Explorer.exe nie uruchamia się

**Posty:** 6 · przez **kropecznik** 23 Mar 2016, 21:04

Od wczoraj mam mega problemy z kompem. Najpierw ściągnąłem skądś jakąś podróbkę Google o nazwie hohosearch, potem zaczęły mi się w Windowsie pojawiać jakieś reklamy w stylu "Do you want to know how to earn $3,572 a day in Poland? Watch this video!", a teraz mam jeszcze problem z włączaniem Windowsa. Włączając Windowsa mam czarny ekran z okienkiem "Ustawienia hosta skryptów systemu Windows" - żeby odpalić Windę muszę wejść w Menedżer zadań -> Nowe zadanie -> explorer.exe.

Skanowałem system Malwarebytes Anti-Malware Premium 2.2.1.1043 (bodaj 1482 zagrożenia usunięte) oraz SpyHunter 4 (ponad 3700 zagrożeń usuniętych) i nadal dzieją się jakieś cuda. Dodatkowo od kiedy zasyfiłem sobie komputer wspomnianym wyżej hohosearchem, jak włączam Firefoxa z paska zadań, to ikonka zamiast podświetlić się że FF jest włączony, FF włącza się obok - jak na screenie.

Załączam logi:

Kod: Zaznacz wszystko: GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-03-23 19:40:29 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAJB-00TYA0 rev.00.02C01 298,09GB Running: o3f4mudb.exe; Driver: C:\Users\KROPEC~1\AppData\Local\Temp\fxrdqpog.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0x8E70D370] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0x8E70D430] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0x8E70D3F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0x8E70D3B0] ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C88A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CC2212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 1203 82CC9598 4 Bytes [70, D3, 70, 8E] {JO 0xffffffd5; JO 0xffffff92} .text ntkrnlpa.exe!KeRemoveQueueEx + 1313 82CC96A8 4 Bytes [30, D4, 70, 8E] {XOR AH, DL; JO 0xffffff92} .text ntkrnlpa.exe!KeRemoveQueueEx + 161F 82CC99B4 4 Bytes [F0, D3, 70, 8E] {SAL [EAX-0x72], CL} .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82CC99FC 4 Bytes [B0, D3, 70, 8E] {MOV AL, 0xd3; JO 0xffffff92} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8FE16000, 0x2BFBF0, 0xE8000020] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtCreateFile + 6 7700560E 4 Bytes [28, 58, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtCreateFile + B 77005613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtMapViewOfSection + 6 77005C6E 4 Bytes [28, 5B, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtMapViewOfSection + B 77005C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenFile + 6 77005D1E 4 Bytes [68, 58, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenFile + B 77005D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenProcess + 6 77005DCE 4 Bytes [A8, 59, B4, 00] {TEST AL, 0x59; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenProcess + B 77005DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenProcessToken + 6 77005DDE 4 Bytes CALL 7601123C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenProcessToken + B 77005DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenProcessTokenEx + 6 77005DEE 4 Bytes [A8, 5A, B4, 00] {TEST AL, 0x5a; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenProcessTokenEx + B 77005DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenThread + 6 77005E4E 4 Bytes [68, 59, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenThread + B 77005E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenThreadToken + 6 77005E5E 4 Bytes [68, 5A, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenThreadToken + B 77005E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenThreadTokenEx + 6 77005E6E 4 Bytes CALL 760112CD C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenThreadTokenEx + B 77005E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtQueryAttributesFile + 6 77005F7E 4 Bytes [A8, 58, B4, 00] {TEST AL, 0x58; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtQueryAttributesFile + B 77005F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtQueryFullAttributesFile + 6 7700602E 4 Bytes CALL 7601148B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtQueryFullAttributesFile + B 77006033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtSetInformationFile + 6 7700667E 4 Bytes [28, 59, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtSetInformationFile + B 77006683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtSetInformationThread + 6 770066DE 4 Bytes [28, 5A, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtSetInformationThread + B 770066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtUnmapViewOfSection + 6 770069FE 4 Bytes [68, 5B, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtUnmapViewOfSection + B 77006A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtCreateFile + 6 7700560E 4 Bytes [28, 3C, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtCreateFile + B 77005613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtMapViewOfSection + 6 77005C6E 4 Bytes [28, 3F, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtMapViewOfSection + B 77005C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenFile + 6 77005D1E 4 Bytes [68, 3C, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenFile + B 77005D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenProcess + 6 77005DCE 4 Bytes [A8, 3D, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenProcess + B 77005DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenProcessToken + 6 77005DDE 4 Bytes CALL 7600C620 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenProcessToken + B 77005DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenProcessTokenEx + 6 77005DEE 4 Bytes [A8, 3E, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenProcessTokenEx + B 77005DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenThread + 6 77005E4E 4 Bytes [68, 3D, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenThread + B 77005E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenThreadToken + 6 77005E5E 4 Bytes [68, 3E, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenThreadToken + B 77005E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenThreadTokenEx + 6 77005E6E 4 Bytes CALL 7600C6B1 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtOpenThreadTokenEx + B 77005E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtQueryAttributesFile + 6 77005F7E 4 Bytes [A8, 3C, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtQueryAttributesFile + B 77005F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtQueryFullAttributesFile + 6 7700602E 4 Bytes CALL 7600C86F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtQueryFullAttributesFile + B 77006033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtSetInformationFile + 6 7700667E 4 Bytes [28, 3D, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtSetInformationFile + B 77006683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtSetInformationThread + 6 770066DE 4 Bytes [28, 3E, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtSetInformationThread + B 770066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtUnmapViewOfSection + 6 770069FE 4 Bytes [68, 3F, 68, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[516] ntdll.dll!NtUnmapViewOfSection + B 77006A03 1 Byte [E2] .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1780] kernel32.dll!SetUnhandledExceptionFilter 7560F4EB 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtCreateFile + 6 7700560E 4 Bytes [28, 7C, 4C, 00] {SUB [ESP+ECX*2+0x0], BH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtCreateFile + B 77005613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtMapViewOfSection + 6 77005C6E 4 Bytes [28, 7F, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtMapViewOfSection + B 77005C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenFile + 6 77005D1E 4 Bytes [68, 7C, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenFile + B 77005D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenProcess + 6 77005DCE 4 Bytes [A8, 7D, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenProcess + B 77005DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenProcessToken + 6 77005DDE 4 Bytes CALL 7600AA60 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenProcessToken + B 77005DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenProcessTokenEx + 6 77005DEE 4 Bytes [A8, 7E, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenProcessTokenEx + B 77005DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenThread + 6 77005E4E 4 Bytes [68, 7D, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenThread + B 77005E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenThreadToken + 6 77005E5E 4 Bytes [68, 7E, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenThreadToken + B 77005E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenThreadTokenEx + 6 77005E6E 4 Bytes CALL 7600AAF1 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtOpenThreadTokenEx + B 77005E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtQueryAttributesFile + 6 77005F7E 4 Bytes [A8, 7C, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtQueryAttributesFile + B 77005F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtQueryFullAttributesFile + 6 7700602E 4 Bytes CALL 7600ACAF C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtQueryFullAttributesFile + B 77006033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtSetInformationFile + 6 7700667E 4 Bytes [28, 7D, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtSetInformationFile + B 77006683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtSetInformationThread + 6 770066DE 4 Bytes [28, 7E, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtSetInformationThread + B 770066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtUnmapViewOfSection + 6 770069FE 4 Bytes [68, 7F, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2156] ntdll.dll!NtUnmapViewOfSection + B 77006A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtCreateFile + 6 7700560E 4 Bytes [28, D0, 7F, 00] {SUB AL, DL; JG 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtCreateFile + B 77005613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtMapViewOfSection + 6 77005C6E 4 Bytes [28, D3, 7F, 00] {SUB BL, DL; JG 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtMapViewOfSection + B 77005C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenFile + 6 77005D1E 4 Bytes [68, D0, 7F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenFile + B 77005D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenProcess + 6 77005DCE 4 Bytes [A8, D1, 7F, 00] {TEST AL, 0xd1; JG 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenProcess + B 77005DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenProcessToken + 6 77005DDE 4 Bytes CALL 7600DDB4 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenProcessToken + B 77005DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenProcessTokenEx + 6 77005DEE 4 Bytes [A8, D2, 7F, 00] {TEST AL, 0xd2; JG 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenProcessTokenEx + B 77005DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenThread + 6 77005E4E 4 Bytes [68, D1, 7F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenThread + B 77005E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenThreadToken + 6 77005E5E 4 Bytes [68, D2, 7F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenThreadToken + B 77005E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenThreadTokenEx + 6 77005E6E 4 Bytes CALL 7600DE45 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtOpenThreadTokenEx + B 77005E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtQueryAttributesFile + 6 77005F7E 4 Bytes [A8, D0, 7F, 00] {TEST AL, 0xd0; JG 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtQueryAttributesFile + B 77005F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtQueryFullAttributesFile + 6 7700602E 4 Bytes CALL 7600E003 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtQueryFullAttributesFile + B 77006033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtSetInformationFile + 6 7700667E 4 Bytes [28, D1, 7F, 00] {SUB CL, DL; JG 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtSetInformationFile + B 77006683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtSetInformationThread + 6 770066DE 4 Bytes [28, D2, 7F, 00] {SUB DL, DL; JG 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtSetInformationThread + B 770066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtUnmapViewOfSection + 6 770069FE 4 Bytes [68, D3, 7F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2212] ntdll.dll!NtUnmapViewOfSection + B 77006A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtCreateFile + 6 7700560E 4 Bytes [28, 40, 1F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtCreateFile + B 77005613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtMapViewOfSection + 6 77005C6E 4 Bytes [28, 43, 1F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtMapViewOfSection + B 77005C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenFile + 6 77005D1E 4 Bytes [68, 40, 1F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenFile + B 77005D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcess + 6 77005DCE 4 Bytes [A8, 41, 1F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcess + B 77005DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcessToken + 6 77005DDE 4 Bytes CALL 76007D24 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcessToken + B 77005DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcessTokenEx + 6 77005DEE 4 Bytes [A8, 42, 1F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcessTokenEx + B 77005DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThread + 6 77005E4E 4 Bytes [68, 41, 1F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThread + B 77005E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThreadToken + 6 77005E5E 4 Bytes [68, 42, 1F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThreadToken + B 77005E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThreadTokenEx + 6 77005E6E 4 Bytes CALL 76007DB5 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThreadTokenEx + B 77005E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtQueryAttributesFile + 6 77005F7E 4 Bytes [A8, 40, 1F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtQueryAttributesFile + B 77005F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtQueryFullAttributesFile + 6 7700602E 4 Bytes CALL 76007F73 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtQueryFullAttributesFile + B 77006033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtSetInformationFile + 6 7700667E 4 Bytes [28, 41, 1F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtSetInformationFile + B 77006683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtSetInformationThread + 6 770066DE 4 Bytes [28, 42, 1F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtSetInformationThread + B 770066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtUnmapViewOfSection + 6 770069FE 4 Bytes [68, 43, 1F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtUnmapViewOfSection + B 77006A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtCreateFile + 6 7700560E 4 Bytes [28, 74, 56, 00] {SUB [ESI+EDX*2+0x0], DH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtCreateFile + B 77005613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtMapViewOfSection + 6 77005C6E 4 Bytes [28, 77, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtMapViewOfSection + B 77005C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenFile + 6 77005D1E 4 Bytes [68, 74, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenFile + B 77005D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcess + 6 77005DCE 4 Bytes [A8, 75, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcess + B 77005DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcessToken + 6 77005DDE 4 Bytes CALL 7600B458 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcessToken + B 77005DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcessTokenEx + 6 77005DEE 4 Bytes [A8, 76, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenProcessTokenEx + B 77005DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThread + 6 77005E4E 4 Bytes [68, 75, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThread + B 77005E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThreadToken + 6 77005E5E 4 Bytes [68, 76, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThreadToken + B 77005E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThreadTokenEx + 6 77005E6E 4 Bytes CALL 7600B4E9 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtOpenThreadTokenEx + B 77005E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtQueryAttributesFile + 6 77005F7E 4 Bytes [A8, 74, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtQueryAttributesFile + B 77005F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtQueryFullAttributesFile + 6 7700602E 4 Bytes CALL 7600B6A7 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtQueryFullAttributesFile + B 77006033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtSetInformationFile + 6 7700667E 4 Bytes [28, 75, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtSetInformationFile + B 77006683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtSetInformationThread + 6 770066DE 4 Bytes [28, 76, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtSetInformationThread + B 770066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtUnmapViewOfSection + 6 770069FE 4 Bytes [68, 77, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2828] ntdll.dll!NtUnmapViewOfSection + B 77006A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtCreateFile + 6 7700560E 4 Bytes [28, 40, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtCreateFile + B 77005613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtMapViewOfSection + 6 77005C6E 4 Bytes [28, 43, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtMapViewOfSection + B 77005C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenFile + 6 77005D1E 4 Bytes [68, 40, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenFile + B 77005D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcess + 6 77005DCE 4 Bytes [A8, 41, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcess + B 77005DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcessToken + 6 77005DDE 4 Bytes CALL 76012124 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcessToken + B 77005DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcessTokenEx + 6 77005DEE 4 Bytes [A8, 42, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcessTokenEx + B 77005DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThread + 6 77005E4E 4 Bytes [68, 41, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThread + B 77005E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThreadToken + 6 77005E5E 4 Bytes [68, 42, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThreadToken + B 77005E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThreadTokenEx + 6 77005E6E 4 Bytes CALL 760121B5 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThreadTokenEx + B 77005E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtQueryAttributesFile + 6 77005F7E 4 Bytes [A8, 40, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtQueryAttributesFile + B 77005F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtQueryFullAttributesFile + 6 7700602E 4 Bytes CALL 76012373 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtQueryFullAttributesFile + B 77006033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtSetInformationFile + 6 7700667E 4 Bytes [28, 41, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtSetInformationFile + B 77006683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtSetInformationThread + 6 770066DE 4 Bytes [28, 42, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtSetInformationThread + B 770066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtUnmapViewOfSection + 6 770069FE 4 Bytes [68, 43, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtUnmapViewOfSection + B 77006A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtCreateFile + 6 7700560E 4 Bytes [28, 1C, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtCreateFile + B 77005613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtMapViewOfSection + 6 77005C6E 4 Bytes [28, 1F, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtMapViewOfSection + B 77005C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenFile + 6 77005D1E 4 Bytes [68, 1C, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenFile + B 77005D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcess + 6 77005DCE 4 Bytes [A8, 1D, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcess + B 77005DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessToken + 6 77005DDE 4 Bytes CALL 76008B00 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessToken + B 77005DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessTokenEx + 6 77005DEE 4 Bytes [A8, 1E, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenProcessTokenEx + B 77005DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThread + 6 77005E4E 4 Bytes [68, 1D, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThread + B 77005E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadToken + 6 77005E5E 4 Bytes [68, 1E, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadToken + B 77005E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadTokenEx + 6 77005E6E 4 Bytes CALL 76008B91 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtOpenThreadTokenEx + B 77005E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryAttributesFile + 6 77005F7E 4 Bytes [A8, 1C, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryAttributesFile + B 77005F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryFullAttributesFile + 6 7700602E 4 Bytes CALL 76008D4F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtQueryFullAttributesFile + B 77006033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationFile + 6 7700667E 4 Bytes [28, 1D, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationFile + B 77006683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationThread + 6 770066DE 4 Bytes [28, 1E, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtSetInformationThread + B 770066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtUnmapViewOfSection + 6 770069FE 4 Bytes [68, 1F, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3220] ntdll.dll!NtUnmapViewOfSection + B 77006A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtCreateFile + 6 7700560E 4 Bytes [28, 48, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtCreateFile + B 77005613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtMapViewOfSection + 6 77005C6E 4 Bytes [28, 4B, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtMapViewOfSection + B 77005C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenFile + 6 77005D1E 4 Bytes [68, 48, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenFile + B 77005D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcess + 6 77005DCE 4 Bytes [A8, 49, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcess + B 77005DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcessToken + 6 77005DDE 4 Bytes CALL 7600AA2C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcessToken + B 77005DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcessTokenEx + 6 77005DEE 4 Bytes [A8, 4A, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcessTokenEx + B 77005DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThread + 6 77005E4E 4 Bytes [68, 49, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThread + B 77005E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThreadToken + 6 77005E5E 4 Bytes [68, 4A, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThreadToken + B 77005E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThreadTokenEx + 6 77005E6E 4 Bytes CALL 7600AABD C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThreadTokenEx + B 77005E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtQueryAttributesFile + 6 77005F7E 4 Bytes [A8, 48, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtQueryAttributesFile + B 77005F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtQueryFullAttributesFile + 6 7700602E 4 Bytes CALL 7600AC7B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtQueryFullAttributesFile + B 77006033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationFile + 6 7700667E 4 Bytes [28, 49, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationFile + B 77006683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationThread + 6 770066DE 4 Bytes [28, 4A, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationThread + B 770066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtUnmapViewOfSection + 6 770069FE 4 Bytes [68, 4B, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtUnmapViewOfSection + B 77006A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtMapViewOfSection + 6 77005C6E 4 Bytes [18, 20, 0B, 6B] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtMapViewOfSection + B 77005C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtCreateFile + 6 7700560E 4 Bytes [28, 5C, 8E, 00] {SUB [ESI+ECX*4+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtCreateFile + B 77005613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtMapViewOfSection + 6 77005C6E 4 Bytes [28, 5F, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtMapViewOfSection + B 77005C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenFile + 6 77005D1E 4 Bytes [68, 5C, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenFile + B 77005D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenProcess + 6 77005DCE 4 Bytes [A8, 5D, 8E, 00] {TEST AL, 0x5d; MOV ES, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenProcess + B 77005DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenProcessToken + 6 77005DDE 4 Bytes CALL 7600EC40 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenProcessToken + B 77005DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenProcessTokenEx + 6 77005DEE 4 Bytes [A8, 5E, 8E, 00] {TEST AL, 0x5e; MOV ES, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenProcessTokenEx + B 77005DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenThread + 6 77005E4E 4 Bytes [68, 5D, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenThread + B 77005E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenThreadToken + 6 77005E5E 4 Bytes [68, 5E, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenThreadToken + B 77005E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenThreadTokenEx + 6 77005E6E 4 Bytes CALL 7600ECD1 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenThreadTokenEx + B 77005E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtQueryAttributesFile + 6 77005F7E 4 Bytes [A8, 5C, 8E, 00] {TEST AL, 0x5c; MOV ES, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtQueryAttributesFile + B 77005F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtQueryFullAttributesFile + 6 7700602E 4 Bytes CALL 7600EE8F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtQueryFullAttributesFile + B 77006033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtSetInformationFile + 6 7700667E 4 Bytes [28, 5D, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtSetInformationFile + B 77006683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtSetInformationThread + 6 770066DE 4 Bytes [28, 5E, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtSetInformationThread + B 770066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtUnmapViewOfSection + 6 770069FE 4 Bytes [68, 5F, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtUnmapViewOfSection + B 77006A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtCreateFile + 6 7700560E 4 Bytes [28, B4, 78, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtCreateFile + B 77005613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtMapViewOfSection + 6 77005C6E 4 Bytes [28, B7, 78, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtMapViewOfSection + B 77005C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenFile + 6 77005D1E 4 Bytes [68, B4, 78, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenFile + B 77005D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenProcess + 6 77005DCE 4 Bytes [A8, B5, 78, 00] {TEST AL, 0xb5; JS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenProcess + B 77005DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenProcessToken + 6 77005DDE 4 Bytes CALL 7600D698 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenProcessToken + B 77005DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenProcessTokenEx + 6 77005DEE 4 Bytes [A8, B6, 78, 00] {TEST AL, 0xb6; JS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenProcessTokenEx + B 77005DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenThread + 6 77005E4E 4 Bytes [68, B5, 78, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenThread + B 77005E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenThreadToken + 6 77005E5E 4 Bytes [68, B6, 78, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenThreadToken + B 77005E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenThreadTokenEx + 6 77005E6E 4 Bytes CALL 7600D729 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtOpenThreadTokenEx + B 77005E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtQueryAttributesFile + 6 77005F7E 4 Bytes [A8, B4, 78, 00] {TEST AL, 0xb4; JS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtQueryAttributesFile + B 77005F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtQueryFullAttributesFile + 6 7700602E 4 Bytes CALL 7600D8E7 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtQueryFullAttributesFile + B 77006033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtSetInformationFile + 6 7700667E 4 Bytes [28, B5, 78, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtSetInformationFile + B 77006683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtSetInformationThread + 6 770066DE 4 Bytes [28, B6, 78, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtSetInformationThread + B 770066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtUnmapViewOfSection + 6 770069FE 4 Bytes [68, B7, 78, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtUnmapViewOfSection + B 77006A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtCreateFile + 6 7700560E 4 Bytes [28, C4, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtCreateFile + B 77005613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtMapViewOfSection + 6 77005C6E 4 Bytes [28, C7, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtMapViewOfSection + B 77005C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenFile + 6 77005D1E 4 Bytes [68, C4, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenFile + B 77005D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenProcess + 6 77005DCE 4 Bytes [A8, C5, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenProcess + B 77005DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenProcessToken + 6 77005DDE 4 Bytes CALL 760155A8 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenProcessToken + B 77005DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenProcessTokenEx + 6 77005DEE 4 Bytes [A8, C6, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenProcessTokenEx + B 77005DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenThread + 6 77005E4E 4 Bytes [68, C5, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenThread + B 77005E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenThreadToken + 6 77005E5E 4 Bytes [68, C6, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenThreadToken + B 77005E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenThreadTokenEx + 6 77005E6E 4 Bytes CALL 76015639 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtOpenThreadTokenEx + B 77005E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtQueryAttributesFile + 6 77005F7E 4 Bytes [A8, C4, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtQueryAttributesFile + B 77005F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtQueryFullAttributesFile + 6 7700602E 4 Bytes CALL 760157F7 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtQueryFullAttributesFile + B 77006033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtSetInformationFile + 6 7700667E 4 Bytes [28, C5, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtSetInformationFile + B 77006683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtSetInformationThread + 6 770066DE 4 Bytes [28, C6, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtSetInformationThread + B 770066E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtUnmapViewOfSection + 6 770069FE 4 Bytes [68, C7, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3920] ntdll.dll!NtUnmapViewOfSection + B 77006A03 1 Byte [E2] ---- Devices - GMER 2.2 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{9AA9E256-1129-11E5-8682-806E6F6E6963} 3813468232 ---- EOF - GMER 2.2 ----

Kod: Zaznacz wszystko: OTL logfile created on: 2016-03-23 19:46:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kropecznik\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16476) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,18 Gb Available Physical Memory | 9,16% Memory free 4,00 Gb Paging File | 0,93 Gb Available in Paging File | 23,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 0,88 Gb Free Space | 4,49% Space Free | Partition Type: NTFS Drive D: | 87,89 Gb Total Space | 1,46 Gb Free Space | 1,66% Space Free | Partition Type: NTFS Drive E: | 97,65 Gb Total Space | 85,68 Gb Free Space | 87,74% Space Free | Partition Type: NTFS Drive F: | 93,01 Gb Total Space | 37,44 Gb Free Space | 40,25% Space Free | Partition Type: NTFS Drive I: | 298,08 Gb Total Space | 14,15 Gb Free Space | 4,75% Space Free | Partition Type: NTFS Drive J: | 931,51 Gb Total Space | 395,28 Gb Free Space | 42,43% Space Free | Partition Type: NTFS Computer Name: GRUCHOT | User Name: Kropecznik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2016-03-23 18:39:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kropecznik\Desktop\OTL.exe PRC - [2016-03-23 18:28:17 | 000,380,928 | ---- | M] () -- C:\Users\Kropecznik\Desktop\o3f4mudb.exe PRC - [2016-03-22 06:48:40 | 000,104,680 | ---- | M] (TData.com) -- C:\Program Files\TData\TData.exe PRC - [2016-03-10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) -- D:\Programy\Malwarebytes Anti-Malware\mbamservice.exe PRC - [2016-03-10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) -- D:\Programy\Malwarebytes Anti-Malware\mbamscheduler.exe PRC - [2016-03-10 14:07:20 | 009,926,112 | ---- | M] (Malwarebytes) -- D:\Programy\Malwarebytes Anti-Malware\mbam.exe PRC - [2015-12-11 04:54:14 | 000,741,704 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2015-07-08 15:22:32 | 001,353,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2014-07-15 08:46:00 | 000,786,256 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2013-11-14 22:36:16 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2013-11-10 03:22:18 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2012-08-03 07:01:00 | 003,801,736 | ---- | M] (Ghisler Software GmbH) -- D:\Program Files\Total Commander 6.53\TOTALCMD.EXE PRC - [2008-09-16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- D:\Programy\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2016-03-23 18:28:17 | 000,380,928 | ---- | M] () -- C:\Users\Kropecznik\Desktop\o3f4mudb.exe MOD - [2015-12-11 04:54:11 | 001,583,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\47.0.2526.106\libglesv2.dll MOD - [2015-12-11 04:54:09 | 000,081,224 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\47.0.2526.106\libegl.dll MOD - [2010-07-04 22:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2016-03-23 13:12:55 | 000,399,648 | ---- | M] (JRiver, Inc.) [On_Demand | Stopped] -- C:\Program Files\J River\Media Center 21\JRService.exe -- (Media Center 21 Service) SRV - [2016-03-22 06:48:40 | 000,104,680 | ---- | M] (TData.com) [Auto | Running] -- C:\Program Files\TData\TData.exe -- (TDataSvr) SRV - [2016-03-15 12:10:41 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2016-03-10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) [Auto | Running] -- D:\Programy\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2016-03-10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) [Auto | Running] -- D:\Programy\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2016-02-02 07:38:53 | 002,104,840 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- D:\Programy\Origin\OriginClientService.exe -- (Origin Client Service) SRV - [2015-08-17 20:29:02 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2015-07-08 15:22:32 | 001,353,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2015-07-02 15:13:25 | 000,134,512 | ---- | M] (Dropbox, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dropbox\Update\DropboxUpdate.exe -- (dbupdatem) SRV - [2015-07-02 15:13:25 | 000,134,512 | ---- | M] (Dropbox, Inc.) [Auto | Stopped] -- C:\Program Files\Dropbox\Update\DropboxUpdate.exe -- (dbupdate) SRV - [2014-07-15 08:46:00 | 000,786,256 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2013-11-26 09:29:52 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService) SRV - [2013-11-14 23:05:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2013-11-10 04:36:55 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2008-09-16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Programy\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\KROPEC~1\AppData\Local\Temp\fxrdqpog.sys -- (fxrdqpog) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - [2016-03-23 19:26:15 | 000,170,200 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV - [2016-03-22 21:05:02 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsgScanner.sys -- (EsgScanner) DRV - [2016-03-10 14:09:04 | 000,053,120 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl) DRV - [2016-03-10 14:08:52 | 000,024,448 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2015-07-13 07:14:14 | 000,202,704 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm) DRV - [2015-07-13 07:14:14 | 000,144,536 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2015-07-13 07:14:14 | 000,132,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr) DRV - [2015-06-13 15:22:34 | 000,025,104 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dtlitescsibus.sys -- (dtlitescsibus) DRV - [2014-10-20 22:26:56 | 000,032,256 | ---- | M] (JRiver, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\JRiverWDMDriver.sys -- (jrvad_service) DRV - [2013-10-02 01:43:05 | 000,026,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2013-10-02 01:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2013-04-30 05:14:44 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2013-04-30 05:14:44 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2013-04-30 03:47:52 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012-08-23 15:46:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt) DRV - [2012-08-23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012-05-14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010-11-20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010-11-20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub) DRV - [2010-11-20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV - [2010-11-20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010-11-20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010-11-20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-11-20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010-11-20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010-11-20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010-07-04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009-07-14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3290753359-997226432-1631314917-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp IE - HKU\S-1-5-21-3290753359-997226432-1631314917-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pl-PL IE - HKU\S-1-5-21-3290753359-997226432-1631314917-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D 23 F5 7A 7A 84 D1 01 [binary data] IE - HKU\S-1-5-21-3290753359-997226432-1631314917-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3290753359-997226432-1631314917-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKU\S-1-5-21-3290753359-997226432-1631314917-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.countryCode: "PL" FF - prefs.js..browser.search.region: "PL" FF - prefs.js..browser.startup.homepage: "https://www.malwarebytes.org/restorebrowser//?type=hp&ts=1458743139&z=cdf7fd1d3cee052b655f331gbzcw7b8mbzec7g1cbt&from=itr&uid=wdcxwd3200aajb-00tya0_wd-wcapz273001030010" FF - prefs.js..extensions.enabledAddons: deskCutv2%40gmail.com:0.1.13 FF - prefs.js..extensions.enabledAddons: firefoxaddon%40youtubeenhancer.com:4.1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:45.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: d:\Programy\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015-06-12 20:27:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kropecznik\AppData\Roaming\mozilla\Extensions [2016-03-23 16:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kropecznik\AppData\Roaming\mozilla\Firefox\Profiles\41A66E7E5EE1\extensions [2016-03-23 16:56:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kropecznik\AppData\Roaming\mozilla\Firefox\Profiles\kfp8rkkk.default\extensions [2016-03-06 23:56:12 | 000,658,230 | ---- | M] () (No name found) -- C:\Users\Kropecznik\AppData\Roaming\mozilla\firefox\profiles\41A66E7E5EE1\extensions\firefoxaddon@youtubeenhancer.com.xpi [2016-02-24 00:15:28 | 001,013,992 | ---- | M] () (No name found) -- C:\Users\Kropecznik\AppData\Roaming\mozilla\firefox\profiles\41A66E7E5EE1\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-03-06 23:56:12 | 000,658,230 | ---- | M] () (No name found) -- C:\Users\Kropecznik\AppData\Roaming\mozilla\firefox\profiles\kfp8rkkk.default\extensions\firefoxaddon@youtubeenhancer.com.xpi [2016-02-24 00:15:28 | 001,013,992 | ---- | M] () (No name found) -- C:\Users\Kropecznik\AppData\Roaming\mozilla\firefox\profiles\kfp8rkkk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-03-21 02:55:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions File not found (No name found) -- C:\USERS\KROPECZNIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KFP8RKKK.DEFAULT\EXTENSIONS\DESKCUTV2@GMAIL.COM [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleakchihdccplidncghkekgioiakgal\1.0.3_0\ CHR - Extension: No name found = C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.11_0\ CHR - Extension: No name found = C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc\1.1_0\ CHR - Extension: No name found = C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.53_0\ CHR - Extension: No name found = C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\ CHR - Extension: No name found = C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg\8.3_0\ CHR - Extension: No name found = C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle\1.0.59_0\ O1 HOSTS File: ([2016-03-23 17:47:32 | 000,000,853 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 0.0.0.0 keystone.mwbsys.com O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [Dropbox] C:\Program Files\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKU\S-1-5-21-3290753359-997226432-1631314917-1001..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKU\S-1-5-21-3290753359-997226432-1631314917-1001..\Run: [EADM] D:\Programy\Origin\Origin.exe (Electronic Arts) O4 - HKU\S-1-5-21-3290753359-997226432-1631314917-1001..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKU\S-1-5-21-3290753359-997226432-1631314917-1001..\Run: [Steam] D:\Programy\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-3290753359-997226432-1631314917-1001..\Run: [uTorrent] C:\Users\Kropecznik\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3290753359-997226432-1631314917-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2C94BC5-B0AF-4F6A-9CB6-CE9EFF3DD2DE}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB70AA72-0B71-4617-BA9C-8ECB72910A10}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - ("explorer.exe") - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{327adbef-accf-11e5-8a4a-001d7dc573e9}\Shell - "" = AutoRun O33 - MountPoints2\{327adbef-accf-11e5-8a4a-001d7dc573e9}\Shell\AutoRun\command - "" = K:\HTC_Sync_Manager_PC.exe O33 - MountPoints2\{327add0c-accf-11e5-8a4a-001d7dc573e9}\Shell - "" = AutoRun O33 - MountPoints2\{327add0c-accf-11e5-8a4a-001d7dc573e9}\Shell\AutoRun\command - "" = K:\HTC_Sync_Manager_PC.exe O33 - MountPoints2\{484f7af1-11c2-11e5-bb69-001d7dc573e9}\Shell - "" = AutoRun O33 - MountPoints2\{484f7af1-11c2-11e5-bb69-001d7dc573e9}\Shell\AutoRun\command - "" = K:\autorun.exe O33 - MountPoints2\{ca733aec-1fe1-11e5-9b83-001d7dc573e9}\Shell - "" = AutoRun O33 - MountPoints2\{ca733aec-1fe1-11e5-9b83-001d7dc573e9}\Shell\AutoRun\command - "" = H:\autorun.exe O33 - MountPoints2\{f853d535-53c8-11e5-8e7d-001d7dc573e9}\Shell - "" = AutoRun O33 - MountPoints2\{f853d535-53c8-11e5-8e7d-001d7dc573e9}\Shell\AutoRun\command - "" = L:\setup.exe O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\HTC_Sync_Manager_PC.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2016-03-23 18:39:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kropecznik\Desktop\OTL.exe [2016-03-23 18:26:04 | 000,496,160 | ---- | C] (Duplex Secure Ltd) -- C:\Users\Kropecznik\Desktop\SPTDinst-v189-x86.exe [2016-03-23 16:34:19 | 000,170,200 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2016-03-23 16:23:59 | 000,126,336 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbamchameleon.sys [2016-03-23 16:23:58 | 000,053,120 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys [2016-03-23 16:23:57 | 000,024,448 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys [2016-03-23 16:01:36 | 000,000,000 | ---D | C] -- C:\Users\Kropecznik\AppData\Local\app [2016-03-23 15:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\TData [2016-03-23 14:43:08 | 000,000,000 | ---D | C] -- C:\Users\Kropecznik\Desktop\ŚWIĘTE INSTALKI [2016-03-23 14:42:21 | 000,000,000 | ---D | C] -- C:\Users\Kropecznik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [2016-03-23 14:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker [2016-03-23 14:34:05 | 000,000,000 | ---D | C] -- C:\Users\Kropecznik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaHuman [2016-03-23 14:33:48 | 000,000,000 | ---D | C] -- C:\Users\Kropecznik\AppData\Local\MediaHuman [2016-03-23 13:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2016-03-23 13:09:25 | 000,553,248 | ---- | C] (JRiver, Inc.) -- C:\Windows\System32\MC21.exe [2016-03-23 13:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\J River [2016-03-23 12:42:24 | 000,032,256 | ---- | C] (JRiver, Inc.) -- C:\Windows\System32\drivers\JRiverWDMDriver.sys [2016-03-23 12:39:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2016-03-22 21:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2016-03-22 21:06:54 | 000,000,000 | ---D | C] -- C:\Users\Kropecznik\AppData\Roaming\Enigma Software Group [2016-03-22 21:06:46 | 000,000,000 | ---D | C] -- C:\Users\Kropecznik\Start Menu [2016-03-22 21:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2016-03-22 19:26:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\dmp [2016-03-22 16:27:59 | 000,000,000 | ---D | C] -- C:\Users\Kropecznik\AppData\Roaming\Ubisoft [2016-03-22 16:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2016-03-21 02:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2016-03-19 20:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox [2016-03-19 17:38:55 | 000,000,000 | ---D | C] -- C:\Users\Kropecznik\Desktop\Zdjęcia laguny do przeróbki kolorów [2016-03-18 20:20:15 | 000,000,000 | ---D | C] -- C:\Users\Kropecznik\AppData\Local\Sparta [2016-03-14 14:42:20 | 000,000,000 | ---D | C] -- C:\Users\Kropecznik\AppData\Local\Programs [2016-03-13 20:02:34 | 000,000,000 | ---D | C] -- C:\Users\Kropecznik\AppData\Local\techland [2016-03-13 20:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam [2016-03-13 20:01:05 | 000,000,000 | ---D | C] -- C:\Users\Kropecznik\AppData\Roaming\Call of Juarez - Gunslinger_Uninstall [2016-03-12 14:18:18 | 000,000,000 | ---D | C] -- C:\Users\Kropecznik\Desktop\wallie [2016-03-07 23:11:51 | 000,000,000 | ---D | C] -- C:\Users\Kropecznik\AppData\Local\GHISLER [2016-03-07 21:06:30 | 000,000,000 | ---D | C] -- C:\Users\Kropecznik\AppData\Roaming\Macromedia [2016-03-07 21:06:30 | 000,000,000 | ---D | C] -- C:\Users\Kropecznik\AppData\Local\Macromedia [2016-03-02 13:52:30 | 018,511,040 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2016-03-01 21:19:03 | 000,000,000 | ---D | C] -- C:\Users\Kropecznik\Desktop\cenzura! [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2016-03-23 19:26:15 | 000,170,200 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2016-03-23 19:24:39 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskMachineUA.job [2016-03-23 18:41:56 | 000,026,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2016-03-23 18:41:56 | 000,026,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2016-03-23 18:39:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kropecznik\Desktop\OTL.exe [2016-03-23 18:34:33 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskMachineCore.job [2016-03-23 18:34:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2016-03-23 18:34:07 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2016-03-23 18:28:17 | 000,380,928 | ---- | M] () -- C:\Users\Kropecznik\Desktop\o3f4mudb.exe [2016-03-23 18:26:10 | 000,496,160 | ---- | M] (Duplex Secure Ltd) -- C:\Users\Kropecznik\Desktop\SPTDinst-v189-x86.exe [2016-03-23 18:03:58 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2016-03-23 18:03:58 | 000,000,734 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2016-03-23 18:03:32 | 000,001,707 | ---- | M] () -- C:\Users\Kropecznik\Desktop\SPYHUNTER DO cenzura! TYCH MALWARE'ÓW cenzura!.lnk [2016-03-23 18:03:31 | 000,000,713 | ---- | M] () -- C:\Users\Kropecznik\Desktop\Odkurzacz.lnk [2016-03-23 18:03:31 | 000,000,693 | ---- | M] () -- C:\Users\Kropecznik\Desktop\SETLERY !!!!!.lnk [2016-03-23 18:03:31 | 000,000,080 | ---- | M] () -- C:\Users\Kropecznik\Desktop\Saboteur - skrót.lnk [2016-03-23 18:03:30 | 000,001,538 | ---- | M] () -- C:\Users\Kropecznik\Desktop\Moje pieniądze.lnk [2016-03-23 18:03:30 | 000,001,325 | ---- | M] () -- C:\Users\Kropecznik\Desktop\LifeIsStrange.lnk [2016-03-23 18:03:30 | 000,000,847 | ---- | M] () -- C:\Users\Kropecznik\Desktop\MediaHuman Audio Converter.lnk [2016-03-23 18:03:29 | 000,000,784 | ---- | M] () -- C:\Users\Kropecznik\Desktop\K O N R A D.lnk [2016-03-23 18:03:29 | 000,000,080 | ---- | M] () -- C:\Users\Kropecznik\Desktop\Karol - skrót.lnk [2016-03-23 18:03:28 | 000,001,728 | ---- | M] () -- C:\Users\Kropecznik\Desktop\Google Chrome.lnk [2016-03-23 18:03:28 | 000,001,069 | ---- | M] () -- C:\Users\Kropecznik\Desktop\JESZCZE STARSZY PULPIT.lnk [2016-03-23 18:03:28 | 000,000,724 | ---- | M] () -- C:\Users\Kropecznik\Desktop\HoMM3 HD.lnk [2016-03-23 18:03:27 | 000,000,080 | ---- | M] () -- C:\Users\Kropecznik\Desktop\DTLite - skrót.lnk [2016-03-23 18:03:26 | 000,000,906 | ---- | M] () -- C:\Users\Kropecznik\Desktop\Chicken Invaders 5 - Cluck of the Dark Side.lnk [2016-03-23 18:03:26 | 000,000,842 | ---- | M] () -- C:\Users\Kropecznik\Desktop\Call of Juarez - Gunslinger.lnk [2016-03-23 18:03:25 | 000,000,080 | ---- | M] () -- C:\Users\Kropecznik\Desktop\AssassinsCreed_Dx10 - skrót.lnk [2016-03-23 17:47:32 | 000,000,853 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2016-03-23 15:58:48 | 000,000,266 | RHS- | M] () -- C:\Users\Kropecznik\ntuser.pol [2016-03-23 15:27:17 | 000,001,006 | ---- | M] () -- C:\Users\Kropecznik\Desktop\hp.bak [2016-03-23 15:26:19 | 000,000,648 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2016-03-23 12:10:23 | 000,030,169 | ---- | M] () -- C:\Users\Kropecznik\Desktop\Screener.jpg [2016-03-22 21:05:02 | 000,019,984 | ---- | M] () -- C:\Windows\System32\drivers\EsgScanner.sys [2016-03-22 18:36:41 | 000,001,363 | ---- | M] () -- C:\Users\Kropecznik\Desktop\AssassinsCreed_Dx10 — skrót.lnk [2016-03-22 16:05:17 | 000,001,107 | ---- | M] () -- C:\Users\Kropecznik\Desktop\DTLite — skrót.lnk [2016-03-21 19:02:06 | 000,049,560 | ---- | M] () -- C:\Users\Kropecznik\Desktop\deklaracja-przedmiotow-15-16Z.pdf [2016-03-15 12:30:26 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2016-03-15 12:10:39 | 000,797,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2016-03-15 12:10:39 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2016-03-10 14:09:04 | 000,053,120 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys [2016-03-10 14:08:56 | 000,126,336 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mbamchameleon.sys [2016-03-10 14:08:52 | 000,024,448 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys [2016-03-06 16:00:40 | 044,215,852 | ---- | M] () -- C:\Users\Kropecznik\Desktop\Wstęp do filologii słowiańskiej - Leszek Moszyński.pdf [2016-03-02 13:52:31 | 018,511,040 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2016-02-26 19:53:39 | 000,739,694 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2016-02-26 19:53:39 | 000,653,526 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2016-02-26 19:53:39 | 000,155,268 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2016-02-26 19:53:39 | 000,121,398 | ---- | M] () -- C:\Windows\System32\perfc009.dat [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2016-03-23 18:28:12 | 000,380,928 | ---- | C] () -- C:\Users\Kropecznik\Desktop\o3f4mudb.exe [2016-03-23 16:56:59 | 000,000,080 | ---- | C] () -- C:\Users\Kropecznik\Desktop\Saboteur - skrót.lnk [2016-03-23 16:56:54 | 000,000,080 | ---- | C] () -- C:\Users\Kropecznik\Desktop\Karol - skrót.lnk [2016-03-23 16:56:52 | 000,000,080 | ---- | C] () -- C:\Users\Kropecznik\Desktop\DTLite - skrót.lnk [2016-03-23 16:56:51 | 000,000,080 | ---- | C] () -- C:\Users\Kropecznik\Desktop\AssassinsCreed_Dx10 - skrót.lnk [2016-03-23 16:24:53 | 000,000,734 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2016-03-23 15:58:48 | 000,000,266 | RHS- | C] () -- C:\Users\Kropecznik\ntuser.pol [2016-03-23 15:32:04 | 000,001,006 | ---- | C] () -- C:\Users\Kropecznik\Desktop\hp.bak [2016-03-23 15:26:19 | 000,000,648 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2016-03-23 14:34:05 | 000,000,847 | ---- | C] () -- C:\Users\Kropecznik\Desktop\MediaHuman Audio Converter.lnk [2016-03-23 13:40:41 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2016-03-23 01:26:38 | 000,014,232 | ---- | C] () -- C:\Windows\System32\sh4native.exe [2016-03-22 23:20:25 | 000,001,728 | ---- | C] () -- C:\Users\Kropecznik\Desktop\Google Chrome.lnk [2016-03-22 23:16:27 | 000,001,707 | ---- | C] () -- C:\Users\Kropecznik\Desktop\SPYHUNTER DO cenzura! TYCH MALWARE'ÓW cenzura!.lnk [2016-03-22 21:05:02 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys [2016-03-22 18:36:41 | 000,001,363 | ---- | C] () -- C:\Users\Kropecznik\Desktop\AssassinsCreed_Dx10 — skrót.lnk [2016-03-22 16:05:17 | 000,001,107 | ---- | C] () -- C:\Users\Kropecznik\Desktop\DTLite — skrót.lnk [2016-03-21 19:02:00 | 000,049,560 | ---- | C] () -- C:\Users\Kropecznik\Desktop\deklaracja-przedmiotow-15-16Z.pdf [2016-03-13 20:01:06 | 000,000,842 | ---- | C] () -- C:\Users\Kropecznik\Desktop\Call of Juarez - Gunslinger.lnk [2016-03-06 15:58:27 | 044,215,852 | ---- | C] () -- C:\Users\Kropecznik\Desktop\Wstęp do filologii słowiańskiej - Leszek Moszyński.pdf [2016-03-02 13:50:14 | 000,000,930 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2016-02-23 16:12:25 | 000,001,069 | ---- | C] () -- C:\Users\Kropecznik\Desktop\JESZCZE STARSZY PULPIT.lnk [2015-11-23 21:44:13 | 000,000,076 | ---- | C] () -- C:\Windows\System32\llbiirc.dll [2015-09-19 19:01:43 | 000,003,584 | ---- | C] () -- C:\Users\Kropecznik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2015-09-05 20:57:02 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat [2015-08-19 19:04:37 | 000,001,211 | ---- | C] () -- C:\Users\Kropecznik\Pulpit — skrót.lnk [2015-06-12 20:11:56 | 000,006,688 | ---- | C] () -- C:\Windows\System32\Digita.sys [2015-06-12 20:11:55 | 000,335,872 | ---- | C] () -- C:\Windows\System32\ldf252.dll [2015-06-12 18:39:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-11-10 04:50:12 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2015-09-19 18:24:08 | 000,000,000 | ---D | M] -- C:\Users\Kropecznik\AppData\Roaming\AnvSoft [2016-03-12 16:56:41 | 000,000,000 | ---D | M] -- C:\Users\Kropecznik\AppData\Roaming\Audacity [2016-03-13 20:01:06 | 000,000,000 | ---D | M] -- C:\Users\Kropecznik\AppData\Roaming\Call of Juarez - Gunslinger_Uninstall [2016-03-23 13:49:18 | 000,000,000 | ---D | M] -- C:\Users\Kropecznik\AppData\Roaming\DAEMON Tools Lite [2015-07-02 15:21:42 | 000,000,000 | ---D | M] -- C:\Users\Kropecznik\AppData\Roaming\Dropbox [2015-09-05 16:42:39 | 000,000,000 | ---D | M] -- C:\Users\Kropecznik\AppData\Roaming\EAC [2016-03-22 21:06:54 | 000,000,000 | ---D | M] -- C:\Users\Kropecznik\AppData\Roaming\Enigma Software Group [2016-01-02 23:10:54 | 000,000,000 | ---D | M] -- C:\Users\Kropecznik\AppData\Roaming\FlacSquisher [2015-06-12 19:10:06 | 000,000,000 | ---D | M] -- C:\Users\Kropecznik\AppData\Roaming\GHISLER [2015-06-18 18:01:05 | 000,000,000 | ---D | M] -- C:\Users\Kropecznik\AppData\Roaming\Guitar Pro 6 [2015-12-13 20:32:22 | 000,000,000 | ---D | M] -- C:\Users\Kropecznik\AppData\Roaming\HaiYuInst [2016-03-23 12:41:51 | 000,000,000 | ---D | M] -- C:\Users\Kropecznik\AppData\Roaming\J River [2016-01-02 00:08:47 | 000,000,000 | ---D | M] -- C:\Users\Kropecznik\AppData\Roaming\NapiProjekt [2015-11-19 11:08:11 | 000,000,000 | ---D | M] -- C:\Users\Kropecznik\AppData\Roaming\Origin [2016-01-24 22:54:44 | 000,000,000 | ---D | M] -- C:\Users\Kropecznik\AppData\Roaming\Steam [2016-03-22 16:27:59 | 000,000,000 | ---D | M] -- C:\Users\Kropecznik\AppData\Roaming\Ubisoft [2016-03-23 16:59:36 | 000,000,000 | ---D | M] -- C:\Users\Kropecznik\AppData\Roaming\uTorrent [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:BF3D62E7 < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2016-03-23 19:46:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kropecznik\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16476) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 0,18 Gb Available Physical Memory | 9,16% Memory free 4,00 Gb Paging File | 0,93 Gb Available in Paging File | 23,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 0,88 Gb Free Space | 4,49% Space Free | Partition Type: NTFS Drive D: | 87,89 Gb Total Space | 1,46 Gb Free Space | 1,66% Space Free | Partition Type: NTFS Drive E: | 97,65 Gb Total Space | 85,68 Gb Free Space | 87,74% Space Free | Partition Type: NTFS Drive F: | 93,01 Gb Total Space | 37,44 Gb Free Space | 40,25% Space Free | Partition Type: NTFS Drive I: | 298,08 Gb Total Space | 14,15 Gb Free Space | 4,75% Space Free | Partition Type: NTFS Drive J: | 931,51 Gb Total Space | 395,28 Gb Free Space | 42,43% Space Free | Partition Type: NTFS Computer Name: GRUCHOT | User Name: Kropecznik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3290753359-997226432-1631314917-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office15\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office15\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDBrowse] -- "D:\Programy\ACD Systems\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.) Directory [AddToPlaylistVLC] -- "d:\Programy\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "D:\Programy\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "D:\Programy\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Directory [OSDownloader] -- "C:\Program Files\OSDownloader\OSDownloader.exe" "%1" (OpenSubtitles.org) Directory [PlayWithVLC] -- "d:\Programy\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "E:\M U Z Y K A\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "E:\M U Z Y K A\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "E:\M U Z Y K A\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{053104B7-8CB4-4DE6-8072-7AEDE7FB50BC}" = rport=10243 | protocol=6 | dir=out | app=system | "{075958B9-6D15-44C8-B6E8-EAD92808A778}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{09576BD0-976A-4637-BF2E-D230ECE9AE03}" = lport=137 | protocol=17 | dir=in | app=system | "{1AF177EA-D13B-411A-BE19-EA06D7881DA8}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | "{446FC932-D029-4B08-A310-8A41D9B6D60A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5209FC98-F707-47D1-9577-06283476E40B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{56D9F815-4B8B-4F01-86BF-892A675412D7}" = lport=138 | protocol=17 | dir=in | app=system | "{58BA7BC2-1207-4D04-B896-AF315076CB6C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{59644A82-5234-42F0-AB0F-C8EC7E5DB652}" = lport=2869 | protocol=6 | dir=in | app=system | "{77796294-A79F-42FC-9158-303538CAAE0E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{814AB5A3-7930-4DAB-B68B-7F62A343B58C}" = lport=445 | protocol=6 | dir=in | app=system | "{839E3E59-C2AC-48B0-A240-590BBC94F70A}" = lport=10243 | protocol=6 | dir=in | app=system | "{8B1045DE-9BEA-4B60-9FF6-87C948C15DD6}" = rport=137 | protocol=17 | dir=out | app=system | "{9C320B70-3074-421A-A8CD-DE06B49E2D17}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9D31697D-BFAC-4542-A9F0-2B0207886090}" = lport=139 | protocol=6 | dir=in | app=system | "{9FA02DD1-03A4-49C0-9B47-EF45752C0E5B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B6E8B283-6781-4032-8753-5AD2BC502F00}" = rport=445 | protocol=6 | dir=out | app=system | "{C5846BFD-02DF-47F9-94B7-0EDDC963C404}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{CA4748D1-8186-44FA-87EE-63C5F42F1771}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D5EA5607-E2C4-468B-9A1E-0368A5A90DE7}" = rport=138 | protocol=17 | dir=out | app=system | "{F5465705-5450-4944-8C0B-D955C4FD19DE}" = rport=139 | protocol=6 | dir=out | app=system | "{F9F63C37-C3B1-40B7-AB68-46EC98136B44}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01D3B52D-DEF1-4E3B-B45D-CB312DF4E75A}" = dir=in | app=c:\program files\oracle\virtualbox\vboxheadless.exe | "{03C30BC8-7719-462D-8E5C-95F9FEC6ADEF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{073E8A7B-4474-4772-9493-6B7B0355AA88}" = protocol=6 | dir=in | app=d:\programy\steam\steam.exe | "{0898F2F3-2ADB-4EF5-93DE-ADD8C974901A}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\one unit whole blood\dosbox.exe | "{0BFAE9CB-277D-44CF-83B6-4709CFA8FADD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0C6921AB-AF81-42CC-A944-0C84D17F35A0}" = protocol=17 | dir=in | app=h:\gry\life is strange\steam_api64.exe | "{0F9029C7-E4A9-44CD-85E7-1285B35ADA7A}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\l.a.noire\lanlauncher.exe | "{11F6429E-D0E8-4B8F-B176-EB55E7E2667E}" = protocol=6 | dir=in | app=h:\gry\life is strange\steam_api64.exe | "{1BC3343B-261A-4F14-857D-DD9E09B58B03}" = protocol=17 | dir=in | app=d:\programy\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | "{1FDC04B9-DB15-4E72-A5C0-84A2AABB6510}" = protocol=6 | dir=in | app=d:\programy\napiprojekt\napisy.exe | "{322C9A94-CB8B-450A-A22A-04F86928B088}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "{3523F784-53C2-4579-A0B9-230E2534A379}" = protocol=6 | dir=in | app=d:\programy\steam\steamapps\common\gorky 17\gorky17.exe | "{3647BA92-A9EC-4831-8B96-7394E7C30395}" = protocol=6 | dir=out | app=system | "{3713672A-9A2F-46A2-99DD-322FA25B2607}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{380F9C74-146F-4680-9DB9-FAD2FD111AF1}" = protocol=17 | dir=in | app=c:\users\kropecznik\appdata\roaming\utorrent\utorrent.exe | "{3A7122AB-BD03-4C0A-8E06-832774F45C2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3B12F010-E9B2-4F9E-AB8F-639BE2BF9D11}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{43515168-36F9-4E7C-B637-8C0439AE3133}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "{47813B55-5725-4033-B264-DFB43B990779}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\l.a.noire\lanlauncher.exe | "{4834C2EE-960F-4E5F-9814-41185A5F04CE}" = protocol=6 | dir=in | app=d:\programy\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | "{4F67FEAD-E080-440C-8392-425FC2A445E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5452AA21-041F-4BE1-8824-FB5AEBD5D843}" = protocol=17 | dir=in | app=d:\programy\steam\steamapps\common\gorky 17\gorky17.exe | "{65A1ECF9-0447-47A5-B93F-35146A19ED34}" = dir=in | app=c:\program files\dropbox\client\dropbox.exe | "{7146DDA2-7999-46F5-9AF1-D22B6599AD7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7478A105-7C67-4399-92DA-AD5A313981D4}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "{8496ACC6-1B4C-4768-A005-6CF945AB4181}" = protocol=6 | dir=in | app=d:\programy\kmsnano\qemu-system-i386.exe | "{86E3F864-D136-46D1-B2C9-99B41208EDB1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8A5F9B08-6BF9-4E12-90FA-14343C3AE352}" = protocol=6 | dir=in | app=e:\gry (na d nie ma miejsca)\assassinscreed_launcher.exe | "{8A79BA6D-542E-4C2F-83A7-266A3CE69522}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8BBAEEAB-554A-4C21-BB7E-B39444F780B2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8D793057-D98A-46BF-9AE8-84D0EF612C71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{923CD41F-9B3A-4274-A4D5-0A5A4C1CC192}" = protocol=17 | dir=in | app=d:\programy\steam\bin\steamwebhelper.exe | "{930F3736-1981-4825-B724-CE0842B2E0F4}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{9758580F-7946-4590-93F7-AE74C1D9DC4D}" = protocol=6 | dir=in | app=c:\torrentex\torrentex.exe | "{9DF09F04-18C2-4DDB-A796-DFA9EBDA9BDC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{A41143AF-DD92-4138-96D9-BC7621F7CD70}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe | "{B0A57BC4-C52F-4A65-8BD0-46FBD6765BAF}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{B561C84D-C0BC-4E41-8B4C-FA1752E8A07A}" = protocol=6 | dir=in | app=d:\programy\steam\bin\steamwebhelper.exe | "{BCDC73B3-FF85-4876-AD4E-45C694FE73C7}" = protocol=17 | dir=in | app=c:\torrentex\torrentex.exe | "{BDDB1435-0FD3-4FEC-A667-3AF01CDD911D}" = protocol=17 | dir=in | app=e:\gry (na d nie ma miejsca)\assassinscreed_launcher.exe | "{C08039D6-E4E0-4CE7-BF6A-A2816D3C6BF6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C1167C12-5BD3-46A2-845F-33A0A51D9F35}" = protocol=6 | dir=in | app=c:\users\kropecznik\appdata\roaming\utorrent\utorrent.exe | "{C175DB0D-19D3-4C72-B849-F9FEF3BD630F}" = protocol=17 | dir=in | app=d:\programy\steam\steam.exe | "{C8A70D20-C9A9-43EF-AEF3-79AE67A89106}" = protocol=17 | dir=in | app=d:\programy\kmsnano\qemu-system-i386.exe | "{C8B40E2F-31BA-4E50-B205-9262E6E8CEE2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CFC6BD89-3F87-40FF-A7CA-3A19EBFDA4C9}" = protocol=6 | dir=in | app=d:\programy\napiprojekt\napisy.exe | "{DB6EC57B-C444-455F-9064-616C3AF8D54D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{DCCCE2F6-AEC9-44F0-BE3F-A79B083259C2}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "{EA6A6AC5-01B4-4BB2-B455-C3E75592E6F7}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\one unit whole blood\dosbox.exe | "{F335844F-3032-489F-91DE-8187AD25C16A}" = protocol=17 | dir=in | app=d:\programy\napiprojekt\napisy.exe | "{FBF35572-AA85-4922-A0CC-7211623B62B7}" = protocol=17 | dir=in | app=d:\programy\napiprojekt\napisy.exe | "{FD6808EE-5B16-48DC-BC32-5640FFA07600}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe | "TCP Query User{1099A4C6-6257-48BC-86C3-20FD830075D9}D:\gry\the settlers ii original\s25client.exe" = protocol=6 | dir=in | app=d:\gry\the settlers ii original\s25client.exe | "TCP Query User{267B9D79-F99D-4FC4-B86C-012FD0DC741A}D:\gry\the settlers ii original\s25client.exe" = protocol=6 | dir=in | app=d:\gry\the settlers ii original\s25client.exe | "TCP Query User{600696A6-AB27-461E-85ED-C5E0C04614ED}D:\gry\quake\darkplaces.exe" = protocol=6 | dir=in | app=d:\gry\quake\darkplaces.exe | "TCP Query User{8DF20357-7313-4658-B757-CF8B5385D65A}C:\users\kropecznik\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe" = protocol=6 | dir=in | app=c:\users\kropecznik\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe | "TCP Query User{C44D7887-707C-4CC0-81AC-D6BDFED9272C}D:\gry\doom game pack\zandronum\zandronum.exe" = protocol=6 | dir=in | app=d:\gry\doom game pack\zandronum\zandronum.exe | "UDP Query User{295406FC-FD29-4BF4-8E58-A987E41044CF}D:\gry\doom game pack\zandronum\zandronum.exe" = protocol=17 | dir=in | app=d:\gry\doom game pack\zandronum\zandronum.exe | "UDP Query User{81EA607C-2CAE-4B95-A93A-E35634196850}D:\gry\the settlers ii original\s25client.exe" = protocol=17 | dir=in | app=d:\gry\the settlers ii original\s25client.exe | "UDP Query User{8CBED6A9-DC2B-4037-B0A7-57CA3A4B6137}D:\gry\quake\darkplaces.exe" = protocol=17 | dir=in | app=d:\gry\quake\darkplaces.exe | "UDP Query User{8CEA22ED-8CC1-4907-BCFF-8C9B4160C45C}D:\gry\the settlers ii original\s25client.exe" = protocol=17 | dir=in | app=d:\gry\the settlers ii original\s25client.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00F14E5B-E07A-2A1E-6788-580773CE1486}" = CCC Help English "{058CA84F-0C78-400F-9D47-16486F02E500}_is1" = Pazera FLAC to MP3 Converter 1.1 "{099218A5-A723-43DC-8DB5-6173656A1E94}" = Dropbox Update Helper "{0A036215-0A8D-6FBE-7EA3-7AED4F9E162A}" = CCC Help Turkish "{1231238A-E793-4030-A068-0E0A2643B8E3}" = ESET NOD32 Antivirus "{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 "{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6 "{15A05AAA-37E7-D516-5BE9-C960C2170403}" = CCC Help Czech "{21E9850E-58C2-FA88-D5AD-B64D253B8F82}" = CCC Help Thai "{228B6C3A-A712-4972-AEB0-E37E83E881E9}" = Nero Burning Core "{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs "{25A7270E-1B63-DFD1-ACBC-88852A305398}" = CCC Help Chinese Traditional "{2E69E784-F84A-9A18-7D8E-4EB8504EEE1E}" = CCC Help Danish "{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 "{33E1C9A1-60A7-4D34-A7B6-6C65FF9AE4A7}_is1" = Life Is Strange "{362614E4-9ABB-E7A7-CDDC-239AB168060A}" = CCC Help Japanese "{3DF7D356-6225-8717-AFC2-91D5C1521036}" = AMD Media Foundation Decoders "{4745F6F8-09DA-CC39-EC19-0E8D764CF2B7}" = CCC Help Chinese Standard "{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1 "{4FA31DE2-B613-24BB-1738-B655C00B1C9D}" = CCC Help Hungarian "{58771CF6-F212-CC4D-61B1-45CC70B6375C}" = CCC Help Dutch "{5909A89E-C97F-407C-AE2B-47BDED86BF5D}" = Prerequisite installer "{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = The Saboteur™ "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{6D5CE5F1-CBB0-9ED4-1A1E-91DDCD6225FD}" = CCC Help Italian "{6FB6D550-DDC4-4996-9CDF-91C34F0A4C4A}" = Gothic II Złota Edycja "{707210B0-29F1-C550-BA96-6ECDA245CF24}" = CCC Help Spanish "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{758A4269-70E5-4B11-B419-F692882408A9}" = Gothic "{799AFA36-4EA5-4323-8689-74C06645A26B}" = Prerequisite installer "{7DEF9F2B-97EE-432E-91D9-FF39816B29D6}" = Nero BurningROM 2015 "{7F644A4B-C9A7-E419-BFD9-75DFA0EE57DB}" = AMD Accelerated Video Transcoding "{812B956B-37AB-24B9-4527-78A6D3ECE7F8}" = CCC Help Korean "{83293709-B863-0EF6-00DA-B026D486E8B5}" = CCC Help Polish "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding "{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed "{8D5B19AA-3D3A-5870-C9A0-346EBC5DB21E}" = ccc-utility "{90150000-0015-0409-0000-0000000FF1CE}" = Microsoft Access MUI (English) 2013 "{90150000-0016-0409-0000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013 "{90150000-0018-0409-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013 "{90150000-0019-0409-0000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013 "{90150000-001A-0409-0000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013 "{90150000-001B-0409-0000-0000000FF1CE}" = Microsoft Word MUI (English) 2013 "{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English "{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français "{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español "{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013 "{90150000-0044-0409-0000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013 "{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013 "{90150000-0090-0409-0000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013 "{90150000-00A1-0409-0000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013 "{90150000-00BA-0409-0000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013 "{90150000-00E1-0409-0000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013 "{90150000-00E2-0409-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013 "{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013 "{90150000-0117-0409-0000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013 "{90150000-012B-0409-0000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013 "{91150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013 "{911904DE-EBB6-BC8E-D5BD-762B7DB42C46}" = CCC Help Greek "{96166C8A-8F66-484F-94DC-323665A2DE56}" = TRS2006 "{9903011B-5F1D-A2A1-8078-EE62B3324CCE}" = CCC Help Portuguese "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A7F1628-2126-34A5-852D-2B93328BCF3F}" = CCC Help German "{9D780839-6E97-4E2A-A5F7-711AF221B609}" = Nero Launcher "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A8F3D79A-E5C9-4C9B-86AB-DFDDEFE9517D}" = System Requirements Lab Detection "{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter "{AC76BA86-0804-1033-1959-001824166751}" = Adobe Refresh Manager "{AC76BA86-7AD7-1045-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC - Polish "{AE6C422B-DADB-D547-411C-E9E56DF03D16}" = CCC Help Russian "{B09567CC-E43F-10F1-752D-549AC7FB0C43}" = CCC Help Finnish "{B0E4ACBC-4CFA-4B6D-9B7B-E13C171BCC23}" = Nero Burning ROM 2014 "{B166374C-105E-445E-8E5D-A86CA5742645}" = Nero Burning Core "{B170B91D-E8E3-A6A3-D129-D8E36FEA8A0B}" = CCC Help Norwegian "{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 "{B3756FCF-13D3-460B-88D5-33CB88CE6CFA}" = Nero Burning ROM "{B791E0AB-87A9-41A4-8D98-D13C2E37D928}" = Nero Info "{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 "{BD96ABD3-D1D4-5513-6C60-11476D6DCFC5}" = Catalyst Control Center Localization All "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components "{BF634210-A0D4-443F-A657-0DCE38040374}_is1" = LOOT wersja 0.8.1 "{C02C8C82-197C-46C1-AD18-EB0F5BF49F8A}_is1" = OSDownloader "{C39C7876-4D21-8A38-0A42-B5C8858EC6C7}" = CCC Help French "{C83B8B35-C2C4-3302-9A6E-C2AF1A59E8D6}" = Microsoft .NET Framework 4.5.1 (PLK) "{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0 "{CDFE8F95-F80F-4115-9C3F-0E1FD8F9F58C}" = Nero ControlCenter Help (CHM) "{D4236B82-213F-679E-09A2-9AEB5EF4CADC}" = Catalyst Control Center Graphics Previews Common "{DA54D3F7-4915-1A37-7EA8-2741F05B77AC}" = HydraVision "{DBA18992-B9F3-950D-E973-6ED23422EA73}" = AMD Drag and Drop Transcoding "{E43B4909-141E-DFF3-8C58-62B5E4D66BBA}" = AMD Catalyst Install Manager "{EBBD4FE6-91DA-C397-6D56-FE85DBF24FCF}" = Catalyst Control Center "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 "{F2B9C8D6-C69C-4BA7-95D2-66F1C68D15DA}" = Nero Burning ROM "{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 "{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 "{FA78CC15-9F90-443B-BA61-A66595F06432}" = Nero Burning ROM Help (CHM) "{FCEFDA6B-63CD-BB17-B845-478A42E24D39}" = CCC Help Swedish "ACDSee" = ACDSee "Adobe Flash Player ActiveX" = Adobe Flash Player 20 ActiveX "Adobe Flash Player NPAPI" = Adobe Flash Player 21 NPAPI "Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0 "BG1_is1" = Baldur's Gate "Call of Juarez - Gunslinger_R.G. Mechanics_is1" = Call of Juarez - Gunslinger "CCleaner" = CCleaner "Chicken Invaders 5 - Cluck of the Dark Side1.1" = Chicken Invaders 5 - Cluck of the Dark Side "Dropbox" = Dropbox "Exact Audio Copy" = Exact Audio Copy 1.1 "GOTHIC1 - Wersja klasyczna - 'Pakiet systemowy'" = GOTHIC1 - Wersja klasyczna - 'Pakiet systemowy' "Guitar Pro 5_is1" = Guitar Pro 5.2 "KaraFun Player_is1" = KaraFun Player "LAME_is1" = LAME v3.99.3 (for Windows) "LastFM_is1" = Last.fm Scrobbler 2.1.37 "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 2.2.1.1043 "Media Center 21" = JRiver Media Center 21 "MHAudioConverter_is1" = MediaHuman Audio Converter wersja 1.9.5.2 "Mozilla Firefox 45.0.1 (x86 pl)" = Mozilla Firefox 45.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NapiProjekt_is1" = NapiProjekt (2.2.0.2399) "NVH Production - KaraFun Studio 1.20" = NVH Production - KaraFun Studio 1.20 "Odkurzacz 13.5_is1" = Odkurzacz "Office15.PROPLUSR" = Microsoft Office Professional Plus 2013 "Origin" = Origin "Rockstar Games Social Club" = Rockstar Games Social Club "S2TNG" = The Settlers II - 10th Anniversary "SpyHunter" = SpyHunter 4 "Steam App 110800" = L.A. Noire "Steam App 12120" = Grand Theft Auto: San Andreas "Steam App 253920" = Gorky 17 "Steam App 299030" = Blood: One Unit Whole Blood "Steam App 41000" = Serious Sam HD: The First Encounter "Steam App 72850" = The Elder Scrolls V: Skyrim "The Elder Scrolls V Skyrim Dragonborn (c) Bethes~300CD4A2_is1" = The Elder Scrolls V Skyrim Dragonborn (c) Bethesda Softworks version 1 "Unlocker" = Unlocker 1.9.2 "VLC media player" = VLC media player "WinRAR archiver" = WinRAR 5.21 (32-bitowy) [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3290753359-997226432-1631314917-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2015-12-06 06:57:14 | Computer Name = Gruchot | Source = WinMgmt | ID = 10 Description = Error - 2015-12-06 21:01:12 | Computer Name = Gruchot | Source = WinMgmt | ID = 10 Description = Error - 2015-12-07 08:13:45 | Computer Name = Gruchot | Source = WinMgmt | ID = 10 Description = Error - 2015-12-08 07:55:04 | Computer Name = Gruchot | Source = WinMgmt | ID = 10 Description = Error - 2015-12-09 11:04:01 | Computer Name = Gruchot | Source = WinMgmt | ID = 10 Description = Error - 2015-12-10 02:48:55 | Computer Name = Gruchot | Source = WinMgmt | ID = 10 Description = Error - 2015-12-10 10:26:18 | Computer Name = Gruchot | Source = WinMgmt | ID = 10 Description = Error - 2015-12-11 02:41:02 | Computer Name = Gruchot | Source = WinMgmt | ID = 10 Description = Error - 2015-12-11 10:56:47 | Computer Name = Gruchot | Source = WinMgmt | ID = 10 Description = Error - 2015-12-12 08:31:35 | Computer Name = Gruchot | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 2015-11-26 20:10:20 | Computer Name = Gruchot | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1. Error - 2015-11-27 19:41:40 | Computer Name = Gruchot | Source = DCOM | ID = 10010 Description = Error - 2015-11-27 19:41:51 | Computer Name = Gruchot | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1. Error - 2015-11-28 13:02:34 | Computer Name = Gruchot | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1. Error - 2015-11-30 10:30:04 | Computer Name = Gruchot | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk3\DR3. Error - 2015-12-01 15:28:24 | Computer Name = Gruchot | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error - 2015-12-01 19:46:57 | Computer Name = Gruchot | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1. Error - 2015-12-03 20:59:43 | Computer Name = Gruchot | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1. Error - 2015-12-04 10:31:59 | Computer Name = Gruchot | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk3\DR3. Error - 2015-12-04 21:31:30 | Computer Name = Gruchot | Source = volsnap | ID = 393252 Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. < End of report >

Będę wdzięczny za wszelką pomoc.

**Posty:** 4765 · przez **ordynat** 23 Mar 2016, 22:57

Całkiem czysto to nie jest, ale nie masz takiej infekcji, która blokowałaby "explorer.exe".

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
SRV - [2016-03-22 06:48:40 | 000,104,680 | ---- | M] (TData.com) [Auto | Running] -- C:\Program Files\TData\TData.exe -- (TDataSvr)
[2016-03-23 15:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\TData

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt.

Zrób logi z FRST > http://forum.programosy.pl/frst-otl-zoek-vt139692.html
Przed skanem zaznacz "Addition.txt".
.

Autor postu otrzymał pochwałę

**Posty:** 6 · przez **kropecznik** 23 Mar 2016, 23:57

Kod: Zaznacz wszystko: Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:05-03-2016 01 Uruchomiony przez Kropecznik (administrator) GRUCHOT (23-03-2016 22:52:16) Uruchomiony z C:\Users\Kropecznik\Desktop Załadowane profile: Kropecznik (Dostępne profile: Kropecznik) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Adobe Systems Incorporated) D:\Programy\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (Malwarebytes) D:\Programy\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) D:\Programy\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes) D:\Programy\Malwarebytes Anti-Malware\mbam.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Nero AG) C:\Program Files\Nero\Update\NASvc.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25577864 2016-03-12] (Dropbox, Inc.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5089480 2015-07-08] (ESET) HKLM\...\RunOnce: [OTL] => C:\Users\Kropecznik\Desktop\OTL.exe [602112 2016-03-23] (OldTimer Tools) HKLM\...\Winlogon: [Userinit] wscript, HKLM\...\Winlogon: [Shell] "explorer.exe" [x ] () HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\Run: [uTorrent] => C:\Users\Kropecznik\AppData\Roaming\uTorrent\uTorrent.exe [2094080 2016-03-05] (BitTorrent Inc.) HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\Run: [Steam] => D:\Programy\Steam\steam.exe [3074128 2016-03-10] (Valve Corporation) HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-11-16] (AMD) HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\Run: [EADM] => D:\Programy\Origin\Origin.exe [3639280 2016-02-02] (Electronic Arts) HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6667992 2016-03-11] (Piriform Ltd) HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\MountPoints2: K - K:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\MountPoints2: {327adbef-accf-11e5-8a4a-001d7dc573e9} - K:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\MountPoints2: {327add0c-accf-11e5-8a4a-001d7dc573e9} - K:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\MountPoints2: {484f7af1-11c2-11e5-bb69-001d7dc573e9} - K:\autorun.exe HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\MountPoints2: {ca733aec-1fe1-11e5-9b83-001d7dc573e9} - H:\autorun.exe HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\MountPoints2: {f853d535-53c8-11e5-8e7d-001d7dc573e9} - L:\setup.exe ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: 0.0.0.0 keystone.mwbsys.com Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{A2C94BC5-B0AF-4F6A-9CB6-CE9EFF3DD2DE}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{BB70AA72-0B71-4617-BA9C-8ECB72910A10}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Kropecznik\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 FF DefaultSearchEngine: hohosearch FF SelectedSearchEngine: hohosearch FF Homepage: hxxp://google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-15] () FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-22] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-22] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.2.1 -> d:\Programy\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Kropecznik\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-03-22] FF Extension: YouTube™ Enhancer Plus - C:\Users\Kropecznik\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\firefoxaddon@youtubeenhancer.com.xpi [2016-03-06] FF Extension: Brak nazwy - C:\Users\Kropecznik\AppData\Roaming\Mozilla\Firefox\Profiles\kfp8rkkk.default\extensions\deskCutv2@gmail.com [nie znaleziono] FF Extension: YouTube™ Enhancer Plus - C:\Users\Kropecznik\AppData\Roaming\Mozilla\Firefox\Profiles\kfp8rkkk.default\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2016-03-06] FF Extension: Adblock Plus - C:\Users\Kropecznik\AppData\Roaming\Mozilla\Firefox\Profiles\kfp8rkkk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24] FF Extension: Adblock Plus - C:\Users\Kropecznik\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24] FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-21] [Brak podpisu cyfrowego] Chrome: ======= CHR HomePage: Default -> hxxp://www.istartpageing.com/?type=hp&ts=1451689115&z=7a170741804963a9fd0a096g8z6w8g9q5b9tdg4gfw&from=cor&uid=wdcxwd3200aajb-00tya0_wd-wcapz273001030010 CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://mail.google.com/mail/u/1/#inbox","hxxp://www.lastfm.pl/user/kropecznik","hxxp://www.meczyki.pl/" CHR Profile: C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (h264ify) - C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleakchihdccplidncghkekgioiakgal [2016-03-23] CHR Extension: (Dokumenty Google) - C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-22] CHR Extension: (Adblock Plus) - C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-23] CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2016-03-23] CHR Extension: (AdBlock) - C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-23] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-22] CHR Extension: (Enhanced Steam) - C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2016-03-23] CHR Extension: (Enhancer for YouTube™) - C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2016-03-23] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AdobeActiveFileMonitor7.0; D:\Programy\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated) S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-02] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-02] (Dropbox, Inc.) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1353720 2015-07-08] (ESET) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2015-08-17] (Macrovision Europe Ltd.) [Brak podpisu cyfrowego] R2 MBAMScheduler; D:\Programy\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; D:\Programy\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S3 Media Center 21 Service; C:\Program Files\J River\Media Center 21\JRService.exe [399648 2016-03-23] (JRiver, Inc.) [Brak podpisu cyfrowego] R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [786256 2014-07-15] (Nero AG) S3 Origin Client Service; D:\Programy\Origin\OriginClientService.exe [2104840 2016-02-02] (Electronic Arts) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-11-10] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25104 2015-06-13] (Disc Soft Ltd) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202704 2015-07-13] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [144536 2015-07-13] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [132152 2015-07-13] (ESET) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-03-22] () S3 jrvad_service; C:\Windows\System32\drivers\JRiverWDMDriver.sys [32256 2014-10-20] (JRiver, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-03-23] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [Brak podpisu cyfrowego] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-03-23 22:52 - 2016-03-23 22:52 - 00013114 _____ C:\Users\Kropecznik\Desktop\FRST.txt 2016-03-23 22:51 - 2016-03-23 22:52 - 00000000 ____D C:\FRST 2016-03-23 22:50 - 2016-03-23 22:50 - 01725440 _____ (Farbar) C:\Users\Kropecznik\Desktop\FRST.exe 2016-03-23 22:43 - 2016-03-23 22:43 - 00000000 ____D C:\_OTL 2016-03-23 20:01 - 2016-03-23 20:01 - 00057290 _____ C:\Users\Kropecznik\Desktop\Extras.Txt 2016-03-23 19:58 - 2016-03-23 19:58 - 00074964 _____ C:\Users\Kropecznik\Desktop\OTL.Txt 2016-03-23 18:39 - 2016-03-23 18:39 - 00602112 _____ (OldTimer Tools) C:\Users\Kropecznik\Desktop\OTL.exe 2016-03-23 18:28 - 2016-03-23 18:28 - 00380928 _____ C:\Users\Kropecznik\Desktop\o3f4mudb.exe 2016-03-23 18:26 - 2016-03-23 18:26 - 00496160 _____ (Duplex Secure Ltd) C:\Users\Kropecznik\Desktop\SPTDinst-v189-x86.exe 2016-03-23 16:56 - 2016-03-23 18:03 - 00000080 _____ C:\Users\Kropecznik\Desktop\Saboteur - skrót.lnk 2016-03-23 16:56 - 2016-03-23 18:03 - 00000080 _____ C:\Users\Kropecznik\Desktop\Karol - skrót.lnk 2016-03-23 16:56 - 2016-03-23 18:03 - 00000080 _____ C:\Users\Kropecznik\Desktop\DTLite - skrót.lnk 2016-03-23 16:56 - 2016-03-23 18:03 - 00000080 _____ C:\Users\Kropecznik\Desktop\AssassinsCreed_Dx10 - skrót.lnk 2016-03-23 16:34 - 2016-03-23 22:47 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-03-23 16:24 - 2016-03-23 18:03 - 00000734 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-03-23 16:23 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-03-23 16:23 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-03-23 16:23 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-03-23 16:01 - 2016-03-23 16:02 - 00000000 ____D C:\Users\Kropecznik\AppData\Local\app 2016-03-23 15:58 - 2016-03-23 15:58 - 00000266 __RSH C:\Users\Kropecznik\ntuser.pol 2016-03-23 15:32 - 2016-03-23 15:27 - 00001006 _____ C:\Users\Kropecznik\Desktop\hp.bak 2016-03-23 15:26 - 2016-03-23 15:26 - 00000648 __RSH C:\ProgramData\ntuser.pol 2016-03-23 14:43 - 2016-03-23 14:43 - 00000000 ____D C:\Users\Kropecznik\Desktop\ŚWIĘTE INSTALKI 2016-03-23 14:42 - 2016-03-23 15:31 - 00000000 ____D C:\Program Files\Unlocker 2016-03-23 14:42 - 2016-03-23 14:42 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker 2016-03-23 14:34 - 2016-03-23 18:03 - 00000847 _____ C:\Users\Kropecznik\Desktop\MediaHuman Audio Converter.lnk 2016-03-23 14:34 - 2016-03-23 14:34 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaHuman 2016-03-23 14:33 - 2016-03-23 14:33 - 00000000 ____D C:\Users\Kropecznik\AppData\Local\MediaHuman 2016-03-23 13:40 - 2016-03-23 18:03 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-03-23 13:40 - 2016-03-23 13:43 - 00000000 ____D C:\Program Files\CCleaner 2016-03-23 13:31 - 2016-03-23 13:31 - 00018386 _____ C:\Users\Kropecznik\Downloads\[rutracker.org].t3260313.torrent 2016-03-23 13:09 - 2016-03-23 13:09 - 00000000 ____D C:\Program Files\J River 2016-03-23 13:09 - 2015-08-05 14:24 - 00553248 ____N (JRiver, Inc.) C:\Windows\system32\MC21.exe 2016-03-23 12:42 - 2014-10-20 22:26 - 00032256 _____ (JRiver, Inc.) C:\Windows\system32\Drivers\JRiverWDMDriver.sys 2016-03-23 12:39 - 2016-03-23 18:43 - 00000000 ____D C:\Windows\system32\appmgmt 2016-03-23 01:26 - 2010-05-13 18:34 - 00014232 _____ C:\Windows\system32\sh4native.exe 2016-03-22 23:20 - 2016-03-23 18:03 - 00001728 _____ C:\Users\Kropecznik\Desktop\Google Chrome.lnk 2016-03-22 23:16 - 2016-03-23 18:03 - 00001707 _____ C:\Users\Kropecznik\Desktop\SPYHUNTER DO cenzura! TYCH MALWARE'ÓW cenzura!.lnk 2016-03-22 21:52 - 2016-03-22 22:00 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2016-03-22 21:06 - 2016-03-22 21:06 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\Enigma Software Group 2016-03-22 21:05 - 2016-03-22 21:05 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys 2016-03-22 21:04 - 2016-03-22 22:02 - 00000000 ____D C:\Program Files\Enigma Software Group 2016-03-22 19:26 - 2016-03-22 19:28 - 00000000 ____D C:\Users\Public\Documents\dmp 2016-03-22 18:36 - 2016-03-22 18:36 - 00001363 _____ C:\Users\Kropecznik\Desktop\AssassinsCreed_Dx10 — skrót.lnk 2016-03-22 16:27 - 2016-03-22 16:27 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\Ubisoft 2016-03-22 16:17 - 2016-03-22 16:17 - 00000000 ____D C:\ProgramData\Ubisoft 2016-03-22 16:05 - 2016-03-22 16:05 - 00001107 _____ C:\Users\Kropecznik\Desktop\DTLite — skrót.lnk 2016-03-21 19:02 - 2016-03-21 19:02 - 00049560 _____ C:\Users\Kropecznik\Desktop\deklaracja-przedmiotow-15-16Z.pdf 2016-03-21 02:54 - 2016-03-22 23:19 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-03-19 20:02 - 2016-03-19 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-03-19 17:38 - 2016-03-20 16:59 - 00000000 ____D C:\Users\Kropecznik\Desktop\Zdjęcia laguny do przeróbki kolorów 2016-03-18 20:20 - 2016-03-18 20:20 - 00000000 ____D C:\Users\Kropecznik\AppData\Local\Sparta 2016-03-13 20:02 - 2016-03-13 20:02 - 00000000 ____D C:\Users\Kropecznik\AppData\Local\techland 2016-03-13 20:02 - 2016-03-13 20:02 - 00000000 ____D C:\ProgramData\Steam 2016-03-13 20:01 - 2016-03-23 18:03 - 00000842 _____ C:\Users\Kropecznik\Desktop\Call of Juarez - Gunslinger.lnk 2016-03-13 20:01 - 2016-03-13 20:01 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\Call of Juarez - Gunslinger_Uninstall 2016-03-12 14:18 - 2016-03-12 14:19 - 00000000 ____D C:\Users\Kropecznik\Desktop\wallie 2016-03-07 23:11 - 2016-03-07 23:11 - 00000000 ____D C:\Users\Kropecznik\AppData\Local\GHISLER 2016-03-07 21:06 - 2016-03-07 21:06 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\Macromedia 2016-03-07 21:06 - 2016-03-07 21:06 - 00000000 ____D C:\Users\Kropecznik\AppData\Local\Macromedia 2016-03-06 15:58 - 2016-03-06 16:00 - 44215852 _____ C:\Users\Kropecznik\Desktop\Wstęp do filologii słowiańskiej - Leszek Moszyński.pdf 2016-03-05 17:11 - 2016-03-23 15:59 - 00000000 ____D C:\Users\Kropecznik\AppData\LocalLow\uTorrent 2016-03-02 13:52 - 2016-03-02 13:52 - 18511040 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe 2016-03-02 13:50 - 2016-03-15 12:30 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-03-01 21:19 - 2016-03-19 13:17 - 00000000 ____D C:\Users\Kropecznik\Desktop\cenzura! 2016-03-01 15:30 - 2016-03-01 17:27 - 00002099 _____ C:\Users\Kropecznik\Desktop\oferty pracy.txt 2016-02-23 16:12 - 2016-03-23 18:03 - 00001069 _____ C:\Users\Kropecznik\Desktop\JESZCZE STARSZY PULPIT.lnk ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-03-23 22:46 - 2015-07-02 15:13 - 00001144 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-03-23 22:46 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-23 22:41 - 2015-07-02 15:13 - 00001148 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-03-23 20:19 - 2015-06-13 12:59 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\uTorrent 2016-03-23 20:18 - 2015-06-14 14:58 - 00000000 ____D C:\Windows\Minidump 2016-03-23 20:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf 2016-03-23 20:00 - 2015-06-12 19:47 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\Winamp 2016-03-23 18:42 - 2015-12-13 20:39 - 00000000 ____D C:\Users\Kropecznik\.VirtualBox 2016-03-23 18:41 - 2009-07-14 05:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-03-23 18:41 - 2009-07-14 05:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-03-23 18:05 - 2015-08-17 20:28 - 00000791 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 7.0.lnk 2016-03-23 18:05 - 2015-07-07 21:16 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-03-23 18:05 - 2015-06-12 20:27 - 00001857 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-03-23 18:05 - 2013-11-14 21:59 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2016-03-23 18:05 - 2013-11-14 21:59 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2016-03-23 18:05 - 2009-07-14 05:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-03-23 18:05 - 2009-07-14 05:42 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2016-03-23 18:05 - 2009-07-14 05:42 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2016-03-23 18:05 - 2009-07-14 05:42 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2016-03-23 18:04 - 2015-06-12 19:07 - 00001433 _____ C:\Users\Kropecznik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-03-23 18:04 - 2009-07-14 05:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2016-03-23 18:04 - 2009-07-14 05:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2016-03-23 18:03 - 2016-02-13 23:02 - 00000906 _____ C:\Users\Kropecznik\Desktop\Chicken Invaders 5 - Cluck of the Dark Side.lnk 2016-03-23 18:03 - 2016-01-26 13:40 - 00001325 _____ C:\Users\Kropecznik\Desktop\LifeIsStrange.lnk 2016-03-23 18:03 - 2015-08-19 19:16 - 00001538 _____ C:\Users\Kropecznik\Desktop\Moje pieniądze.lnk 2016-03-23 18:03 - 2015-08-19 19:16 - 00000784 _____ C:\Users\Kropecznik\Desktop\K O N R A D.lnk 2016-03-23 18:03 - 2015-08-19 19:16 - 00000693 _____ C:\Users\Kropecznik\Desktop\SETLERY !!!!!.lnk 2016-03-23 18:03 - 2015-08-18 11:13 - 00000724 _____ C:\Users\Kropecznik\Desktop\HoMM3 HD.lnk 2016-03-23 17:00 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Globalization 2016-03-23 16:58 - 2009-07-14 05:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-03-23 16:57 - 2015-12-14 13:41 - 00000000 ____D C:\Users\Kropecznik\Desktop\STARY PULPIT 2016-03-23 16:57 - 2015-07-12 18:05 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2016-03-23 16:02 - 2015-11-18 20:40 - 00000000 ____D C:\ProgramData\Origin 2016-03-23 16:01 - 2015-07-02 15:25 - 00000000 ___RD C:\Users\Kropecznik\Dropbox 2016-03-23 16:01 - 2015-07-02 15:13 - 00000000 ____D C:\Users\Kropecznik\AppData\Local\Dropbox 2016-03-23 15:58 - 2015-06-12 19:07 - 00000000 ____D C:\Users\Kropecznik 2016-03-23 15:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\GroupPolicy 2016-03-23 15:11 - 2016-01-01 23:50 - 00000000 ____D C:\ProgramData\OSDownloader 2016-03-23 15:00 - 2009-07-14 05:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-03-23 13:49 - 2015-06-13 15:22 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\DAEMON Tools Lite 2016-03-23 13:45 - 2015-07-10 15:36 - 00000000 ____D C:\Users\Kropecznik\AppData\Local\ElevatedDiagnostics 2016-03-23 13:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF 2016-03-23 13:28 - 2015-06-12 19:53 - 00000000 ____D C:\Users\Kropecznik\AppData\Local\Last.fm 2016-03-23 13:24 - 2015-10-04 14:16 - 00000607 _____ C:\Users\Kropecznik\Desktop\PŁYTY TAK cenzura!, ŻE WARTO KUPIĆ ORYGINAŁY.txt 2016-03-23 12:41 - 2015-11-23 21:43 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\J River 2016-03-22 23:22 - 2016-01-01 23:50 - 00000000 ____D C:\Program Files\OSDownloader 2016-03-22 20:59 - 2015-07-01 13:20 - 00000000 ____D C:\Program Files\Internet Manager 2016-03-22 20:11 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Registration 2016-03-22 16:08 - 2015-09-05 20:50 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2016-03-22 15:32 - 2015-06-15 04:06 - 00000000 ____D C:\Users\Kropecznik\AppData\Local\Adobe 2016-03-19 20:03 - 2015-07-02 15:13 - 00000000 ____D C:\Program Files\Dropbox 2016-03-19 15:38 - 2015-06-15 04:44 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\vlc 2016-03-15 12:10 - 2015-06-15 04:10 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-03-15 12:10 - 2015-06-15 04:10 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-03-12 16:56 - 2015-06-25 20:16 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\Audacity 2016-02-26 19:53 - 2011-04-12 06:08 - 00739694 _____ C:\Windows\system32\perfh015.dat 2016-02-26 19:53 - 2011-04-12 06:08 - 00155268 _____ C:\Windows\system32\perfc015.dat 2016-02-26 19:53 - 2010-11-20 22:01 - 01668226 _____ C:\Windows\system32\PerfStringBackup.INI 2016-02-24 14:14 - 2015-09-26 13:55 - 00000218 _____ C:\Users\Kropecznik\Desktop\ALBUMY DO OGARNIĘCIA, BO PODOBNO DOBRE.txt 2016-02-23 16:19 - 2015-09-25 16:55 - 00000000 ____D C:\Users\Kropecznik\AppData\Local\ChomikBox 2016-02-23 16:13 - 2015-09-25 16:55 - 00000000 ____D C:\Users\Kropecznik\.gstreamer-0.10 ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-12-13 20:27 - 2015-12-13 20:38 - 0002666 _____ () C:\Users\Kropecznik\AppData\Roaming\droid4xinstaller.log 2015-09-19 19:01 - 2015-09-19 19:01 - 0003584 _____ () C:\Users\Kropecznik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-03-22 00:06 ==================== Koniec FRST.txt ============================

Kod: Zaznacz wszystko: Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x86) Wersja:05-03-2016 01 Uruchomiony przez Kropecznik (2016-03-23 22:53:13) Uruchomiony z C:\Users\Kropecznik\Desktop Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2015-06-12 18:06:53) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-3290753359-997226432-1631314917-500 - Administrator - Disabled) Gość (S-1-5-21-3290753359-997226432-1631314917-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3290753359-997226432-1631314917-1004 - Limited - Enabled) Kropecznik (S-1-5-21-3290753359-997226432-1631314917-1001 - Administrator - Enabled) => C:\Users\Kropecznik ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) µTorrent (HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.) ACDSee (HKLM\...\ACDSee) (Version: - ) Adobe Acrobat Reader DC - Polish (HKLM\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated) Adobe Photoshop Elements 7.0 (HKLM\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{E43B4909-141E-DFF3-8C58-62B5E4D66BBA}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) Assassin's Creed (HKLM\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft) Baldur's Gate (HKLM\...\BG1_is1) (Version: - ) Blood: One Unit Whole Blood (HKLM\...\Steam App 299030) (Version: - Monolith Productions) Call of Juarez - Gunslinger (HKLM\...\Call of Juarez - Gunslinger_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91) CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform) Chicken Invaders 5 - Cluck of the Dark Side (HKLM\...\Chicken Invaders 5 - Cluck of the Dark Side1.1) (Version: 1.1 - Foxy Games) Dropbox (HKLM\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.) Dropbox Update Helper (Version: 1.3.27.33 - Dropbox, Inc.) Hidden ESET NOD32 Antivirus (HKLM\...\{1231238A-E793-4030-A068-0E0A2643B8E3}) (Version: 8.0.319.0 - ESET, spol s r. o.) Exact Audio Copy 1.1 (HKLM\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff) Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden Gorky 17 (HKLM\...\Steam App 253920) (Version: - ) Gothic (HKLM\...\{758A4269-70E5-4B11-B419-F692882408A9}) (Version: 1.08 - Piranha Bytes) Gothic II Złota Edycja (HKLM\...\{6FB6D550-DDC4-4996-9CDF-91C34F0A4C4A}) (Version: 2.6 - JoWood) GOTHIC1 - Wersja klasyczna - 'Pakiet systemowy' (HKLM\...\GOTHIC1 - Wersja klasyczna - 'Pakiet systemowy') (Version: 1.1 - World of Gothic RU © 2014) Grand Theft Auto: San Andreas (HKLM\...\Steam App 12120) (Version: - Rockstar Games) Guitar Pro 5.2 (HKLM\...\Guitar Pro 5_is1) (Version: - Arobas Music) Guitar Pro 6 (HKLM\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music) HydraVision (Version: 4.2.234.0 - Advanced Micro Devices, Inc.) Hidden JRiver Media Center 21 (HKLM\...\Media Center 21) (Version: 21 - J. River, Inc.) KaraFun Player (HKLM\...\KaraFun Player_is1) (Version: 1.20.86.771 - Recisio) L.A. Noire (HKLM\...\Steam App 110800) (Version: - Team Bondi) LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - ) Last.fm Scrobbler 2.1.37 (HKLM\...\LastFM_is1) (Version: - Last.fm) Life Is Strange (HKLM\...\{33E1C9A1-60A7-4D34-A7B6-6C65FF9AE4A7}_is1) (Version: EP 1.2.3.4.5 - Square Enix) LOOT wersja 0.8.1 (HKLM\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.8.1 - LOOT Team) Malwarebytes Anti-Malware wersja 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MediaHuman Audio Converter wersja 1.9.5.2 (HKLM\...\MHAudioConverter_is1) (Version: 1.9.5.2 - MediaHuman) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 45.0.1 (x86 pl) (HKLM\...\Mozilla Firefox 45.0.1 (x86 pl)) (Version: 45.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla) NapiProjekt (2.2.0.2399) (HKLM\...\NapiProjekt_is1) (Version: - ) Nero Burning ROM 2014 (HKLM\...\{B0E4ACBC-4CFA-4B6D-9B7B-E13C171BCC23}) (Version: 15.0.05300 - Nero AG) Nero BurningROM 2015 (HKLM\...\{7DEF9F2B-97EE-432E-91D9-FF39816B29D6}) (Version: 16.0.02700 - Nero AG) Nero Info (HKLM\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1007 - Nero AG) NVH Production - KaraFun Studio 1.20 (HKLM\...\NVH Production - KaraFun Studio 1.20) (Version: 1.20.90.533 - NVH Production) Origin (HKLM\...\Origin) (Version: 9.10.2.4863 - Electronic Arts, Inc.) OSDownloader (HKLM\...\{C02C8C82-197C-46C1-AD18-EB0F5BF49F8A}_is1) (Version: 1.0 - OpenSubtitles.org) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Pazera FLAC to MP3 Converter 1.1 (HKLM\...\{058CA84F-0C78-400F-9D47-16486F02E500}_is1) (Version: 1.1 - Pazera Jacek) Prerequisite installer (Version: 15.0.0005 - Nero AG) Hidden Prerequisite installer (Version: 16.0.0004 - Nero AG) Hidden Rockstar Games Social Club (HKLM\...\Rockstar Games Social Club) (Version: 1.1.6.1 - Rockstar Games) Serious Sam HD: The First Encounter (HKLM\...\Steam App 41000) (Version: - Croteam) SpyHunter 4 (HKLM\...\SpyHunter) (Version: 4.21.18.4608 - Enigma Software Group, LLC) System Requirements Lab Detection (HKLM\...\{A8F3D79A-E5C9-4C9B-86AB-DFDDEFE9517D}) (Version: 6.1.6.0 - Husdawg, LLC) The Elder Scrolls V Skyrim Dragonborn (c) Bethesda Softworks version 1 (HKLM\...\The Elder Scrolls V Skyrim Dragonborn (c) Bethes~300CD4A2_is1) (Version: 1 - ) The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios) The Saboteur™ (HKLM\...\{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}) (Version: 1.0.0.0 - Electronic Arts) The Settlers II - 10th Anniversary (HKLM\...\S2TNG) (Version: - ) TRS2006 (HKLM\...\{96166C8A-8F66-484F-94DC-323665A2DE56}) (Version: 2.6.3092 - Auran) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) WinRAR 5.21 (32-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {4BC9933B-E3E6-4520-BAEF-8003CC41E43B} - \SteamClient -> Brak pliku <==== UWAGA Task: {50F789C9-6254-4EBC-B976-96A8350077A1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd) Task: {81619C44-BA82-4D2B-8853-7C945079425A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation) Task: {B971F6F7-7706-4ED5-8CCB-4EAC62661351} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-07-02] (Dropbox, Inc.) Task: {C31934C9-4D77-4692-8F0D-0CBE6214148B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-07-02] (Dropbox, Inc.) Task: {CFBCEBDB-25FE-4193-A7CF-5F13EF8C8C36} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-15] (Adobe Systems Incorporated) Task: {DFE28EB6-F642-48C7-BC3B-7CEF92490C01} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Gruchot-Kropecznik Gruchot => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation) Task: {ED39DCC9-BB5E-465D-97FC-61B6A443DA16} - System32\Tasks\Nero\Nero Info => C:\Program Files\Common Files\Nero\Nero Info\NeroInfo.exe [2015-03-04] (Nero AG) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) Shortcut: C:\Users\Kropecznik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chicken Invaders 5 - Cluck of the Dark Side\Chicken Invaders 5 - Cluck of the Dark Side.lnk -> D:\Gry\Chicken Invaders 5 - Cluck of the Dark Side\Start_Game.bat () ==================== Załadowane moduły (filtrowane) ============== 2010-07-04 22:32 - 2010-07-04 22:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll 2015-12-22 18:18 - 2015-12-11 04:54 - 01583432 _____ () C:\Program Files\Google\Chrome\Application\47.0.2526.106\libglesv2.dll 2015-12-22 18:18 - 2015-12-11 04:54 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\47.0.2526.106\libegl.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) AlternateDataStreams: C:\ProgramData\TEMP:BF3D62E7 [164] ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== EXE - Powiązania (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 03:04 - 2016-03-23 17:47 - 00000853 ____A C:\Windows\system32\Drivers\etc\hosts 0.0.0.0 keystone.mwbsys.com ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-3290753359-997226432-1631314917-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kropecznik\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Obecnie brak automatycznej naprawy dla tej sekcji.) ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{49B910D6-824F-4BA6-A022-11711C1A96BF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{073E8A7B-4474-4772-9493-6B7B0355AA88}] => (Allow) D:\Programy\Steam\Steam.exe FirewallRules: [{C175DB0D-19D3-4C72-B849-F9FEF3BD630F}] => (Allow) D:\Programy\Steam\Steam.exe FirewallRules: [{B561C84D-C0BC-4E41-8B4C-FA1752E8A07A}] => (Allow) D:\Programy\Steam\bin\steamwebhelper.exe FirewallRules: [{923CD41F-9B3A-4274-A4D5-0A5A4C1CC192}] => (Allow) D:\Programy\Steam\bin\steamwebhelper.exe FirewallRules: [{DCCCE2F6-AEC9-44F0-BE3F-A79B083259C2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{322C9A94-CB8B-450A-A22A-04F86928B088}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{8496ACC6-1B4C-4768-A005-6CF945AB4181}] => (Allow) D:\Programy\KMSnano\qemu-system-i386.exe FirewallRules: [{C8A70D20-C9A9-43EF-AEF3-79AE67A89106}] => (Allow) D:\Programy\KMSnano\qemu-system-i386.exe FirewallRules: [TCP Query User{C44D7887-707C-4CC0-81AC-D6BDFED9272C}D:\gry\doom game pack\zandronum\zandronum.exe] => (Block) D:\gry\doom game pack\zandronum\zandronum.exe FirewallRules: [UDP Query User{295406FC-FD29-4BF4-8E58-A987E41044CF}D:\gry\doom game pack\zandronum\zandronum.exe] => (Block) D:\gry\doom game pack\zandronum\zandronum.exe FirewallRules: [TCP Query User{1099A4C6-6257-48BC-86C3-20FD830075D9}D:\gry\the settlers ii original\s25client.exe] => (Allow) D:\gry\the settlers ii original\s25client.exe FirewallRules: [UDP Query User{8CEA22ED-8CC1-4907-BCFF-8C9B4160C45C}D:\gry\the settlers ii original\s25client.exe] => (Allow) D:\gry\the settlers ii original\s25client.exe FirewallRules: [{1FDC04B9-DB15-4E72-A5C0-84A2AABB6510}] => (Allow) D:\Programy\NapiProjekt\napisy.exe FirewallRules: [{F335844F-3032-489F-91DE-8187AD25C16A}] => (Allow) D:\Programy\NapiProjekt\napisy.exe FirewallRules: [{E0A935C8-AA8E-4D70-BD3B-4EE8490E5EA2}] => (Allow) D:\Programy\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe FirewallRules: [{DA883777-9DCA-42A7-AE25-52E9CD28DD74}] => (Allow) D:\Programy\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe FirewallRules: [TCP Query User{267B9D79-F99D-4FC4-B86C-012FD0DC741A}D:\gry\the settlers ii original\s25client.exe] => (Allow) D:\gry\the settlers ii original\s25client.exe FirewallRules: [UDP Query User{81EA607C-2CAE-4B95-A93A-E35634196850}D:\gry\the settlers ii original\s25client.exe] => (Allow) D:\gry\the settlers ii original\s25client.exe FirewallRules: [{C1167C12-5BD3-46A2-845F-33A0A51D9F35}] => (Allow) C:\Users\Kropecznik\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{380F9C74-146F-4680-9DB9-FAD2FD111AF1}] => (Allow) C:\Users\Kropecznik\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{47813B55-5725-4033-B264-DFB43B990779}] => (Allow) H:\STEAM\steamapps\common\L.A.Noire\LANLauncher.exe FirewallRules: [{0F9029C7-E4A9-44CD-85E7-1285B35ADA7A}] => (Allow) H:\STEAM\steamapps\common\L.A.Noire\LANLauncher.exe FirewallRules: [{0898F2F3-2ADB-4EF5-93DE-ADD8C974901A}] => (Allow) H:\STEAM\steamapps\common\One Unit Whole Blood\dosbox.exe FirewallRules: [{EA6A6AC5-01B4-4BB2-B455-C3E75592E6F7}] => (Allow) H:\STEAM\steamapps\common\One Unit Whole Blood\dosbox.exe FirewallRules: [TCP Query User{600696A6-AB27-461E-85ED-C5E0C04614ED}D:\gry\quake\darkplaces.exe] => (Block) D:\gry\quake\darkplaces.exe FirewallRules: [UDP Query User{8CBED6A9-DC2B-4037-B0A7-57CA3A4B6137}D:\gry\quake\darkplaces.exe] => (Block) D:\gry\quake\darkplaces.exe FirewallRules: [{43515168-36F9-4E7C-B637-8C0439AE3133}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{7478A105-7C67-4399-92DA-AD5A313981D4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{930F3736-1981-4825-B724-CE0842B2E0F4}] => (Allow) H:\STEAM\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{B0A57BC4-C52F-4A65-8BD0-46FBD6765BAF}] => (Allow) H:\STEAM\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{A41143AF-DD92-4138-96D9-BC7621F7CD70}] => (Allow) H:\STEAM\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe FirewallRules: [{FD6808EE-5B16-48DC-BC32-5640FFA07600}] => (Allow) H:\STEAM\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe FirewallRules: [TCP Query User{8DF20357-7313-4658-B757-CF8B5385D65A}C:\users\kropecznik\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Allow) C:\users\kropecznik\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe FirewallRules: [{1AF177EA-D13B-411A-BE19-EA06D7881DA8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{CFC6BD89-3F87-40FF-A7CA-3A19EBFDA4C9}] => (Allow) D:\Programy\NapiProjekt\napisy.exe FirewallRules: [{FBF35572-AA85-4922-A0CC-7211623B62B7}] => (Allow) D:\Programy\NapiProjekt\napisy.exe FirewallRules: [{11F6429E-D0E8-4B8F-B176-EB55E7E2667E}] => (Allow) H:\Gry\Life is Strange\steam_api64.exe FirewallRules: [{0C6921AB-AF81-42CC-A944-0C84D17F35A0}] => (Allow) H:\Gry\Life is Strange\steam_api64.exe FirewallRules: [{3523F784-53C2-4579-A0B9-230E2534A379}] => (Allow) D:\Programy\Steam\steamapps\common\Gorky 17\gorky17.exe FirewallRules: [{5452AA21-041F-4BE1-8824-FB5AEBD5D843}] => (Allow) D:\Programy\Steam\steamapps\common\Gorky 17\gorky17.exe FirewallRules: [{4834C2EE-960F-4E5F-9814-41185A5F04CE}] => (Allow) D:\Programy\Steam\steamapps\common\Serious Sam HD The First Encounter\Bin\SamHD.exe FirewallRules: [{1BC3343B-261A-4F14-857D-DD9E09B58B03}] => (Allow) D:\Programy\Steam\steamapps\common\Serious Sam HD The First Encounter\Bin\SamHD.exe FirewallRules: [{65A1ECF9-0447-47A5-B93F-35146A19ED34}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe FirewallRules: [{8A5F9B08-6BF9-4E12-90FA-14343C3AE352}] => (Allow) E:\Gry (na D nie ma miejsca)\AssassinsCreed_Launcher.exe FirewallRules: [{BDDB1435-0FD3-4FEC-A667-3AF01CDD911D}] => (Allow) E:\Gry (na D nie ma miejsca)\AssassinsCreed_Launcher.exe ==================== Punkty Przywracania systemu ========================= 23-03-2016 18:42:37 Removed Oracle VM VirtualBox 4.3.12_ZZZZ ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (03/23/2016 10:48:20 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/23/2016 07:45:53 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program OTL.exe w wersji 3.2.69.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 740 Godzina rozpoczęcia: 01d18533c85c40e4 Godzina zakończenia: 0 Ścieżka aplikacji: C:\Users\Kropecznik\Desktop\OTL.exe Identyfikator raportu: Error: (03/23/2016 06:35:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/23/2016 06:20:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/23/2016 06:04:10 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/23/2016 05:55:50 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/23/2016 05:42:32 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/23/2016 05:18:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/23/2016 05:07:20 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/23/2016 05:02:50 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Dziennik System: ============= Error: (03/23/2016 10:43:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Adobe Active File Monitor V7 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (03/23/2016 06:34:22 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000007f (0x0000000d, 0x00000000, 0x00000000, 0x00000000)C:\Windows\MEMORY.DMP032316-25818-01 Error: (03/23/2016 06:34:13 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 18:32:45 na ‎2016-‎03-‎23 było nieoczekiwane. Error: (03/23/2016 06:20:03 PM) (Source: Disk) (EventID: 11) (User: ) Description: Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2. Error: (03/23/2016 06:20:02 PM) (Source: Disk) (EventID: 11) (User: ) Description: Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2. Error: (03/23/2016 06:20:02 PM) (Source: Disk) (EventID: 11) (User: ) Description: Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2. Error: (03/23/2016 06:20:01 PM) (Source: Disk) (EventID: 11) (User: ) Description: Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2. Error: (03/23/2016 06:02:26 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: ZARZĄDZANIE NT) Description: Usługa Harmonogram zadań nie może załadować zadań podczas uruchamiania usługi. Dane dodatkowe: Wartość błędu: 2147942402. Error: (03/23/2016 05:55:11 PM) (Source: Disk) (EventID: 11) (User: ) Description: Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2. Error: (03/23/2016 05:55:09 PM) (Source: Disk) (EventID: 11) (User: ) Description: Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz Procent pamięci w użyciu: 74% Całkowita pamięć fizyczna: 2046.49 MB Dostępna pamięć fizyczna: 527.54 MB Całkowita pamięć wirtualna: 4092.98 MB Dostępna pamięć wirtualna: 2192.48 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:19.53 GB) (Free:1.13 GB) NTFS ==>[dysk z komponentami startowymi (pozyskano odczytując BCD)] Drive d: (Pierwszy) (Fixed) (Total:87.89 GB) (Free:1.46 GB) NTFS Drive e: (Drugi) (Fixed) (Total:97.65 GB) (Free:83.68 GB) NTFS Drive f: (Trzeci) (Fixed) (Total:93.01 GB) (Free:37.44 GB) NTFS Drive i: (SAMSUNG 320GB) (Fixed) (Total:298.08 GB) (Free:14.15 GB) NTFS Drive j: (AHHHMED) (Fixed) (Total:931.51 GB) (Free:395.8 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: FE39FE39) Partition 1: (Active) - (Size=19.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=87.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=93 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 1. ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 137F3632) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================

**Posty:** 4765 · przez **ordynat** 24 Mar 2016, 00:39

HKLM\...\Winlogon: [Userinit] wscript,
HKLM\...\Winlogon: [Shell] "explorer.exe" [x ] ()

Rzeczywiście, cos jest w tych kluczach Rejestru "nie tak".

Otwórz Notatnik i wklej w nim:

HKLM\...\Winlogon: [Userinit] wscript,
HKLM\...\Winlogon: [Shell] "explorer.exe" [x ] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-03-22] ()
CHR HomePage: Default -> hxxp://www.istartpageing.com/?type=hp&ts=1451689115&z=7a170741804963a9fd0a096g8z6w8g9q5b9tdg4gfw&from=cor&uid=wdcxwd3200aajb-00tya0_wd-wcapz273001030010
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-21] [Brak podpisu cyfrowego]
FF Extension: Brak nazwy - C:\Users\Kropecznik\AppData\Roaming\Mozilla\Firefox\Profiles\kfp8rkkk.default\extensions\deskCutv2@gmail.com [nie znaleziono]
FF SearchPlugin: C:\Users\Kropecznik\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-03-22]
FF DefaultSearchEngine: hohosearch
FF SelectedSearchEngine: hohosearch
HKLM\...\Winlogon: [Userinit] wscript,
HKLM\...\Winlogon: [Shell] "explorer.exe" [x ] ()
Task: {4BC9933B-E3E6-4520-BAEF-8003CC41E43B} - \SteamClient -> Brak pliku <==== UWAGA
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).
Powstanie plik fixlog.txt.
Daj ten log.

Zrób nowy log FRST - już bez Addition.
.

**Posty:** 6 · przez **kropecznik** 24 Mar 2016, 16:01

Kod: Zaznacz wszystko: Rezultat naprawy Farbar Recovery Scan Tool (x86) Wersja:05-03-2016 01 Uruchomiony przez Kropecznik (2016-03-24 14:47:51) Run:1 Uruchomiony z C:\Users\Kropecznik\Desktop Załadowane profile: Kropecznik & (Dostępne profile: Kropecznik) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** HKLM\...\Winlogon: [Userinit] wscript, HKLM\...\Winlogon: [Shell] "explorer.exe" [x ] () S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-03-22] () CHR HomePage: Default -> hxxp://www.istartpageing.com/?type=hp&ts=1451689115&z=7a170741804963a9fd0a096g8z6w8g9q5b9tdg4gfw&from=cor&uid=wdcxwd3200aajb-00tya0_wd-wcapz273001030010 FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-21] [Brak podpisu cyfrowego] FF Extension: Brak nazwy - C:\Users\Kropecznik\AppData\Roaming\Mozilla\Firefox\Profiles\kfp8rkkk.default\extensions\deskCutv2@gmail.com [nie znaleziono] FF SearchPlugin: C:\Users\Kropecznik\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-03-22] FF DefaultSearchEngine: hohosearch FF SelectedSearchEngine: hohosearch HKLM\...\Winlogon: [Userinit] wscript, HKLM\...\Winlogon: [Shell] "explorer.exe" [x ] () Task: {4BC9933B-E3E6-4520-BAEF-8003CC41E43B} - \SteamClient -> Brak pliku <==== UWAGA EmptyTemp: ***************** HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Wartość pomyślnie przywrócono HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Wartość pomyślnie przywrócono VGPU => serwis pomyślnie usunięto esgiguard => serwis pomyślnie usunięto EsgScanner => serwis pomyślnie usunięto Chrome HomePage => pomyślnie usunięto C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi => pomyślnie przeniesiono C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi => ścieżki pomyślnie usunięto C:\Users\Kropecznik\AppData\Roaming\Mozilla\Firefox\Profiles\kfp8rkkk.default\extensions\deskCutv2@gmail.com => ścieżki pomyślnie usunięto C:\Users\Kropecznik\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml => pomyślnie przeniesiono Firefox DefaultSearchEngine pomyślnie usunięto Firefox SelectedSearchEngine pomyślnie usunięto HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Wartość pomyślnie przywrócono HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Wartość pomyślnie przywrócono "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4BC9933B-E3E6-4520-BAEF-8003CC41E43B}" => klucz pomyślnie usunięto "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BC9933B-E3E6-4520-BAEF-8003CC41E43B}" => klucz pomyślnie usunięto HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SteamClient => klucz nie znaleziono. EmptyTemp: => 212 MB danych tymczasowych Usunięto. System wymagał restartu. ==== Koniec Fixlog 14:48:43 ====

Kod: Zaznacz wszystko: Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:05-03-2016 01 Uruchomiony przez Kropecznik (administrator) GRUCHOT (24-03-2016 14:57:20) Uruchomiony z C:\Users\Kropecznik\Desktop Załadowane profile: Kropecznik (Dostępne profile: Kropecznik) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Adobe Systems Incorporated) D:\Programy\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (Malwarebytes) D:\Programy\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) D:\Programy\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes) D:\Programy\Malwarebytes Anti-Malware\mbam.exe (Nero AG) C:\Program Files\Nero\Update\NASvc.exe (Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (BitTorrent Inc.) C:\Users\Kropecznik\AppData\Roaming\uTorrent\uTorrent.exe (Valve Corporation) D:\Programy\Steam\Steam.exe (AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (Electronic Arts) D:\Programy\Origin\Origin.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (BitTorrent Inc.) C:\Users\Kropecznik\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe (BitTorrent Inc.) C:\Users\Kropecznik\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25577864 2016-03-12] (Dropbox, Inc.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5089480 2015-07-08] (ESET) HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\Run: [uTorrent] => C:\Users\Kropecznik\AppData\Roaming\uTorrent\uTorrent.exe [2094080 2016-03-05] (BitTorrent Inc.) HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\Run: [Steam] => D:\Programy\Steam\steam.exe [3074128 2016-03-10] (Valve Corporation) HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-11-16] (AMD) HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\Run: [EADM] => D:\Programy\Origin\Origin.exe [3639280 2016-02-02] (Electronic Arts) HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6667992 2016-03-11] (Piriform Ltd) HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\MountPoints2: K - K:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\MountPoints2: {327adbef-accf-11e5-8a4a-001d7dc573e9} - K:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\MountPoints2: {327add0c-accf-11e5-8a4a-001d7dc573e9} - K:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\MountPoints2: {484f7af1-11c2-11e5-bb69-001d7dc573e9} - K:\autorun.exe HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\MountPoints2: {ca733aec-1fe1-11e5-9b83-001d7dc573e9} - H:\autorun.exe HKU\S-1-5-21-3290753359-997226432-1631314917-1001\...\MountPoints2: {f853d535-53c8-11e5-8e7d-001d7dc573e9} - L:\setup.exe ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.) ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: 0.0.0.0 keystone.mwbsys.com Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{A2C94BC5-B0AF-4F6A-9CB6-CE9EFF3DD2DE}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{BB70AA72-0B71-4617-BA9C-8ECB72910A10}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Kropecznik\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 FF Homepage: hxxp://google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-15] () FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-22] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-22] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.2.1 -> d:\Programy\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Extension: YouTube™ Enhancer Plus - C:\Users\Kropecznik\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\firefoxaddon@youtubeenhancer.com.xpi [2016-03-06] FF Extension: YouTube™ Enhancer Plus - C:\Users\Kropecznik\AppData\Roaming\Mozilla\Firefox\Profiles\kfp8rkkk.default\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2016-03-06] FF Extension: Adblock Plus - C:\Users\Kropecznik\AppData\Roaming\Mozilla\Firefox\Profiles\kfp8rkkk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24] FF Extension: Adblock Plus - C:\Users\Kropecznik\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24] Chrome: ======= CHR HomePage: Default -> hxxp://www.istartpageing.com/?type=hp&ts=1451689115&z=7a170741804963a9fd0a096g8z6w8g9q5b9tdg4gfw&from=cor&uid=wdcxwd3200aajb-00tya0_wd-wcapz273001030010 CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://mail.google.com/mail/u/1/#inbox","hxxp://www.lastfm.pl/user/kropecznik","hxxp://www.meczyki.pl/" CHR Profile: C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (h264ify) - C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleakchihdccplidncghkekgioiakgal [2016-03-23] CHR Extension: (Dokumenty Google) - C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-22] CHR Extension: (Adblock Plus) - C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-23] CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2016-03-23] CHR Extension: (AdBlock) - C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-23] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-22] CHR Extension: (Enhanced Steam) - C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2016-03-23] CHR Extension: (Enhancer for YouTube™) - C:\Users\Kropecznik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2016-03-23] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AdobeActiveFileMonitor7.0; D:\Programy\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated) S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-02] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-02] (Dropbox, Inc.) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1353720 2015-07-08] (ESET) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2015-08-17] (Macrovision Europe Ltd.) [Brak podpisu cyfrowego] R2 MBAMScheduler; D:\Programy\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; D:\Programy\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S3 Media Center 21 Service; C:\Program Files\J River\Media Center 21\JRService.exe [399648 2016-03-23] (JRiver, Inc.) [Brak podpisu cyfrowego] R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [786256 2014-07-15] (Nero AG) S3 Origin Client Service; D:\Programy\Origin\OriginClientService.exe [2104840 2016-02-02] (Electronic Arts) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-11-10] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25104 2015-06-13] (Disc Soft Ltd) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202704 2015-07-13] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [144536 2015-07-13] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [132152 2015-07-13] (ESET) S3 jrvad_service; C:\Windows\System32\drivers\JRiverWDMDriver.sys [32256 2014-10-20] (JRiver, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-03-24] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [Brak podpisu cyfrowego] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-03-24 14:47 - 2016-03-24 14:48 - 00003305 _____ C:\Users\Kropecznik\Desktop\Fixlog.txt 2016-03-23 22:53 - 2016-03-23 22:54 - 00025694 _____ C:\Users\Kropecznik\Desktop\Addition.txt 2016-03-23 22:52 - 2016-03-24 14:57 - 00012665 _____ C:\Users\Kropecznik\Desktop\FRST.txt 2016-03-23 22:51 - 2016-03-24 14:57 - 00000000 ____D C:\FRST 2016-03-23 22:50 - 2016-03-23 22:50 - 01725440 _____ (Farbar) C:\Users\Kropecznik\Desktop\FRST.exe 2016-03-23 22:43 - 2016-03-23 22:43 - 00000000 ____D C:\_OTL 2016-03-23 20:01 - 2016-03-23 20:01 - 00057290 _____ C:\Users\Kropecznik\Desktop\Extras.Txt 2016-03-23 19:58 - 2016-03-23 19:58 - 00074964 _____ C:\Users\Kropecznik\Desktop\OTL.Txt 2016-03-23 18:39 - 2016-03-23 18:39 - 00602112 _____ (OldTimer Tools) C:\Users\Kropecznik\Desktop\OTL.exe 2016-03-23 18:28 - 2016-03-23 18:28 - 00380928 _____ C:\Users\Kropecznik\Desktop\o3f4mudb.exe 2016-03-23 18:26 - 2016-03-23 18:26 - 00496160 _____ (Duplex Secure Ltd) C:\Users\Kropecznik\Desktop\SPTDinst-v189-x86.exe 2016-03-23 16:56 - 2016-03-23 18:03 - 00000080 _____ C:\Users\Kropecznik\Desktop\Saboteur - skrót.lnk 2016-03-23 16:56 - 2016-03-23 18:03 - 00000080 _____ C:\Users\Kropecznik\Desktop\Karol - skrót.lnk 2016-03-23 16:56 - 2016-03-23 18:03 - 00000080 _____ C:\Users\Kropecznik\Desktop\DTLite - skrót.lnk 2016-03-23 16:56 - 2016-03-23 18:03 - 00000080 _____ C:\Users\Kropecznik\Desktop\AssassinsCreed_Dx10 - skrót.lnk 2016-03-23 16:34 - 2016-03-24 14:51 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-03-23 16:24 - 2016-03-23 18:03 - 00000734 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-03-23 16:23 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-03-23 16:23 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-03-23 16:23 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-03-23 16:01 - 2016-03-23 16:02 - 00000000 ____D C:\Users\Kropecznik\AppData\Local\app 2016-03-23 15:58 - 2016-03-23 15:58 - 00000266 __RSH C:\Users\Kropecznik\ntuser.pol 2016-03-23 15:32 - 2016-03-23 15:27 - 00001006 _____ C:\Users\Kropecznik\Desktop\hp.bak 2016-03-23 15:26 - 2016-03-23 15:26 - 00000648 __RSH C:\ProgramData\ntuser.pol 2016-03-23 14:43 - 2016-03-23 14:43 - 00000000 ____D C:\Users\Kropecznik\Desktop\ŚWIĘTE INSTALKI 2016-03-23 14:42 - 2016-03-23 15:31 - 00000000 ____D C:\Program Files\Unlocker 2016-03-23 14:42 - 2016-03-23 14:42 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker 2016-03-23 14:34 - 2016-03-23 18:03 - 00000847 _____ C:\Users\Kropecznik\Desktop\MediaHuman Audio Converter.lnk 2016-03-23 14:34 - 2016-03-23 14:34 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaHuman 2016-03-23 14:33 - 2016-03-23 14:33 - 00000000 ____D C:\Users\Kropecznik\AppData\Local\MediaHuman 2016-03-23 13:40 - 2016-03-23 18:03 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-03-23 13:40 - 2016-03-23 13:43 - 00000000 ____D C:\Program Files\CCleaner 2016-03-23 13:31 - 2016-03-23 13:31 - 00018386 _____ C:\Users\Kropecznik\Downloads\[rutracker.org].t3260313.torrent 2016-03-23 13:09 - 2016-03-23 13:09 - 00000000 ____D C:\Program Files\J River 2016-03-23 13:09 - 2015-08-05 14:24 - 00553248 ____N (JRiver, Inc.) C:\Windows\system32\MC21.exe 2016-03-23 12:42 - 2014-10-20 22:26 - 00032256 _____ (JRiver, Inc.) C:\Windows\system32\Drivers\JRiverWDMDriver.sys 2016-03-23 12:39 - 2016-03-23 18:43 - 00000000 ____D C:\Windows\system32\appmgmt 2016-03-23 01:26 - 2010-05-13 18:34 - 00014232 _____ C:\Windows\system32\sh4native.exe 2016-03-22 23:20 - 2016-03-23 18:03 - 00001728 _____ C:\Users\Kropecznik\Desktop\Google Chrome.lnk 2016-03-22 23:16 - 2016-03-23 18:03 - 00001707 _____ C:\Users\Kropecznik\Desktop\SPYHUNTER DO cenzura! TYCH MALWARE'ÓW cenzura!.lnk 2016-03-22 21:52 - 2016-03-22 22:00 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2016-03-22 21:06 - 2016-03-22 21:06 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\Enigma Software Group 2016-03-22 21:05 - 2016-03-22 21:05 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys 2016-03-22 21:04 - 2016-03-22 22:02 - 00000000 ____D C:\Program Files\Enigma Software Group 2016-03-22 19:26 - 2016-03-22 19:28 - 00000000 ____D C:\Users\Public\Documents\dmp 2016-03-22 18:36 - 2016-03-22 18:36 - 00001363 _____ C:\Users\Kropecznik\Desktop\AssassinsCreed_Dx10 — skrót.lnk 2016-03-22 16:27 - 2016-03-22 16:27 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\Ubisoft 2016-03-22 16:17 - 2016-03-22 16:17 - 00000000 ____D C:\ProgramData\Ubisoft 2016-03-22 16:05 - 2016-03-22 16:05 - 00001107 _____ C:\Users\Kropecznik\Desktop\DTLite — skrót.lnk 2016-03-21 19:02 - 2016-03-21 19:02 - 00049560 _____ C:\Users\Kropecznik\Desktop\deklaracja-przedmiotow-15-16Z.pdf 2016-03-21 02:54 - 2016-03-22 23:19 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-03-19 20:02 - 2016-03-19 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-03-19 17:38 - 2016-03-20 16:59 - 00000000 ____D C:\Users\Kropecznik\Desktop\Zdjęcia laguny do przeróbki kolorów 2016-03-18 20:20 - 2016-03-18 20:20 - 00000000 ____D C:\Users\Kropecznik\AppData\Local\Sparta 2016-03-13 20:02 - 2016-03-13 20:02 - 00000000 ____D C:\Users\Kropecznik\AppData\Local\techland 2016-03-13 20:02 - 2016-03-13 20:02 - 00000000 ____D C:\ProgramData\Steam 2016-03-13 20:01 - 2016-03-23 18:03 - 00000842 _____ C:\Users\Kropecznik\Desktop\Call of Juarez - Gunslinger.lnk 2016-03-13 20:01 - 2016-03-13 20:01 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\Call of Juarez - Gunslinger_Uninstall 2016-03-12 14:18 - 2016-03-12 14:19 - 00000000 ____D C:\Users\Kropecznik\Desktop\wallie 2016-03-07 23:11 - 2016-03-07 23:11 - 00000000 ____D C:\Users\Kropecznik\AppData\Local\GHISLER 2016-03-07 21:06 - 2016-03-07 21:06 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\Macromedia 2016-03-07 21:06 - 2016-03-07 21:06 - 00000000 ____D C:\Users\Kropecznik\AppData\Local\Macromedia 2016-03-06 15:58 - 2016-03-06 16:00 - 44215852 _____ C:\Users\Kropecznik\Desktop\Wstęp do filologii słowiańskiej - Leszek Moszyński.pdf 2016-03-05 17:11 - 2016-03-24 14:56 - 00000000 ____D C:\Users\Kropecznik\AppData\LocalLow\uTorrent 2016-03-02 13:52 - 2016-03-02 13:52 - 18511040 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe 2016-03-02 13:50 - 2016-03-15 12:30 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-03-01 21:19 - 2016-03-19 13:17 - 00000000 ____D C:\Users\Kropecznik\Desktop\cenzura! 2016-03-01 15:30 - 2016-03-01 17:27 - 00002099 _____ C:\Users\Kropecznik\Desktop\oferty pracy.txt 2016-02-23 16:12 - 2016-03-23 18:03 - 00001069 _____ C:\Users\Kropecznik\Desktop\JESZCZE STARSZY PULPIT.lnk ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-03-24 14:58 - 2015-07-02 15:25 - 00000000 ___RD C:\Users\Kropecznik\Dropbox 2016-03-24 14:58 - 2015-07-02 15:13 - 00000000 ____D C:\Users\Kropecznik\AppData\Local\Dropbox 2016-03-24 14:58 - 2009-07-14 05:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-03-24 14:58 - 2009-07-14 05:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-03-24 14:57 - 2015-11-18 20:40 - 00000000 ____D C:\ProgramData\Origin 2016-03-24 14:56 - 2015-06-13 12:59 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\uTorrent 2016-03-24 14:50 - 2015-07-02 15:13 - 00001144 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-03-24 14:50 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-24 14:47 - 2015-10-21 13:00 - 00000000 ____D C:\Users\Kropecznik\AppData\LocalLow\Temp 2016-03-24 00:24 - 2015-07-02 15:13 - 00001148 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-03-23 20:18 - 2015-06-14 14:58 - 00000000 ____D C:\Windows\Minidump 2016-03-23 20:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf 2016-03-23 20:00 - 2015-06-12 19:47 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\Winamp 2016-03-23 18:42 - 2015-12-13 20:39 - 00000000 ____D C:\Users\Kropecznik\.VirtualBox 2016-03-23 18:05 - 2015-08-17 20:28 - 00000791 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 7.0.lnk 2016-03-23 18:05 - 2015-07-07 21:16 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-03-23 18:05 - 2015-06-12 20:27 - 00001857 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-03-23 18:05 - 2013-11-14 21:59 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2016-03-23 18:05 - 2013-11-14 21:59 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2016-03-23 18:05 - 2009-07-14 05:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-03-23 18:05 - 2009-07-14 05:42 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2016-03-23 18:05 - 2009-07-14 05:42 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2016-03-23 18:05 - 2009-07-14 05:42 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2016-03-23 18:04 - 2015-06-12 19:07 - 00001433 _____ C:\Users\Kropecznik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-03-23 18:04 - 2009-07-14 05:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2016-03-23 18:04 - 2009-07-14 05:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2016-03-23 18:03 - 2016-02-13 23:02 - 00000906 _____ C:\Users\Kropecznik\Desktop\Chicken Invaders 5 - Cluck of the Dark Side.lnk 2016-03-23 18:03 - 2016-01-26 13:40 - 00001325 _____ C:\Users\Kropecznik\Desktop\LifeIsStrange.lnk 2016-03-23 18:03 - 2015-08-19 19:16 - 00001538 _____ C:\Users\Kropecznik\Desktop\Moje pieniądze.lnk 2016-03-23 18:03 - 2015-08-19 19:16 - 00000784 _____ C:\Users\Kropecznik\Desktop\K O N R A D.lnk 2016-03-23 18:03 - 2015-08-19 19:16 - 00000693 _____ C:\Users\Kropecznik\Desktop\SETLERY !!!!!.lnk 2016-03-23 18:03 - 2015-08-18 11:13 - 00000724 _____ C:\Users\Kropecznik\Desktop\HoMM3 HD.lnk 2016-03-23 17:00 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Globalization 2016-03-23 16:58 - 2009-07-14 05:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-03-23 16:57 - 2015-12-14 13:41 - 00000000 ____D C:\Users\Kropecznik\Desktop\STARY PULPIT 2016-03-23 16:57 - 2015-07-12 18:05 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2016-03-23 15:58 - 2015-06-12 19:07 - 00000000 ____D C:\Users\Kropecznik 2016-03-23 15:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\GroupPolicy 2016-03-23 15:11 - 2016-01-01 23:50 - 00000000 ____D C:\ProgramData\OSDownloader 2016-03-23 15:00 - 2009-07-14 05:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-03-23 13:49 - 2015-06-13 15:22 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\DAEMON Tools Lite 2016-03-23 13:45 - 2015-07-10 15:36 - 00000000 ____D C:\Users\Kropecznik\AppData\Local\ElevatedDiagnostics 2016-03-23 13:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF 2016-03-23 13:28 - 2015-06-12 19:53 - 00000000 ____D C:\Users\Kropecznik\AppData\Local\Last.fm 2016-03-23 13:24 - 2015-10-04 14:16 - 00000607 _____ C:\Users\Kropecznik\Desktop\PŁYTY TAK cenzura!, ŻE WARTO KUPIĆ ORYGINAŁY.txt 2016-03-23 12:41 - 2015-11-23 21:43 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\J River 2016-03-22 23:22 - 2016-01-01 23:50 - 00000000 ____D C:\Program Files\OSDownloader 2016-03-22 20:59 - 2015-07-01 13:20 - 00000000 ____D C:\Program Files\Internet Manager 2016-03-22 20:11 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Registration 2016-03-22 16:08 - 2015-09-05 20:50 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2016-03-22 15:32 - 2015-06-15 04:06 - 00000000 ____D C:\Users\Kropecznik\AppData\Local\Adobe 2016-03-19 20:03 - 2015-07-02 15:13 - 00000000 ____D C:\Program Files\Dropbox 2016-03-19 15:38 - 2015-06-15 04:44 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\vlc 2016-03-15 12:10 - 2015-06-15 04:10 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-03-15 12:10 - 2015-06-15 04:10 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-03-12 16:56 - 2015-06-25 20:16 - 00000000 ____D C:\Users\Kropecznik\AppData\Roaming\Audacity 2016-02-26 19:53 - 2011-04-12 06:08 - 00739694 _____ C:\Windows\system32\perfh015.dat 2016-02-26 19:53 - 2011-04-12 06:08 - 00155268 _____ C:\Windows\system32\perfc015.dat 2016-02-26 19:53 - 2010-11-20 22:01 - 01668226 _____ C:\Windows\system32\PerfStringBackup.INI 2016-02-24 14:14 - 2015-09-26 13:55 - 00000218 _____ C:\Users\Kropecznik\Desktop\ALBUMY DO OGARNIĘCIA, BO PODOBNO DOBRE.txt 2016-02-23 16:19 - 2015-09-25 16:55 - 00000000 ____D C:\Users\Kropecznik\AppData\Local\ChomikBox 2016-02-23 16:13 - 2015-09-25 16:55 - 00000000 ____D C:\Users\Kropecznik\.gstreamer-0.10 ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-12-13 20:27 - 2015-12-13 20:38 - 0002666 _____ () C:\Users\Kropecznik\AppData\Roaming\droid4xinstaller.log 2015-09-19 19:01 - 2015-09-19 19:01 - 0003584 _____ () C:\Users\Kropecznik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-03-22 00:06 ==================== Koniec FRST.txt ============================

**Posty:** 4765 · przez **ordynat** 24 Mar 2016, 16:29

Klucze zostały naprawione, więc powinno już być OK, przynajmniej teoretycznie.

Otwórz Notatnik i wklej w nim:

CHR HomePage: Default -> hxxp://www.istartpageing.com/?type=hp&ts=1451689115&z=7a170741804963a9fd0a096g8z6w8g9q5b9tdg4gfw&from=cor&uid=wdcxwd3200aajb-00tya0_wd-wcapz273001030010
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

Jeśli będzie OK, to będziemy kończyć:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW).
przez SHIFT+DEL usuń pozostały folder C:\FRST.

.

Autor postu otrzymał pochwałę

**Posty:** 6 · przez **kropecznik** 24 Mar 2016, 17:10

Dzięki, wszystko już działa!

Kto jest na forum