• Ogłoszenie:

Wolno chodzi laptop

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.

Wolno chodzi laptop

Postprzez cinek_1111 23 Lip 2017, 08:41

reklama
Witam
Od dłuższego czasu u mojego znajomego strasznie przymula laptop. Wolno się włącza i uruchamia aplikację oraz często coś mieli.

Proszę o sprawdzenie logów.

Z uwagi nie możliwości dodania załączników muszę zastosować 2 sposób zamieszczenia logów.

Kod: Zaznacz wszystko
GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-07-23 07:28:30
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000047 TOSHIBA_MQ01ABD075 rev.AX0R2J 698,64GB
Running: qcbgym89.exe; Driver: C:\Users\KRZYSZ~1\AppData\Local\Temp\fxloypog.sys

--- User code sections - GMER 2.2 ----

.text   C:\Windows\system32\WLANExt.exe[1320] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                             000007f9fa9f177a 4 bytes [9F, FA, F9, 07]
.text   C:\Windows\system32\WLANExt.exe[1320] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                             000007f9fa9f1782 4 bytes [9F, FA, F9, 07]
.text   C:\Windows\system32\WLANExt.exe[1320] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                                                       000007f9f8151532 4 bytes [15, F8, F9, 07]
.text   C:\Windows\system32\WLANExt.exe[1320] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                                                       000007f9f815153a 4 bytes [15, F8, F9, 07]
.text   C:\Windows\system32\WLANExt.exe[1320] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                                                     000007f9f815165a 4 bytes [15, F8, F9, 07]
.text   C:\Windows\System32\spoolsv.exe[1464] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                             000007f9fa9f177a 4 bytes [9F, FA, F9, 07]
.text   C:\Windows\System32\spoolsv.exe[1464] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                             000007f9fa9f1782 4 bytes [9F, FA, F9, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1896] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                            000007f9f8151532 4 bytes [15, F8, F9, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1896] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                            000007f9f815153a 4 bytes [15, F8, F9, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1896] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                          000007f9f815165a 4 bytes [15, F8, F9, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1896] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                  000007f9fa9f177a 4 bytes [9F, FA, F9, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1896] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                  000007f9fa9f1782 4 bytes [9F, FA, F9, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1896] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                                000007f9ef9c1b32 4 bytes [9C, EF, F9, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1896] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                                000007f9ef9c1b3a 4 bytes [9C, EF, F9, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1188] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306              000007f9fa9f177a 4 bytes [9F, FA, F9, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1188] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314              000007f9fa9f1782 4 bytes [9F, FA, F9, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1188] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                        000007f9f8151532 4 bytes [15, F8, F9, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1188] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                        000007f9f815153a 4 bytes [15, F8, F9, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1188] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                      000007f9f815165a 4 bytes [15, F8, F9, 07]
.text   C:\Windows\system32\svchost.exe[2064] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                             000007f9fa9f177a 4 bytes [9F, FA, F9, 07]
.text   C:\Windows\system32\svchost.exe[2064] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                             000007f9fa9f1782 4 bytes [9F, FA, F9, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2348] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                 000007f9f8151532 4 bytes [15, F8, F9, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2348] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                 000007f9f815153a 4 bytes [15, F8, F9, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2348] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                               000007f9f815165a 4 bytes [15, F8, F9, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2348] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                       000007f9fa9f177a 4 bytes [9F, FA, F9, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2348] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                       000007f9fa9f1782 4 bytes [9F, FA, F9, 07]
.text   C:\Windows\system32\wbem\wmiprvse.exe[2760] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                       000007f9fa9f177a 4 bytes [9F, FA, F9, 07]
.text   C:\Windows\system32\wbem\wmiprvse.exe[2760] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                       000007f9fa9f1782 4 bytes [9F, FA, F9, 07]
.text   C:\Windows\system32\wbem\wmiprvse.exe[2760] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                 000007f9f8151532 4 bytes [15, F8, F9, 07]
.text   C:\Windows\system32\wbem\wmiprvse.exe[2760] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                 000007f9f815153a 4 bytes [15, F8, F9, 07]
.text   C:\Windows\system32\wbem\wmiprvse.exe[2760] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                               000007f9f815165a 4 bytes [15, F8, F9, 07]
.text   C:\Program Files\Windows Defender\MsMpEng.exe[2576] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306                               000007f9fa9f177a 4 bytes [9F, FA, F9, 07]
.text   C:\Program Files\Windows Defender\MsMpEng.exe[2576] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314                               000007f9fa9f1782 4 bytes [9F, FA, F9, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[896] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                               000007f9f8151532 4 bytes [15, F8, F9, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[896] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                               000007f9f815153a 4 bytes [15, F8, F9, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[896] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                             000007f9f815165a 4 bytes [15, F8, F9, 07]
.text   C:\Windows\system32\nvvsvc.exe[5208] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                                                        000007f9f8151532 4 bytes [15, F8, F9, 07]
.text   C:\Windows\system32\nvvsvc.exe[5208] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                                                        000007f9f815153a 4 bytes [15, F8, F9, 07]
.text   C:\Windows\system32\nvvsvc.exe[5208] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                                                      000007f9f815165a 4 bytes [15, F8, F9, 07]
.text   C:\Windows\system32\nvvsvc.exe[5208] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                              000007f9fa9f177a 4 bytes [9F, FA, F9, 07]
.text   C:\Windows\system32\nvvsvc.exe[5208] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                              000007f9fa9f1782 4 bytes [9F, FA, F9, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6064] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                000007f9f8151532 4 bytes [15, F8, F9, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6064] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                000007f9f815153a 4 bytes [15, F8, F9, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6064] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                              000007f9f815165a 4 bytes [15, F8, F9, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2380] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                       000007f9f8151532 4 bytes [15, F8, F9, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2380] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                       000007f9f815153a 4 bytes [15, F8, F9, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2380] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                     000007f9f815165a 4 bytes [15, F8, F9, 07]
.text   C:\Windows\System32\rundll32.exe[2436] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                      000007f9f8151532 4 bytes [15, F8, F9, 07]
.text   C:\Windows\System32\rundll32.exe[2436] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                      000007f9f815153a 4 bytes [15, F8, F9, 07]
.text   C:\Windows\System32\rundll32.exe[2436] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                    000007f9f815165a 4 bytes [15, F8, F9, 07]
.text   C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[1168] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690    000007f9f8151532 4 bytes [15, F8, F9, 07]
.text   C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[1168] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698    000007f9f815153a 4 bytes [15, F8, F9, 07]
.text   C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[1168] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246  000007f9f815165a 4 bytes [15, F8, F9, 07]

---- User IAT/EAT - GMER 2.2 ----

IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!malloc]                                                   [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!memset]                                                   [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!_wcsnicmp]                                                [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!calloc]                                                   [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!_XcptFilter]                                              [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!_amsg_exit]                                               [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!_initterm]                                                [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!_lock]                                                    [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!_unlock]                                                  [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!__dllonexit]                                              [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!_onexit]                                                  [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!_errno]                                                   [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!??3@YAXPEAX@Z]                                            [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!realloc]                                                  [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!memcmp]                                                   [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!_wcsicmp]                                                 [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!??2@YAPEAX_K@Z]                                           [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!_purecall]                                                [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!??_V@YAXPEAX@Z]                                           [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!free]                                                     [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!??_U@YAPEAX_K@Z]                                          [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!qsort]                                                    [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!wcsstr]                                                   [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!memcpy_s]                                                 [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!_vsnwprintf]                                              [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!wcsrchr]                                                  [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!memmove_s]                                                [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!wcschr]                                                   [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[msvcrt.dll!memcpy]                                                   [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[ntdll.dll!RtlCaptureContext]                                         [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[ntdll.dll!RtlLookupFunctionEntry]                                    [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[ntdll.dll!RtlVirtualUnwind]                                          [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[ntdll.dll!NtQuerySystemInformation]                                  [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[ntdll.dll!WinSqmAddToStream]                                         [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!GetSystemFirmwareTable]                                 [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!CreateEventW]                                           [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!SetEvent]                                               [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!WaitForSingleObject]                                    [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!PackageFamilyNameFromId]                                [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!DuplicateHandle]                                        [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!ReadFile]                                               [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!WriteFile]                                              [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!SetFilePointerEx]                                       [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!RaiseException]                                         [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!DisableThreadLibraryCalls]                              [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!GetLastError]                                           [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!MultiByteToWideChar]                                    [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!Sleep]                                                  [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!QueryPerformanceCounter]                                [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!GetCurrentProcessId]                                    [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!GetCurrentThreadId]                                     [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!GetSystemTimeAsFileTime]                                [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!GetTickCount]                                           [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!UnhandledExceptionFilter]                               [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!SetUnhandledExceptionFilter]                            [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!GetCurrentProcess]                                      [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!TerminateProcess]                                       [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!OutputDebugStringA]                                     [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!GetComputerNameExW]                                     [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!GetFileAttributesW]                                     [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!GetFileMUIPath]                                         [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!CreateFileW]                                            [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!CloseHandle]                                            [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[KERNEL32.dll!GetFileSizeEx]                                          [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[ADVAPI32.dll!RegGetValueW]                                           [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[ADVAPI32.dll!RegOpenKeyExW]                                          [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[ADVAPI32.dll!RegCloseKey]                                            [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[ADVAPI32.dll!RegEnumKeyExW]                                          [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[ole32.dll!PropVariantClear]                                          [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[ole32.dll!PropVariantCopy]                                           [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[PROPSYS.dll!PSCreateMemoryPropertyStore]                             [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[WINTRUST.dll!WinVerifyTrustEx]                                       [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[WINTRUST.dll!CryptCATAdminCalcHashFromFileHandle]                    [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[WINTRUST.dll!WTHelperGetProvSignerFromChain]                         [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[WINTRUST.dll!WTHelperProvDataFromStateData]                          [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[CRYPT32.dll!CertVerifyCertificateChainPolicy]                        [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[CFGMGR32.dll!DevCreateObjectQuery]                                   [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[CFGMGR32.dll!DevCloseObjectQuery]                                    [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[CFGMGR32.dll!DevCreateObjectQueryFromId]                             [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[bcrypt.dll!BCryptGetProperty]                                        [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[bcrypt.dll!BCryptOpenAlgorithmProvider]                              [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[bcrypt.dll!BCryptDestroyHash]                                        [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[bcrypt.dll!BCryptCloseAlgorithmProvider]                             [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[bcrypt.dll!BCryptFinishHash]                                         [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[bcrypt.dll!BCryptHashData]                                           [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[bcrypt.dll!BCryptCreateHash]                                         [0]
IAT     C:\Windows\system32\svchost.exe[976] @ C:\Windows\System32\DevPropMgr.dll[XmlLite.dll!CreateXmlReader]                                         [0]

---- Threads - GMER 2.2 ----

Thread  C:\Windows\system32\csrss.exe [4980:6056]                                                                                                      fffff960008d05e8
Thread  C:\Windows\SYSTEM32\ntdll.dll [4888:4940]                                                                                                      000000000123c9c3
Thread  C:\Windows\SYSTEM32\ntdll.dll [4948:4972]                                                                                                      000000000040d8f8
Thread  C:\Windows\SYSTEM32\ntdll.dll [5064:5068]                                                                                                      00000000003124a4

---- Registry - GMER 2.2 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                              -831316808
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\681729c890d2                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\742f68ca94e7                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MpKsl514410b5                                                                                           
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MpKsl514410b5@Type                                                                                      1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MpKsl514410b5@Start                                                                                     1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MpKsl514410b5@ErrorControl                                                                              0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MpKsl514410b5@ImagePath                                                                                 \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{086F7EF4-C196-4E43-8915-CE19D9D79496}\MpKsl514410b5.sys
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MpKsl514410b5@DeviceName                                                                                MpKsl514410b5
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MpKsl514410b5@AllowedProcessName                                                                        \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MpKsl514410b5                                                                                           

---- Disk sectors - GMER 2.2 ----

Disk    \Device\Harddisk0\DR0                                                                                                                          unknown MBR code

---- EOF - GMER 2.2 ----


Kod: Zaznacz wszystko
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by Krzysztof (23-07-2017 07:30:39)
Running from C:\Users\Krzysztof\Desktop
Windows 8 (X64) (2017-01-04 08:21:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1747033925-522415250-2453238247-500 - Administrator - Disabled)
Guest (S-1-5-21-1747033925-522415250-2453238247-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1747033925-522415250-2453238247-1004 - Limited - Enabled)
Krzysztof (S-1-5-21-1747033925-522415250-2453238247-1002 - Administrator - Enabled) => C:\Users\Krzysztof
UpdatusUser (S-1-5-21-1747033925-522415250-2453238247-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0002 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS)
Badanie mające na celu poprawę produktów HP DeskJet 3630 series (HKLM\...\{268BD6C7-D8A4-4109-B92E-3CA886D1B178}) (Version: 40.11.1107.1739 - HP Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6623 - CDBurnerXP)
Google Chrome (HKU\S-1-5-21-1747033925-522415250-2453238247-1002\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
HP DeskJet 3630 series — podstawowe oprogramowanie urządzenia (HKLM\...\{127357AA-A635-4910-9B0D-60AEC40A1A2B}) (Version: 40.11.1107.1739 - HP Inc.)
HP DeskJet 3630 series Pomoc (HKLM-x32\...\{82B197EA-2166-463F-AB84-1AD084987093}) (Version: 35.0.0 - Hewlett Packard)
HP Dropbox Plugin (HKLM-x32\...\{8A3F1F3A-A88B-4090-83C6-3C4CBDE3F8CC}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{958F5926-D507-4C87-B83B-8D6CA34195D9}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.7.1084 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{AD0F3D6D-202A-4BAB-8838-0134531FD3AF}) (Version: 15.5.6.0460 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
NVIDIA Graphics Driver 311.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.00 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6829 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78716 - TeamViewer)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1747033925-522415250-2453238247-1002_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Krzysztof\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1747033925-522415250-2453238247-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Krzysztof\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ContextMenuHandlers03: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:\Windows\system32\mscoree.dll [2012-06-02] (Microsoft Corporation)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-10-15] (Intel Corporation)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-01-10] (NVIDIA Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0255B4A7-08C9-4DE9-96CE-F0ADDF390DE8} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2012-11-29] ()
Task: {4B7BFF02-7BA2-4972-A763-DB4721E26FEC} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {5188C674-8D19-4834-BE9C-0F002C9F94C1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1747033925-522415250-2453238247-1002UA => C:\Users\Krzysztof\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-04] (Google Inc.)
Task: {5EBACC0E-6717-4981-8C1E-00403F599198} - System32\Tasks\cenzura! HP DeskJet 3630 series => C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPCustPartic.exe [2017-02-08] (HP Inc.)
Task: {63B240C1-96AB-4F9D-A3FA-2162E9C9EED3} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-16] (AsusTek)
Task: {6DDEC4C2-65CD-4942-8404-6E57CA9058A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {75100240-4C65-4EAB-8C60-87AEEFE09CE0} - System32\Tasks\Opera scheduled Autoupdate 1500313585 => C:\Users\Krzysztof\AppData\Local\Programs\Opera\launcher.exe
Task: {7ECEAD57-7C33-4309-A4CD-047541C6FFF8} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {808F5EEE-6709-42A1-8FE1-78719866497C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1747033925-522415250-2453238247-1002Core => C:\Users\Krzysztof\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-04] (Google Inc.)
Task: {9A7058A3-2463-4768-8353-633900388788} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {B890A62F-B8B5-4C45-9D87-B0072753B8A6} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-29] (ASUS)
Task: {C560DC65-98E6-4AC2-8736-EA4EAC4BDC4C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {C943366F-1BF0-4A46-868E-65136524C891} - System32\Tasks\Opera scheduled suite Autoupdate 1500313592 => C:\Users\Krzysztof\AppData\Local\Programs\Opera\launcher.exe
Task: {DCB3E753-432A-496D-A05C-D8097A836395} - System32\Tasks\Yahoo! Powered mitom => C:\Windows\system32\wscript.exe "C:\ProgramData\{9CA159C2-16E3-D304-9025-4D460A67C688}\cide.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b39434131353943322d313645332d443330342d393032352d3444343630413637433638387d5c6c6f736f6e61" "433a5c50726f6772616d446174615c7b39434131353943322d313645332d443330342d393032 (the data entry has 78 more characters). <==== ATTENTION
Task: {F7ACE3A5-D8C1-43FF-8CF3-5041A9532787} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {F9974FE9-99B4-468B-A7A6-30559A68ED22} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Yahoo! Powered mitom.job => Wscript.exe  C:\ProgramData\{9CA159C2-16E3-D304-9025-4D460A67C688}\cide.txt <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-12-19 07:10 - 2012-12-19 07:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2012-11-29 18:15 - 2012-11-29 18:15 - 00171224 _____ () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2017-06-30 12:22 - 2017-06-30 12:22 - 00073728 _____ () C:\Program Files\CCleaner\lang\lang-1045.dll
2013-04-24 14:30 - 2012-10-15 05:09 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-11-14 15:12 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2017-07-22 21:35 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1747033925-522415250-2453238247-1002\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 62.179.1.60 - 62.179.1.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3E761433-81C0-4562-B98A-E756C0DC152B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{4C12551A-4571-4993-8B04-44FD6152E1C6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B7093449-4C34-46E0-BEEF-1E4AAF50CCF0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{4A9B6288-88DA-41A7-8CD9-FFED7FDDE650}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{64FA1B30-4A6C-4049-A6F7-4669C05EC95C}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{93FD8AF4-34AE-41A0-9D87-F7C5B9E4BC21}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{B0411732-396C-4A52-9FB1-5AF3220850E6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{808D8636-2269-4586-AF0B-E64BE4593162}C:\users\krzysztof\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\krzysztof\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{E335E805-9927-4B74-BE33-E2D29669BA73}C:\users\krzysztof\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\krzysztof\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{A1112929-2B3A-41FF-B952-B716B150B70A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{68C155E4-0656-4BE6-8C49-89EE3B67A3EE}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{42272B04-9E83-403C-9CEC-51C295D6D1DA}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\DeviceSetup.exe
FirewallRules: [{F3DDA054-C156-43F7-A318-2A80FDC75373}] => (Allow) LPort=5357
FirewallRules: [{B148769E-ADF6-4947-A4E9-C25EA808EAAF}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{53A8F3B0-3D62-4C7D-BC1C-22DA2A4B977F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{74FEFEFA-5D35-4A1E-81E4-1A448820E0AC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{ECEDC483-637A-418B-B5EB-ABA2076B0016}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{83A0BB61-DB00-475C-93B0-1794B2335055}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{D7233DD2-89A0-421C-9E83-6839268C01BC}C:\users\krzysztof\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\krzysztof\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{A7B9233C-5859-4514-A6AB-68112DA54E8D}C:\users\krzysztof\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\krzysztof\appdata\local\google\chrome\application\chrome.exe

==================== Restore Points =========================

26-06-2017 18:48:09 Windows Update
07-07-2017 20:29:13 Windows Update
10-07-2017 20:43:48 Windows Update
17-07-2017 19:13:13 Windows Update
22-07-2017 21:54:35 Windows Live Essentials
22-07-2017 21:55:05 WLSetup

==================== Faulty Device Manager Devices =============

Name: Intel(R) Centrino(R) Wireless Bluetooth(R) 4.0 + High Speed Adapter
Description: Intel(R) Centrino(R) Wireless Bluetooth(R) 4.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2017 06:17:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Explorer.EXE w wersji 6.2.9200.16628 przestał współpracować z systemem Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji na temat tego problemu, sprawdź historię problemu w aplecie Centrum akcji w Panelu sterowania.

Identyfikator procesu: 1a30

Godzina rozpoczęcia: 01d2ff8442758a75

Godzina zakończenia: 0

Ścieżka aplikacji: C:\Windows\Explorer.EXE

Identyfikator raportu: 57929b86-6b78-11e7-be82-d850e61cb6da

Pełna nazwa pakietu powodującego błąd:

Identyfikator aplikacji względem pakietu powodującego błąd:

Error: (07/17/2017 07:13:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswKbd.

System Error:
The system cannot find the file specified.
.

Error: (07/13/2017 07:48:56 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Z powodu wystąpienia problemu dane Programu poprawy jakości obsługi klienta nie zostały wysłane do firmy Microsoft. (Błąd 80070005).

Error: (06/26/2017 06:34:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program ByteFence.exe w wersji 3.9.0.0 przestał współpracować z systemem Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji na temat tego problemu, sprawdź historię problemu w aplecie Centrum akcji w Panelu sterowania.

Identyfikator procesu: 248

Godzina rozpoczęcia: 01d2e87a812ae2f4

Godzina zakończenia: 60000

Ścieżka aplikacji: C:\Program Files\ByteFence\ByteFence.exe

Identyfikator raportu: 7edfd947-5a95-11e7-be81-d850e61cb6da

Pełna nazwa pakietu powodującego błąd:

Identyfikator aplikacji względem pakietu powodującego błąd:

Error: (06/26/2017 06:31:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: ModuleCoreService.exe, wersja: 1.4.137.0, sygnatura czasowa: 0x57f7ddd2
Nazwa modułu powodującego błąd: ModuleCoreService.exe, wersja: 1.4.137.0, sygnatura czasowa: 0x57f7ddd2
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x0000000000009c80
Identyfikator procesu powodującego błąd: 0xb90
Godzina uruchomienia aplikacji powodującej błąd: 0x01d2de31b6d803aa
Ścieżka aplikacji powodującej błąd: C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
Ścieżka modułu powodującego błąd: C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
Identyfikator raportu: 45d61292-5a95-11e7-be81-d850e61cb6da
Pełna nazwa pakietu powodującego błąd:
Identyfikator aplikacji względem pakietu powodującego błąd:

Error: (06/11/2017 10:51:50 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Z powodu wystąpienia problemu dane Programu poprawy jakości obsługi klienta nie zostały wysłane do firmy Microsoft. (Błąd 80070005).

Error: (06/11/2017 02:13:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JACO)
Description: Aktywacja aplikacji Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic nie powiodła się. Błąd: -2144927142. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa.

Error: (06/11/2017 02:13:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program wwahost.exe w wersji 6.2.9200.16420 przestał współpracować z systemem Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji na temat tego problemu, sprawdź historię problemu w aplecie Centrum akcji w Panelu sterowania.

Identyfikator procesu: 13ac

Godzina rozpoczęcia: 01d2e2b479b42fd7

Godzina zakończenia: 4294967295

Ścieżka aplikacji: C:\Windows\system32\wwahost.exe

Identyfikator raportu: c1fa3401-4ea7-11e7-be81-d850e61cb6da

Pełna nazwa pakietu powodującego błąd: Microsoft.ZuneMusic_1.1.144.0_x64__8wekyb3d8bbwe

Identyfikator aplikacji względem pakietu powodującego błąd: Microsoft.ZuneMusic

Error: (06/11/2017 02:13:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: JACO)
Description: Aplikacja Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic nie została uruchomiona w wyznaczonym czasie.

Error: (06/08/2017 06:13:07 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Z powodu wystąpienia problemu dane Programu poprawy jakości obsługi klienta nie zostały wysłane do firmy Microsoft. (Błąd 80070005).


System errors:
=============
Error: (07/22/2017 09:44:35 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (07/22/2017 09:43:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
i identyfikatorem aplikacji APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
użytkownikowi NT AUTHORITY\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.

Error: (07/22/2017 09:41:49 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Serwer {209500FC-6B45-4693-8871-6296C4843751} nie zarejestrował się w modelu DCOM w wymaganym czasie.

Error: (07/22/2017 09:41:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Usługa Interactive Services Detection zakończyła działanie; wystąpił następujący błąd:
Niepoprawna funkcja.

Error: (07/22/2017 09:39:34 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Odebrano alert krytyczny ze zdalnego punktu końcowego. Kod alertu krytycznego zdefiniowany przez protokół TLS to 20.

Error: (07/22/2017 09:38:42 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Wygenerowano alert krytyczny, który został wysłany do zdalnego punktu końcowego. W efekcie połączenie może zostać zakończone. Kod błędu krytycznego zdefiniowany przez protokół TLS to 10. Kod stanu błędu SChannel w systemie Windows to 10.

Error: (07/22/2017 09:36:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa McAfee SiteAdvisor Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 3000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service.

Error: (07/18/2017 07:49:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
i identyfikatorem aplikacji APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
użytkownikowi NT AUTHORITY\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.

Error: (07/18/2017 07:42:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0xc190010f: English (United Kingdom) ESD Bundle Parent.

Error: (07/17/2017 09:20:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Usługa Interactive Services Detection zakończyła działanie; wystąpił następujący błąd:
Niepoprawna funkcja.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3537U CPU @ 2.00GHz
Percentage of memory in use: 29%
Total physical RAM: 8077.54 MB
Available physical RAM: 5729.18 MB
Total Virtual: 9293.54 MB
Available Virtual: 6902.32 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:237.78 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:398.07 GB) (Free:191.16 GB) NTFS
Drive f: () (Removable) (Total:3.65 GB) (Free:3.51 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: FC284CB7)

Partition: GPT.

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: D4155932)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)

==================== End of Addition.txt ============================




Kod: Zaznacz wszystko
Users shortcut scan result (x64) Version: 18-07-2017
Ran by Krzysztof (23-07-2017 07:30:52)
Running from C:\Users\Krzysztof\Desktop
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk -> C:\Program Files\CDBurnerXP\cdbxpp.exe (Canneverbe Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AT Service.lnk -> C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) WiDi.lnk -> C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk -> C:\Windows\WinStore\WinStore.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Co nowego.lnk -> C:\Program Files (x86)\Winamp\whatsnew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Odinstaluj Winampa.lnk -> C:\Program Files (x86)\Winamp\UninstWA.exe (Nullsoft, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Winamp.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation\Intel(R) WiDi\Intel(R) WiDi.lnk -> C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Graphics and Media Control Panel.lnk -> C:\Windows\System32\GfxUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe (Visan / RocketLife)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\Odinstaluj HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP DeskJet 3630 series\HP TWAIN Administration.lnk -> C:\Program Files (x86)\HP\HP DeskJet 3630 series\bin\TwainUtilityUI.exe (HP Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUSDVD\ASUSDVD.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS Install.lnk -> C:\eSupport\eDriver\AsInsWiz.exe (ASUSTek Computer INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS InstantOn.lnk -> C:\Windows\Installer\{749F674B-2674-47E8-879C-5626A06B2A91}\_5B8402CB2A97F1B792BC77.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS Live Update.Lnk -> C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\eManual.Lnk -> C:\eSupport\Manual\eManual.exe (ASUSTek Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\LifeFrame.lnk -> C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe (ASUSTek Computer Inc. All rights reserved.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Power4Gear Hybrid.lnk -> C:\Windows\Installer\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}\_E1C683070CBA8103C92CF8.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\USB Charger Plus.lnk -> C:\Windows\Installer\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}\_E8FD568838FE0C8B34DA59.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\WinFlash.Lnk -> C:\Program Files (x86)\ASUS\WinFlash\WinFlash.exe (ASUSTek Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\WebStorage Sync Agent\WebStorage Sync Agent.lnk -> C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe (ASUS Cloud Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\MyBitCast\MyBitcast.lnk -> C:\Program Files (x86)\ASUS\MyBitCast\MyBitCast.exe (Asus)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\MyBitCast\Uninstall.lnk -> C:\Program Files (x86)\ASUS\MyBitCast\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS Splendid Utility\Splendid Utility.Lnk -> C:\Program Files (x86)\ASUS\Splendid\ACVT.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\Links\SkyDrive.lnk -> C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk -> C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Libraries ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Help.lnk -> C:\Windows\HelpPane.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Krzysztof\Links\Desktop.lnk -> C:\Users\Krzysztof\Desktop ()
Shortcut: C:\Users\Krzysztof\Links\Downloads.lnk -> C:\Users\Krzysztof\Downloads ()
Shortcut: C:\Users\Krzysztof\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\Krzysztof\Links\SkyDrive.lnk -> C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\Krzysztof\Desktop\Google Chrome.lnk -> C:\Users\Krzysztof\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Krzysztof\Desktop\Komputer — skrót.lnk -> System Folder
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Users\Krzysztof\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk -> C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Libraries ()
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Help.lnk -> C:\Windows\HelpPane.exe (Microsoft Corporation)
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Users\Krzysztof\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ASUS Install.lnk -> C:\eSupport\eDriver\AsInsWiz.exe (ASUSTek Computer INC.)
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\eManual.Lnk -> C:\eSupport\Manual\eManual.exe (ASUSTek Computer Inc.)
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Libraries ()
Shortcut: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Users\Krzysztof\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\WildTangentGames.-GamesApp-_qt5r5pa5dyg8m\WTGames.lnk -> Tile and icon assets
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneVideo_8wekyb3d8bbwe\Microsoft.ZuneVideo.lnk -> Tile and icon assets
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic.lnk -> Tile and icon assets
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxLIVEGames_8wekyb3d8bbwe\Microsoft.XboxLIVEGames.lnk -> Tile and icon assets
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowsphotos_8wekyb3d8bbwe\Microsoft.WindowsLive.ModernPhotos.lnk -> Tile and icon assets
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Calendar.lnk -> [LFY1SPSOYMGm=Microsoft Corporation1SPSU(Ly9K-cC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbweu2microsoft.windowscommunicationsapps_8wekyb3d8bbweQmicrosoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.CalendarFmicrosoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe1SPSwlE[([8װi1SPS0%G`Mms-resource:calendarAppTitle1SPSMԆi<D*TMms-resource:calendarAppTitleQ3]%ModernCalendar\CalendarSmallLogo.pngQ ModernCalendar\CalendarLogo.pngY$ModernCalendar\CalendarWideLogo.pngU!ModernCalendar\CalendarBadge.png-] (No File)
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Chat.lnk -> [LFoY1SPSOYMGm=Microsoft Corporation1SPSU(Ly9K-cC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbweu2microsoft.windowscommunicationsapps_8wekyb3d8bbweMmicrosoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.ChatFmicrosoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe1SPSwlE[([8װa1SPS0%G`Ems-resource:chatAppTitle1SPSMԆi<D*TEms-resource:chatAppTitleQModernChat\messaging_small.pngEModernChat\messaging.pngMModernChat\messaging_wide.pngQModernChat\messaging_badge.png)] (No File)
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Mail.lnk -> [LFwY1SPSOYMGm=Microsoft Corporation1SPSU(Ly9K-cC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbweu2microsoft.windowscommunicationsapps_8wekyb3d8bbweMmicrosoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.MailFmicrosoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe1SPSwlE[([8װa1SPS0%G`Ems-resource:mailAppTitle1SPSMԆi<D*TEms-resource:mailAppTitleU!ModernMail\Res\MailSmallLogo.pngIModernMail\Res\MailLogo.pngQ ModernMail\Res\MailWideLogo.pngMModernMail\Res\MailBadge.png)] (No File)
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.People.lnk -> [LFFY1SPSOYMGm=Microsoft Corporation1SPSU(Ly9K-cC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbweu2microsoft.windowscommunicationsapps_8wekyb3d8bbweOmicrosoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.PeopleFmicrosoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe1SPSwlE[([8װy1SPS0%G`]%ms-resource:///strings/peopleAppName1SPSMԆi<D*T]%ms-resource:///strings/peopleAppNameG&MModernPeople\PeopleSmall.pngAModernPeople\People.pngIModernPeople\PeopleWide.png!] (No File)
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Studios.PinballFx2_8wekyb3d8bbwe\App.lnk -> [LFQ1SPSOYMGm5Microsoft StudiosM1SPSU(Ly9K-WC:\Program Files\WindowsApps\Microsoft.Studios.PinballFx2_1.3.0.452_x86__8wekyb3d8bbwei+Microsoft.Studios.PinballFx2_8wekyb3d8bbweq/Microsoft.Studios.PinballFx2_8wekyb3d8bbwe!App:Microsoft.Studios.PinballFx2_1.3.0.452_x86__8wekyb3d8bbwe1SPSwlE[([8װE1SPS0%G`)Pinball FX21SPSMԆi<D*T)Pinball FX2m.data_win8\assets\package\small_logo_30x30.pnge*data_win8\assets\package\logo_150x150.pnge*data_win8\assets\package\wide_310x150.png!] (No File)
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.SkypeApp_kzf8qxf38zg5c\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Reader_8wekyb3d8bbwe\Microsoft.Reader.lnk -> Tile and icon assets
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.microsoftskydrive_8wekyb3d8bbwe\Microsoft.MicrosoftSkyDrive.lnk -> Tile and icon assets
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.FreshPaint_8wekyb3d8bbwe\Microsoft.FreshPaint.lnk -> Tile and icon assets
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Camera_8wekyb3d8bbwe\Microsoft.Camera.lnk -> Tile and icon assets
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Bing_8wekyb3d8bbwe\Microsoft.Bing.lnk -> Tile and icon assets
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingWeather_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingTravel_8wekyb3d8bbwe\AppexTravel.lnk -> Tile and icon assets
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingSports_8wekyb3d8bbwe\AppexSports.lnk -> Tile and icon assets
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingNews_8wekyb3d8bbwe\AppexNews.lnk -> Tile and icon assets
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingMaps_8wekyb3d8bbwe\AppexMaps.lnk -> Tile and icon assets
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFinance_8wekyb3d8bbwe\AppexFinance.lnk -> Tile and icon assets
Shortcut: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\Application Shortcuts\MAGIX.MusicMakerJam_a2t3txkz9j1jw\MAGIX.MusicMakerJam.App.lnk -> Tile and icon assets
Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\CDBurnerXP.lnk -> C:\Program Files\CDBurnerXP\cdbxpp.exe (Canneverbe Limited)
Shortcut: C:\Users\Public\Desktop\HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe (Visan / RocketLife)
Shortcut: C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk -> C:\Program Files (x86)\HP\Diagnostics\PSDR\HPPSDr.exe ()
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}\SkypeIcon.exe ()
Shortcut: C:\Users\Public\Desktop\TeamViewer 12.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\Users\Public\Desktop\Winamp.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
Shortcut: C:\Users\Public\Desktop\Zakup materiałów eksploatacyjnych - HP DeskJet 3630 series.lnk -> C:\Program Files\HP\HP DeskJet 3630 series\Bin\hpqDTSS.exe (HP Inc.)
Shortcut: C:\Users\UpdatusUser\Links\SkyDrive.lnk -> C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk -> C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Libraries (No File)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Help.lnk -> C:\Windows\HelpPane.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE (Microsoft Corporation) -> /OEM
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Winamp (Tryb awaryjny).lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.) -> /SAFE=1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless\WiFi Advanced Statistics.lnk -> C:\Program Files\Common Files\Intel\WirelessCommon\imFrmwrk.exe (Intel(R) Corporation) -> /sf Advanced Statistics
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless\WiFi Event Viewer.lnk -> C:\Program Files\Common Files\Intel\WirelessCommon\imFrmwrk.exe (Intel(R) Corporation) -> /sf Wireless Event Viewer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless\WiFi Manual Diagnostics.lnk -> C:\Program Files\Common Files\Intel\WirelessCommon\imFrmwrk.exe (Intel(R) Corporation) -> /sf Wireless Diagnostics
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP DeskJet 3630 series\HP DeskJet 3630 series.lnk -> C:\Program Files\HP\HP DeskJet 3630 series\Bin\HP DeskJet 3630 series.exe (HP Inc.) -> -Start UDCDevicePage
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Casual Games.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Enthusiast Games.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Family Games.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Kids Games.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All MMO Games.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d58eecb0-0816-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c3c636e0-1b04-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3eda1e54-8889-41f5-a649-5a306789b7ef}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{26352374-af55-4b53-b07b-6b0288ed97df}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{000d96f5-8034-4b74-a429-b6f0b04c75f4}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildGames\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gameexploreroem
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Krzysztof\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Public\Desktop\HP DeskJet 3630 series.lnk -> C:\Program Files\HP\HP DeskJet 3630 series\Bin\HP DeskJet 3630 series.exe (HP Inc.) -> -Start UDCDevicePage
ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> URL: hxxp://www.piriform.com/ccleaner
InternetURL: C:\Users\Krzysztof\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Krzysztof\Favorites\ASUS E-Service\ASUS Homepage.url -> URL: hxxp://www.asus.com/
InternetURL: C:\Users\Krzysztof\Favorites\ASUS E-Service\ASUS Member.url -> URL: hxxp://member.asus.com/
InternetURL: C:\Users\Krzysztof\Favorites\ASUS E-Service\ASUS Software Download.url -> URL: hxxp://support.asus.com/download
InternetURL: C:\Users\Krzysztof\Favorites\ASUS E-Service\ASUS Technical Support.url -> URL: hxxp://support.asus.com/

==================== End of Shortcut.txt =============================



Kod: Zaznacz wszystko
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
Ran by Krzysztof (administrator) on JACO (23-07-2017 07:30:14)
Running from C:\Users\Krzysztof\Desktop
Loaded Profiles: UpdatusUser & Krzysztof (Available Profiles: UpdatusUser & Krzysztof)
Platform: Windows 8 (X64) Language: Angielski (Wielka Brytania)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Intel Corporation) C:\Windows\System32\cenzura!.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s**RtHDVCpl****C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s**kernel32.dll*
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1747033925-522415250-2453238247-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-1747033925-522415250-2453238247-1002\...\MountPoints2: {fc518cb5-6b1e-11e7-be82-d850e61cb6da} - "F:\startme.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-01-10] (NVIDIA Corporation)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 62.179.1.60 62.179.1.61
Tcpip\..\Interfaces\{08AA78EF-4F11-4BC9-BABA-1BA29DC28406}: [DhcpNameServer] 62.179.1.60 62.179.1.61

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1747033925-522415250-2453238247-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1747033925-522415250-2453238247-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-1747033925-522415250-2453238247-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1747033925-522415250-2453238247-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyCtC0C0ByC0D0A0A0ByEzytN0D0Tzu0StCzzyByCtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyE0DyByCyD0B0CtBtGyDyE0E0CtGtDyE0AzytGtBtA0FyBtGtDzz0FyEtDtDtCyDtA0E0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyCyDtBtAtB0DyCtGzy0AzzyBtGyEtD0F0AtG0AyDtBtAtG0FtA0E0EyE0Azz0F0AyB0F0F2QtN0A0LzuyE%26cr%3D2053810049%26a%3Dwbf_ir_17_07%26os_ver%3D6.2%26os%3DWindows%2B8&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyCtC0C0ByC0D0A0A0ByEzytN0D0Tzu0StCzzyByCtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyE0DyByCyD0B0CtBtGyDyE0E0CtGtDyE0AzytGtBtA0FyBtGtDzz0FyEtDtDtCyDtA0E0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyCyDtBtAtB0DyCtGzy0AzzyBtGyEtD0F0AtG0AyDtBtAtG0FtA0E0EyE0Azz0F0AyB0F0F2QtN0A0LzuyE%26cr%3D2053810049%26a%3Dwbf_ir_17_07%26os_ver%3D6.2%26os%3DWindows%2B8&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyCtC0C0ByC0D0A0A0ByEzytN0D0Tzu0StCzzyByCtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyE0DyByCyD0B0CtBtGyDyE0E0CtGtDyE0AzytGtBtA0FyBtGtDzz0FyEtDtDtCyDtA0E0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyCyDtBtAtB0DyCtGzy0AzzyBtGyEtD0F0AtG0AyDtBtAtG0FtA0E0EyE0Azz0F0AyB0F0F2QtN0A0LzuyE%26cr%3D2053810049%26a%3Dwbf_ir_17_07%26os_ver%3D6.2%26os%3DWindows%2B8&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyCtC0C0ByC0D0A0A0ByEzytN0D0Tzu0StCzzyByCtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyE0DyByCyD0B0CtBtGyDyE0E0CtGtDyE0AzytGtBtA0FyBtGtDzz0FyEtDtDtCyDtA0E0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyCyDtBtAtB0DyCtGzy0AzzyBtGyEtD0F0AtG0AyDtBtAtG0FtA0E0EyE0Azz0F0AyB0F0F2QtN0A0LzuyE%26cr%3D2053810049%26a%3Dwbf_ir_17_07%26os_ver%3D6.2%26os%3DWindows%2B8&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1747033925-522415250-2453238247-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyCtC0C0ByC0D0A0A0ByEzytN0D0Tzu0StCzzyByCtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyE0DyByCyD0B0CtBtGyDyE0E0CtGtDyE0AzytGtBtA0FyBtGtDzz0FyEtDtDtCyDtA0E0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyCyDtBtAtB0DyCtGzy0AzzyBtGyEtD0F0AtG0AyDtBtAtG0FtA0E0EyE0Azz0F0AyB0F0F2QtN0A0LzuyE%26cr%3D2053810049%26a%3Dwbf_ir_17_07%26os_ver%3D6.2%26os%3DWindows%2B8&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1747033925-522415250-2453238247-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyCtC0C0ByC0D0A0A0ByEzytN0D0Tzu0StCzzyByCtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyE0DyByCyD0B0CtBtGyDyE0E0CtGtDyE0AzytGtBtA0FyBtGtDzz0FyEtDtDtCyDtA0E0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyCyDtBtAtB0DyCtGzy0AzzyBtGyEtD0F0AtG0AyDtBtAtG0FtA0E0EyE0Azz0F0AyB0F0F2QtN0A0LzuyE%26cr%3D2053810049%26a%3Dwbf_ir_17_07%26os_ver%3D6.2%26os%3DWindows%2B8&p={searchTerms}
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin HKU\S-1-5-21-1747033925-522415250-2453238247-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Krzysztof\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-1747033925-522415250-2453238247-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Krzysztof\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Krzysztof\AppData\Local\Google\Chrome\User Data\Default [2017-07-22]
CHR Extension: (Dokumenty Google) - C:\Users\Krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-04]
CHR Extension: (Dysk Google) - C:\Users\Krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-04]
CHR Extension: (YouTube) - C:\Users\Krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-04]
CHR Extension: (Dokumenty Google offline) - C:\Users\Krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-04]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-04]
CHR Extension: (Chrome Media Router) - C:\Users\Krzysztof\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-17]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1747033925-522415250-2453238247-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 cenzura!; C:\Windows\system32\cenzura!.exe [31632 2013-01-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [33168 2013-01-18] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107920 2013-01-18] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [43408 2013-01-18] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [65424 2013-01-18] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229776 2013-01-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363920 2013-01-18] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R1 MpKsl2a9bd021; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A12E867E-BC20-411A-B074-F0B7585C3C12}\MpKsl2a9bd021.sys [44928 2017-07-23] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-23 07:30 - 2017-07-23 07:30 - 00018039 _____ C:\Users\Krzysztof\Desktop\FRST.txt
2017-07-23 07:29 - 2017-07-23 07:30 - 00000000 ____D C:\FRST
2017-07-23 07:25 - 2017-07-23 07:11 - 02382336 _____ (Farbar) C:\Users\Krzysztof\Desktop\FRST64.exe
2017-07-23 07:25 - 2017-07-23 07:10 - 00380928 _____ C:\Users\Krzysztof\Desktop\qcbgym89.exe
2017-07-22 22:06 - 2017-05-30 21:45 - 00565416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-07-22 22:02 - 2017-07-22 22:02 - 00102222 _____ C:\Users\Krzysztof\Documents\cc_20170722_220240.reg
2017-07-22 21:59 - 2017-07-22 21:59 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-07-22 21:59 - 2017-07-22 21:59 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-07-22 21:59 - 2017-07-22 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-07-22 21:59 - 2017-07-22 21:59 - 00000000 ____D C:\Program Files\CCleaner
2017-07-22 21:57 - 2017-07-22 21:57 - 00000000 ____D C:\Users\Krzysztof\AppData\Local\Windows Live
2017-07-22 21:53 - 2012-10-24 20:44 - 00656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall3212645.exe
2017-07-18 06:16 - 2017-07-18 06:16 - 00000000 ____D C:\Users\Krzysztof\Downloads\opera autoupdate
2017-07-17 19:09 - 2017-07-17 19:09 - 00000000 ____D C:\Users\Public\CyberLink
2017-07-17 19:08 - 2017-07-17 19:08 - 00000000 ____D C:\Users\Krzysztof\AppData\Local\Cyberlink
2017-07-17 19:07 - 2017-07-17 19:07 - 00000000 ____D C:\Users\Krzysztof\Documents\CyberLink
2017-07-17 19:07 - 2017-07-17 19:07 - 00000000 ____D C:\Users\Krzysztof\AppData\Roaming\CyberLink
2017-07-17 19:07 - 2017-07-17 19:07 - 00000000 ____D C:\ProgramData\CyberLink
2017-07-17 18:59 - 2017-07-17 18:59 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2017-07-17 18:58 - 2017-07-17 18:58 - 00001750 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2017-07-17 18:58 - 2017-07-17 18:58 - 00001694 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2017-07-17 18:58 - 2017-07-17 18:58 - 00000000 ____D C:\Users\Krzysztof\AppData\Roaming\Canneverbe Limited
2017-07-17 18:58 - 2017-07-17 18:58 - 00000000 ____D C:\Program Files\CDBurnerXP
2017-07-17 18:54 - 2017-07-17 18:54 - 00000000 ____D C:\Users\Krzysztof\AppData\Local\CEF
2017-07-17 18:51 - 2017-07-17 18:59 - 00360792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.150031441773406
2017-07-17 18:51 - 2017-07-17 18:59 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.150075612562503
2017-07-17 18:48 - 2017-07-17 18:48 - 00000000 ____D C:\Program Files (x86)\AskTBar
2017-07-17 18:47 - 2017-07-22 21:49 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-17 18:46 - 2017-07-22 21:51 - 00000000 ____D C:\Users\Krzysztof\AppData\Roaming\Opera Software
2017-07-17 18:46 - 2017-07-22 21:51 - 00000000 ____D C:\Users\Krzysztof\AppData\Local\Opera Software
2017-07-17 18:46 - 2017-07-17 18:46 - 00004292 _____ C:\Windows\System32\Tasks\Opera scheduled suite Autoupdate 1500313592
2017-07-17 18:46 - 2017-07-17 18:46 - 00004108 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1500313585
2017-07-17 18:32 - 2017-07-17 19:01 - 00000000 ____D C:\Users\Krzysztof\Desktop\działka
2017-07-07 19:40 - 2017-07-22 22:03 - 00059904 ___SH C:\Users\Krzysztof\Desktop\Thumbs.db

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-23 07:39 - 2017-03-10 06:31 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1747033925-522415250-2453238247-1002
2017-07-23 07:35 - 2017-02-19 19:35 - 00000996 _____ C:\Windows\Tasks\Yahoo! Powered mitom.job
2017-07-23 07:33 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2017-07-23 07:32 - 2012-07-26 09:12 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-23 07:29 - 2017-01-04 09:48 - 00800978 _____ C:\Windows\system32\perfh015.dat
2017-07-23 07:29 - 2017-01-04 09:48 - 00162080 _____ C:\Windows\system32\perfc015.dat
2017-07-23 07:29 - 2012-08-03 00:15 - 00791608 _____ C:\Windows\system32\perfh013.dat
2017-07-23 07:29 - 2012-08-03 00:15 - 00161136 _____ C:\Windows\system32\perfc013.dat
2017-07-23 07:29 - 2012-08-03 00:11 - 00787034 _____ C:\Windows\system32\perfh010.dat
2017-07-23 07:29 - 2012-08-03 00:11 - 00155158 _____ C:\Windows\system32\perfc010.dat
2017-07-23 07:29 - 2012-08-03 00:06 - 00796080 _____ C:\Windows\system32\perfh00C.dat
2017-07-23 07:29 - 2012-08-03 00:06 - 00157634 _____ C:\Windows\system32\perfc00C.dat
2017-07-23 07:29 - 2012-08-03 00:02 - 00747858 _____ C:\Windows\system32\perfh007.dat
2017-07-23 07:29 - 2012-08-03 00:02 - 00157910 _____ C:\Windows\system32\perfc007.dat
2017-07-23 07:29 - 2012-07-26 08:28 - 05513488 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-23 07:29 - 2012-07-26 06:37 - 00000000 ____D C:\Windows\Inf
2017-07-23 07:28 - 2017-02-06 21:14 - 00000000 ____D C:\Users\Krzysztof\Desktop\jacek
2017-07-23 07:27 - 2017-01-04 09:22 - 00000062 _____ C:\Users\Krzysztof\AppData\Roaming\sp_data.sys
2017-07-23 06:41 - 2012-07-26 08:59 - 00000000 ____D C:\Windows\CbsTemp
2017-07-22 22:20 - 2017-02-19 19:22 - 00000000 ____D C:\Users\Krzysztof\AppData\Roaming\Winamp
2017-07-22 22:07 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2017-07-22 22:01 - 2017-06-05 20:26 - 00000000 ____D C:\Windows\Minidump
2017-07-22 22:01 - 2017-03-19 20:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-07-22 22:01 - 2012-08-02 23:24 - 00000000 ____D C:\Windows\Panther
2017-07-22 21:55 - 2012-07-26 10:43 - 00000000 ____D C:\Windows\en-GB
2017-07-22 21:55 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-22 21:54 - 2017-01-10 17:53 - 00000000 ____D C:\Users\Krzysztof\AppData\Roaming\Skype
2017-07-22 21:54 - 2013-04-26 00:20 - 00000000 ____D C:\Program Files (x86)\WildGames
2017-07-22 21:53 - 2013-04-26 00:19 - 00000000 ____D C:\ProgramData\WildTangent
2017-07-22 21:50 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-22 21:49 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-07-22 21:47 - 2017-04-24 19:16 - 00000000 ____D C:\Users\Krzysztof\Desktop\daniel
2017-07-22 21:47 - 2017-04-06 22:48 - 00000000 ____D C:\Users\Krzysztof\Desktop\piotrek
2017-07-22 21:45 - 2013-04-26 00:18 - 00000000 ____D C:\Program Files\Common Files\mcafee
2017-07-22 21:42 - 2012-07-26 09:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-07-22 21:35 - 2017-02-19 19:35 - 00000000 ____D C:\ProgramData\{9CA159C2-16E3-D304-9025-4D460A67C688}
2017-07-22 21:15 - 2017-05-07 22:42 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2017-07-22 21:15 - 2017-05-07 22:42 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2017-07-22 21:13 - 2017-01-10 17:52 - 00000000 ____D C:\ProgramData\Skype
2017-07-18 07:42 - 2014-11-22 08:14 - 00000000 ___HD C:\$Windows.~BT
2017-07-17 19:35 - 2017-02-19 19:35 - 00000000 ____D C:\Users\Krzysztof\AppData\Local\wincy
2017-07-17 19:18 - 2017-01-11 19:57 - 00000000 ____D C:\Windows\system32\MRT
2017-07-17 19:15 - 2017-01-11 19:56 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-17 18:35 - 2017-03-06 22:35 - 00000240 _____ C:\Users\Krzysztof\AppData\Roaming\WB.CFG
2017-07-15 09:38 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\NDF
2017-07-07 20:04 - 2017-03-19 20:04 - 00000973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-07-07 20:04 - 2017-03-19 20:04 - 00000961 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-06-30 21:20 - 2017-01-04 10:25 - 00002414 _____ C:\Users\Krzysztof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-30 21:20 - 2017-01-04 10:25 - 00002406 _____ C:\Users\Krzysztof\Desktop\Google Chrome.lnk
2017-06-30 05:45 - 2017-04-12 21:37 - 00000000 ___RD C:\Program Files (x86)\Skype

==================== Files in the root of some directories =======

2017-01-04 09:22 - 2017-07-23 07:27 - 0000062 _____ () C:\Users\Krzysztof\AppData\Roaming\sp_data.sys
2017-03-06 22:35 - 2017-07-17 18:35 - 0000240 _____ () C:\Users\Krzysztof\AppData\Roaming\WB.CFG
2017-03-09 22:17 - 2017-03-09 22:17 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-04-26 00:15 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-26 00:15 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-26 00:15 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2017-07-22 21:53 - 2012-10-24 20:44 - 0656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall3212645.exe

Files to move or delete:
====================
C:\ProgramData\uninstall3212645.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-18 07:50

==================== End of FRST.txt ============================
Intel Core i5 6500, Mushkin Silverline DDR4 16GB, Radeon RX 470 4GB, Seagate ST1000DM003 1 TB,Segate baracude 500GB, Lg L227WT 22''
Awatar użytkownika
cinek_1111
~user
 
Posty: 1385
Dołączenie: 10 Wrz 2006, 19:51
Pochwały: 56



Wolno chodzi laptop

Postprzez ordynat 23 Lip 2017, 11:54

Nie widzę tu jakiejś szczególnej infekcji.

Uruchom FRST. NA klawiaturze naciśnij jednocześnie CTRL+Y.Otworzy się Notatnik - wklej do niego:
Task: C:\Windows\Tasks\Yahoo! Powered mitom.job => Wscript.exe C:\ProgramData\{9CA159C2-16E3-D304-9025-4D460A67C688}\cide.txt <==== ATTENTION
Task: {DCB3E753-432A-496D-A05C-D8097A836395} - System32\Tasks\Yahoo! Powered mitom => C:\Windows\system32\wscript.exe "C:\ProgramData\{9CA159C2-16E3-D304-9025-4D460A67C688}\cide.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b39434131353943322d313645332d443330342d393032352d3444343630413637433638387d5c6c6f736f6e61" "433a5c50726f6772616d446174615c7b39434131353943322d313645332d443330342d393032 (the data entry has 78 more characters). <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
C:\ProgramData\Ament.ini
C:\ProgramData\uninstall3212645.exe
C:\Program Files (x86)\AskTBar
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyCtC0C0ByC0D0A0A0ByEzytN0D0Tzu0StCzzyByCtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyE0DyByCyD0B0CtBtGyDyE0E0CtGtDyE0AzytGtBtA0FyBtGtDzz0FyEtDtDtCyDtA0E0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyCyDtBtAtB0DyCtGzy0AzzyBtGyEtD0F0AtG0AyDtBtAtG0FtA0E0EyE0Azz0F0AyB0F0F2QtN0A0LzuyE%26cr%3D2053810049%26a%3Dwbf_ir_17_07%26os_ver%3D6.2%26os%3DWindows%2B8&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyCtC0C0ByC0D0A0A0ByEzytN0D0Tzu0StCzzyByCtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyE0DyByCyD0B0CtBtGyDyE0E0CtGtDyE0AzytGtBtA0FyBtGtDzz0FyEtDtDtCyDtA0E0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyCyDtBtAtB0DyCtGzy0AzzyBtGyEtD0F0AtG0AyDtBtAtG0FtA0E0EyE0Azz0F0AyB0F0F2QtN0A0LzuyE%26cr%3D2053810049%26a%3Dwbf_ir_17_07%26os_ver%3D6.2%26os%3DWindows%2B8&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyCtC0C0ByC0D0A0A0ByEzytN0D0Tzu0StCzzyByCtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyE0DyByCyD0B0CtBtGyDyE0E0CtGtDyE0AzytGtBtA0FyBtGtDzz0FyEtDtDtCyDtA0E0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyCyDtBtAtB0DyCtGzy0AzzyBtGyEtD0F0AtG0AyDtBtAtG0FtA0E0EyE0Azz0F0AyB0F0F2QtN0A0LzuyE%26cr%3D2053810049%26a%3Dwbf_ir_17_07%26os_ver%3D6.2%26os%3DWindows%2B8&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyCtC0C0ByC0D0A0A0ByEzytN0D0Tzu0StCzzyByCtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyE0DyByCyD0B0CtBtGyDyE0E0CtGtDyE0AzytGtBtA0FyBtGtDzz0FyEtDtDtCyDtA0E0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyCyDtBtAtB0DyCtGzy0AzzyBtGyEtD0F0AtG0AyDtBtAtG0FtA0E0EyE0Azz0F0AyB0F0F2QtN0A0LzuyE%26cr%3D2053810049%26a%3Dwbf_ir_17_07%26os_ver%3D6.2%26os%3DWindows%2B8&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1747033925-522415250-2453238247-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyCtC0C0ByC0D0A0A0ByEzytN0D0Tzu0StCzzyByCtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyE0DyByCyD0B0CtBtGyDyE0E0CtGtDyE0AzytGtBtA0FyBtGtDzz0FyEtDtDtCyDtA0E0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyCyDtBtAtB0DyCtGzy0AzzyBtGyEtD0F0AtG0AyDtBtAtG0FtA0E0EyE0Azz0F0AyB0F0F2QtN0A0LzuyE%26cr%3D2053810049%26a%3Dwbf_ir_17_07%26os_ver%3D6.2%26os%3DWindows%2B8&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1747033925-522415250-2453238247-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyDtD0EyCtC0C0ByC0D0A0A0ByEzytN0D0Tzu0StCzzyByCtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyE0DyByCyD0B0CtBtGyDyE0E0CtGtDyE0AzytGtBtA0FyBtGtDzz0FyEtDtDtCyDtA0E0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyCyDtBtAtB0DyCtGzy0AzzyBtGyEtD0F0AtG0AyDtBtAtG0FtA0E0EyE0Azz0F0AyB0F0F2QtN0A0LzuyE%26cr%3D2053810049%26a%3Dwbf_ir_17_07%26os_ver%3D6.2%26os%3DWindows%2B8&p={searchTerms}
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
RemoveDirectory: C:\ProgramData\{9CA159C2-16E3-D304-9025-4D460A67C688}
EmptyTemp:

Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW).
.

Autor postu otrzymał pochwałę
ordynat
~user
 
Posty: 4765
Dołączenie: 02 Kwi 2010, 11:18
Pochwały: 866



Wolno chodzi laptop

Postprzez cinek_1111 23 Lip 2017, 18:00

Wielkie dzięki
Intel Core i5 6500, Mushkin Silverline DDR4 16GB, Radeon RX 470 4GB, Seagate ST1000DM003 1 TB,Segate baracude 500GB, Lg L227WT 22''
Awatar użytkownika
cinek_1111
~user
 
Posty: 1385
Dołączenie: 10 Wrz 2006, 19:51
Pochwały: 56




Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 9 gości