERV - S3 - [PerfHost] - Host bibliotek DLL liczników wydajności - c:\windows\syswow64\perfhost.exe SERV - S3 - [RpcLocator] - Lokalizator usługi zdalnego wywołania procedury (RPC) - c:\windows\system32\locator.exe SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe SERV - S3 - [SwitchBoard] - SwitchBoard - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe SERV - S3 - [TrustedInstaller] - Instalator modułów systemu Windows - c:\windows\servicing\trustedinstaller.exe SERV - S3 - [TunngleService] - TunngleService - c:\program files (x86)\tunngle\tnglctrl.exe SERV - S3 - [vds] - Dysk wirtualny - c:\windows\system32\vds.exe SERV - S3 - [VSS] - Kopiowanie woluminów w tle - c:\windows\system32\vssvc.exe SERV - S3 - [wbengine] - Usługa Aparat kopii zapasowej na poziomie bloku - c:\windows\system32\wbengine.exe SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe *** Win32ShareProcess *** SERV - R2 - [NetPipeActivator] - Adapter odbiornika Net.Pipe - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe SERV - R2 - [NetTcpActivator] - Adapter odbiornika Net.Tcp - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe SERV - R2 - [SamSs] - Menedżer kont zabezpieczeń - c:\windows\system32\lsass.exe SERV - R3 - [KeyIso] - Izolacja klucza CNG - c:\windows\system32\lsass.exe SERV - R3 - [NetTcpPortSharing] - Usługa udostępniania portów Net.Tcp - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe SERV - S3 - [EFS] - System szyfrowania plików (EFS) - c:\windows\system32\lsass.exe SERV - S3 - [idsvc] - Windows CardSpace - c:\windows\microsoft.net\framework64\v3.0\windows communication foundation\infocard.exe SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe SERV - S3 - [ProtectedStorage] - Magazyn chroniony - c:\windows\system32\lsass.exe SERV - S3 - [VaultSvc] - Menedżer poświadczeń - c:\windows\system32\lsass.exe SERV - S4 - [NetMsmqActivator] - Adapter odbiornika Net.Msmq - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe *** Others *** SERV - R2 - [Spooler] - Bufor wydruku - c:\windows\system32\spoolsv.exe SERV - S3 - [UI0Detect] - Wykrywanie usług interakcyjnych - c:\windows\system32\ui0detect.exe *** File System Driver *** DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys DRV - R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys DRV - R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys DRV - R3 - [srv] - Sterownik serwera SMB 1.xxx - C:\Windows\system32\Drivers\srv.sys DRV - R3 - [srv2] - Sterownik serwera SMB 2.xxx - C:\Windows\system32\Drivers\srv2.sys *** Kernel Driver *** DRV - R0 - [ACPI] - Sterownik Microsoft ACPI - C:\Windows\system32\Drivers\ACPI.sys DRV - R0 - [amdsata] - amdsata - C:\Windows\system32\Drivers\amdsata.sys DRV - R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys DRV - R0 - [atapi] - Kanał IDE - C:\Windows\system32\Drivers\atapi.sys DRV - R0 - [AtiPcie] - AMD PCI Express (3GIO) Filter - C:\Windows\system32\Drivers\AtiPcie.sys DRV - R0 - [CLFS] - System Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x] DRV - R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys DRV - R0 - [Disk] - Sterownik dysku - C:\Windows\system32\Drivers\Disk.sys DRV - R0 - [fvevol] - Sterownik filtru szyfrowania dysków funkcją BitLocker - C:\Windows\system32\Drivers\fvevol.sys DRV - R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys DRV - R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys DRV - R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys DRV - R0 - [mountmgr] - Menedżer punktów instalacji - C:\Windows\system32\Drivers\mountmgr.sys DRV - R0 - [msahci] - msahci - C:\Windows\system32\Drivers\msahci.sys DRV - R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys DRV - R0 - [NDIS] - Sterownik systemowy NDIS - C:\Windows\system32\Drivers\NDIS.sys DRV - R0 - [partmgr] - Menedżer partycji - C:\Windows\system32\Drivers\partmgr.sys DRV - R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys DRV - R0 - [pciide] - pciide - C:\Windows\system32\Drivers\pciide.sys DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys DRV - R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys DRV - R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys DRV - R0 - [storflt] - Sterownik filtru przyspieszania magistrali dyskowej maszyny wirtualnej - C:\Windows\system32\Drivers\storflt.sys [x] DRV - R0 - [Tcpip] - Sterownik protokołu TCP/IP - C:\Windows\system32\Drivers\Tcpip.sys DRV - R0 - [vdrvroot] - Sterownik modułu wyliczającego dysku wirtualnego Microsoft - C:\Windows\system32\Drivers\vdrvroot.sys DRV - R0 - [volmgr] - Sterownik Menedżera woluminów - C:\Windows\system32\Drivers\volmgr.sys DRV - R0 - [volmgrx] - Menedżer woluminów dynamicznych - C:\Windows\system32\Drivers\volmgrx.sys DRV - R0 - [volsnap] - Woluminy magazynu - C:\Windows\system32\Drivers\volsnap.sys DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys DRV - R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys DRV - R1 - [tdx] - Sterownik obsługi starszych urządzeń TDI NetIO - C:\Windows\system32\Drivers\tdx.sys DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys ==================== SvcHost - White Listed ==================================== HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost@apphost apphostsvc = ServiceDll = C:\Windows\system32\inetsrv\apphostsvc.dll [03fbb7c5ea4ef153f10282614b9771cb] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost@iissvcs w3svc = ServiceDll = C:\Windows\system32\inetsrv\iisw3adm.dll [06d2b9bc146bb0f45f45ff7a296d50c4] was = ServiceDll = C:\Windows\system32\inetsrv\iisw3adm.dll [06d2b9bc146bb0f45f45ff7a296d50c4] ==================== SvcHost x64 - White Listed ================================ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost@apphost apphostsvc = ServiceDll = C:\Windows\system32\inetsrv\apphostsvc.dll [03fbb7c5ea4ef153f10282614b9771cb] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost@iissvcs w3svc = ServiceDll = C:\Windows\system32\inetsrv\iisw3adm.dll [06d2b9bc146bb0f45f45ff7a296d50c4] was = ServiceDll = C:\Windows\system32\inetsrv\iisw3adm.dll [06d2b9bc146bb0f45f45ff7a296d50c4] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost@LocalServiceAndNoImpersonation FontCache = ServiceDll = C:\Windows\system32\FntCache.dll [8ac4cb4ea61e41009fae9ae7b2b5da3a] Mcx2Svc = ServiceDll = C:\Windows\system32\Mcx2Svc.dll [f84c8f1000bc11e3b7b23cbd3baff111] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost@LocalSystemNetworkRestricted CscService = ServiceDll = C:\Windows\System32\cscsvc.dll [873fbf927c06e5cee04dec617502f8fd] UmRdpService = ServiceDll = C:\Windows\System32\umrdp.dll [af0ac98ee5077eb844413eb54287fde3] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost@PeerDist PeerDistSvc = ServiceDll = C:\Windows\system32\peerdistsvc.dll [b9b0a4299dd2d76a4243f75fd54dc680] ==================== SigCheck x86 Fast ========================================= Fast Scan All ok ==================== SigCheck x64 Fast ========================================= Fast Scan All ok ==================== Job tasks at C:\Windows\Tasks ============================= C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-825466105-1952402777-1585990781-1000Core.job 1014 bytes [ 2016-08-15 13:25:19 ] C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-825466105-1952402777-1585990781-1000UA.job 1066 bytes [ 2016-08-15 13:25:21 ] C:\Windows\Tasks\SA.DAT 6 bytes [ 2009-07-14 07:08:49 ] C:\Windows\Tasks\SCHEDLGU.TXT 32608 bytes [ 2009-07-14 07:08:49 ] ==================== Job tasks at C:\Windows\system32\Tasks ==================== C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-825466105-1952402777-1585990781-1000Core 3644 bytes [ 2016-08-15 13:25:19 ] => C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-825466105-1952402777-1585990781-1000UA 4040 bytes [ 2016-08-15 13:25:21 ] => C:\Users\Dominik\AppData\Local\Google\Update\GoogleUpdate.exe C:\Windows\system32\Tasks\{08D31A58-AB89-4734-B4CF-5E5E5DEE6ED4} 3172 bytes [ 2016-05-31 16:09:44 ] => C:\Windows\system32\pcalua.exe ==================== Job tasks at C:\Windows\SysWOW64\Tasks ==================== There are no .job files found. ==================== End scanning at Pn 29 sie 2016 22:51 (0 Min 16 Sec ) ======