Pc długo się włącza, zawiesza się przy zapisywaniu plików

**Posty:** 5 · przez **ProGamerX333** 05 Sty 2016, 22:22

Witam,
mam problem taki jak w temacie. Komputer włącza się 5-10 minut i nie zawsze mu się to udaje. Szczerze, to potrzebowałem 2.5 godziny (nie licząc trwania skanów) żeby móc napisać temat. Skan z GMERa robiłem aż 3 razy, za pierwszym zawiesił się system, za drugim zawiesił się podczas zapisywania pliku, a dopiero za trzecim skopiowałem log do notatnika. Dodatkowo w przeglądarce przenosi mnie na rosyjską wyszukiwarkę (nie przy starcie, podczas wyszukiwania w google), rozszerzeń żadnych nie mam, a ADWCleaner nie chce się tego pozbyć.

Daję logi z GMERa, OTL i FRST.

Kod: Zaznacz wszystko: GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-01-05 21:00:08 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EZEX-00KUWA0 rev.15.01H15 931,51GB Running: ost1nsiv.exe; Driver: C:\Users\w7\AppData\Local\Temp\uglcqaoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075801401 2 bytes JMP 7598b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe[1864] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075801419 2 bytes JMP 7598b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075801431 2 bytes JMP 75a08f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007580144a 2 bytes CALL 75964885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe[1864] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758014dd 2 bytes JMP 75a08832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758014f5 2 bytes JMP 75a08a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe[1864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007580150d 2 bytes JMP 75a08728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075801525 2 bytes JMP 75a08af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007580153d 2 bytes JMP 7597fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe[1864] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075801555 2 bytes JMP 759868df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007580156d 2 bytes JMP 75a08ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075801585 2 bytes JMP 75a08b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe[1864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007580159d 2 bytes JMP 75a086ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758015b5 2 bytes JMP 7597fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758015cd 2 bytes JMP 7598b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758016b2 2 bytes JMP 75a08eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758016bd 2 bytes JMP 75a08681 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075801401 2 bytes JMP 7598b20b C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2004] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075801419 2 bytes JMP 7598b336 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075801431 2 bytes JMP 75a08f39 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007580144a 2 bytes CALL 75964885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\system32\hasplms.exe[2004] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758014dd 2 bytes JMP 75a08832 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758014f5 2 bytes JMP 75a08a08 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007580150d 2 bytes JMP 75a08728 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075801525 2 bytes JMP 75a08af2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007580153d 2 bytes JMP 7597fc98 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2004] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075801555 2 bytes JMP 759868df C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007580156d 2 bytes JMP 75a08ff1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075801585 2 bytes JMP 75a08b52 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007580159d 2 bytes JMP 75a086ec C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758015b5 2 bytes JMP 7597fd31 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758015cd 2 bytes JMP 7598b2cc C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758016b2 2 bytes JMP 75a08eb4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\hasplms.exe[2004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758016bd 2 bytes JMP 75a08681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[412] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075801401 2 bytes JMP 7598b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[412] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075801419 2 bytes JMP 7598b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075801431 2 bytes JMP 75a08f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007580144a 2 bytes CALL 75964885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[412] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758014dd 2 bytes JMP 75a08832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[412] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758014f5 2 bytes JMP 75a08a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[412] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007580150d 2 bytes JMP 75a08728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[412] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075801525 2 bytes JMP 75a08af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[412] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007580153d 2 bytes JMP 7597fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[412] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075801555 2 bytes JMP 759868df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[412] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007580156d 2 bytes JMP 75a08ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[412] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075801585 2 bytes JMP 75a08b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[412] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007580159d 2 bytes JMP 75a086ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[412] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758015b5 2 bytes JMP 7597fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[412] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758015cd 2 bytes JMP 7598b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[412] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758016b2 2 bytes JMP 75a08eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[412] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758016bd 2 bytes JMP 75a08681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075801401 2 bytes JMP 7598b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2512] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075801419 2 bytes JMP 7598b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075801431 2 bytes JMP 75a08f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007580144a 2 bytes CALL 75964885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2512] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758014dd 2 bytes JMP 75a08832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758014f5 2 bytes JMP 75a08a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007580150d 2 bytes JMP 75a08728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075801525 2 bytes JMP 75a08af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007580153d 2 bytes JMP 7597fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2512] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075801555 2 bytes JMP 759868df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007580156d 2 bytes JMP 75a08ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075801585 2 bytes JMP 75a08b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007580159d 2 bytes JMP 75a086ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758015b5 2 bytes JMP 7597fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758015cd 2 bytes JMP 7598b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758016b2 2 bytes JMP 75a08eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758016bd 2 bytes JMP 75a08681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3800] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076972ab1 5 bytes JMP 000000010039f182 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075801401 2 bytes JMP 7598b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3800] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075801419 2 bytes JMP 7598b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075801431 2 bytes JMP 75a08f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007580144a 2 bytes CALL 75964885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3800] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758014dd 2 bytes JMP 75a08832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758014f5 2 bytes JMP 75a08a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3800] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007580150d 2 bytes JMP 75a08728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075801525 2 bytes JMP 75a08af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007580153d 2 bytes JMP 7597fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3800] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075801555 2 bytes JMP 759868df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007580156d 2 bytes JMP 75a08ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075801585 2 bytes JMP 75a08b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3800] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007580159d 2 bytes JMP 75a086ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758015b5 2 bytes JMP 7597fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758015cd 2 bytes JMP 7598b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758016b2 2 bytes JMP 75a08eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3800] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758016bd 2 bytes JMP 75a08681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075801401 2 bytes JMP 7598b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3864] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075801419 2 bytes JMP 7598b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075801431 2 bytes JMP 75a08f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007580144a 2 bytes CALL 75964885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3864] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758014dd 2 bytes JMP 75a08832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758014f5 2 bytes JMP 75a08a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007580150d 2 bytes JMP 75a08728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075801525 2 bytes JMP 75a08af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007580153d 2 bytes JMP 7597fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3864] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075801555 2 bytes JMP 759868df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007580156d 2 bytes JMP 75a08ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075801585 2 bytes JMP 75a08b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007580159d 2 bytes JMP 75a086ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758015b5 2 bytes JMP 7597fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758015cd 2 bytes JMP 7598b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758016b2 2 bytes JMP 75a08eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758016bd 2 bytes JMP 75a08681 C:\Windows\syswow64\kernel32.dll .text C:\Users\w7\AppData\Local\FluxSoftware\Flux\flux.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075801401 2 bytes JMP 7598b20b C:\Windows\syswow64\kernel32.dll .text C:\Users\w7\AppData\Local\FluxSoftware\Flux\flux.exe[4204] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075801419 2 bytes JMP 7598b336 C:\Windows\syswow64\kernel32.dll .text C:\Users\w7\AppData\Local\FluxSoftware\Flux\flux.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075801431 2 bytes JMP 75a08f39 C:\Windows\syswow64\kernel32.dll .text C:\Users\w7\AppData\Local\FluxSoftware\Flux\flux.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007580144a 2 bytes CALL 75964885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\w7\AppData\Local\FluxSoftware\Flux\flux.exe[4204] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758014dd 2 bytes JMP 75a08832 C:\Windows\syswow64\kernel32.dll .text C:\Users\w7\AppData\Local\FluxSoftware\Flux\flux.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758014f5 2 bytes JMP 75a08a08 C:\Windows\syswow64\kernel32.dll .text C:\Users\w7\AppData\Local\FluxSoftware\Flux\flux.exe[4204] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007580150d 2 bytes JMP 75a08728 C:\Windows\syswow64\kernel32.dll .text C:\Users\w7\AppData\Local\FluxSoftware\Flux\flux.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075801525 2 bytes JMP 75a08af2 C:\Windows\syswow64\kernel32.dll .text C:\Users\w7\AppData\Local\FluxSoftware\Flux\flux.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007580153d 2 bytes JMP 7597fc98 C:\Windows\syswow64\kernel32.dll .text C:\Users\w7\AppData\Local\FluxSoftware\Flux\flux.exe[4204] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075801555 2 bytes JMP 759868df C:\Windows\syswow64\kernel32.dll .text C:\Users\w7\AppData\Local\FluxSoftware\Flux\flux.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007580156d 2 bytes JMP 75a08ff1 C:\Windows\syswow64\kernel32.dll .text C:\Users\w7\AppData\Local\FluxSoftware\Flux\flux.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075801585 2 bytes JMP 75a08b52 C:\Windows\syswow64\kernel32.dll .text C:\Users\w7\AppData\Local\FluxSoftware\Flux\flux.exe[4204] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007580159d 2 bytes JMP 75a086ec C:\Windows\syswow64\kernel32.dll .text C:\Users\w7\AppData\Local\FluxSoftware\Flux\flux.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758015b5 2 bytes JMP 7597fd31 C:\Windows\syswow64\kernel32.dll .text C:\Users\w7\AppData\Local\FluxSoftware\Flux\flux.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758015cd 2 bytes JMP 7598b2cc C:\Windows\syswow64\kernel32.dll .text C:\Users\w7\AppData\Local\FluxSoftware\Flux\flux.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758016b2 2 bytes JMP 75a08eb4 C:\Windows\syswow64\kernel32.dll .text C:\Users\w7\AppData\Local\FluxSoftware\Flux\flux.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758016bd 2 bytes JMP 75a08681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075801401 2 bytes JMP 7598b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4480] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075801419 2 bytes JMP 7598b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075801431 2 bytes JMP 75a08f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007580144a 2 bytes CALL 75964885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4480] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758014dd 2 bytes JMP 75a08832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758014f5 2 bytes JMP 75a08a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4480] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007580150d 2 bytes JMP 75a08728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075801525 2 bytes JMP 75a08af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007580153d 2 bytes JMP 7597fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4480] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075801555 2 bytes JMP 759868df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007580156d 2 bytes JMP 75a08ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075801585 2 bytes JMP 75a08b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4480] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007580159d 2 bytes JMP 75a086ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758015b5 2 bytes JMP 7597fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758015cd 2 bytes JMP 7598b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758016b2 2 bytes JMP 75a08eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758016bd 2 bytes JMP 75a08681 C:\Windows\syswow64\kernel32.dll .text G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5000] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17 0000000075801401 2 bytes JMP 7598b20b C:\Windows\syswow64\kernel32.dll .text G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5000] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17 0000000075801419 2 bytes JMP 7598b336 C:\Windows\syswow64\kernel32.dll .text G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5000] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17 0000000075801431 2 bytes JMP 75a08f39 C:\Windows\syswow64\kernel32.dll .text G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5000] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42 000000007580144a 2 bytes CALL 75964885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5000] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17 00000000758014dd 2 bytes JMP 75a08832 C:\Windows\syswow64\kernel32.dll .text G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5000] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17 00000000758014f5 2 bytes JMP 75a08a08 C:\Windows\syswow64\kernel32.dll .text G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5000] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17 000000007580150d 2 bytes JMP 75a08728 C:\Windows\syswow64\kernel32.dll .text G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5000] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17 0000000075801525 2 bytes JMP 75a08af2 C:\Windows\syswow64\kernel32.dll .text G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5000] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17 000000007580153d 2 bytes JMP 7597fc98 C:\Windows\syswow64\kernel32.dll .text G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5000] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17 0000000075801555 2 bytes JMP 759868df C:\Windows\syswow64\kernel32.dll .text G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5000] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17 000000007580156d 2 bytes JMP 75a08ff1 C:\Windows\syswow64\kernel32.dll .text G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5000] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17 0000000075801585 2 bytes JMP 75a08b52 C:\Windows\syswow64\kernel32.dll .text G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5000] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17 000000007580159d 2 bytes JMP 75a086ec C:\Windows\syswow64\kernel32.dll .text G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5000] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17 00000000758015b5 2 bytes JMP 7597fd31 C:\Windows\syswow64\kernel32.dll .text G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5000] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17 00000000758015cd 2 bytes JMP 7598b2cc C:\Windows\syswow64\kernel32.dll .text G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5000] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20 00000000758016b2 2 bytes JMP 75a08eb4 C:\Windows\syswow64\kernel32.dll .text G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5000] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31 00000000758016bd 2 bytes JMP 75a08681 C:\Windows\syswow64\kernel32.dll ---- Processes - GMER 2.1 ---- Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2332](2 000000006a1c0000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2332] 000000006fbc0000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2332](2015-11-16 16:31:10) 000000006e940000 Library C:\ProgramData\PLAY ONLINE\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe [2332](2015-11-16 16:31:11) 000000006ff00000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015833d0a57 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015833d0a57@98d6f79fb403 0x1F 0xAB 0xF6 0x29 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015833d0a57 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015833d0a57@98d6f79fb403 0x1F 0xAB 0xF6 0x29 ... ---- EOF - GMER 2.1 ----

Kod: Zaznacz wszystko: OTL logfile created on: 2016-01-05 21:00:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\w7\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.18015) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 59,66% Memory free 8,00 Gb Paging File | 6,37 Gb Available in Paging File | 79,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 341,70 Gb Total Space | 210,95 Gb Free Space | 61,74% Space Free | Partition Type: NTFS Drive D: | 15,93 Gb Total Space | 15,16 Gb Free Space | 95,18% Space Free | Partition Type: NTFS Drive E: | 19,53 Gb Total Space | 8,64 Gb Free Space | 44,22% Space Free | Partition Type: NTFS Drive F: | 39,06 Gb Total Space | 20,68 Gb Free Space | 52,93% Space Free | Partition Type: NTFS Drive G: | 589,71 Gb Total Space | 294,34 Gb Free Space | 49,91% Space Free | Partition Type: NTFS Drive H: | 280,94 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: W7-KOMPUTER | User Name: w7 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - File not found -- PRC - [2015-10-28 18:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2015-10-12 09:28:44 | 001,433,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe PRC - [2015-10-12 09:28:42 | 001,773,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe PRC - [2015-09-11 16:34:16 | 018,484,496 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer.exe PRC - [2015-09-11 16:34:16 | 005,702,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe PRC - [2015-09-11 16:22:54 | 000,230,672 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\tv_w32.exe PRC - [2015-08-07 01:04:38 | 000,410,744 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2015-06-24 12:37:29 | 002,754,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe PRC - [2015-06-24 12:37:26 | 001,868,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe PRC - [2015-04-14 08:36:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe PRC - [2015-01-20 13:16:30 | 003,977,576 | ---- | M] (LogMeIn Inc.) -- G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2013-12-03 07:09:26 | 000,240,720 | ---- | M] () -- C:\ProgramData\MobileBrServ\mbbService.exe PRC - [2013-10-26 10:45:14 | 000,651,856 | ---- | M] () -- C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe PRC - [2013-10-23 23:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Users\w7\AppData\Local\FluxSoftware\Flux\flux.exe PRC - [2013-09-04 18:21:42 | 002,112,000 | ---- | M] () -- C:\Program Files (x86)\screenSHU\screenSHU.exe PRC - [2010-09-17 10:15:56 | 003,727,360 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2015-12-05 10:21:48 | 000,933,056 | R--- | M] () -- C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll MOD - [2015-06-24 12:37:29 | 000,011,920 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll MOD - [2013-09-04 18:21:42 | 002,112,000 | ---- | M] () -- C:\Program Files (x86)\screenSHU\screenSHU.exe MOD - [2011-06-08 08:32:26 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\screenSHU\mingwm10.dll MOD - [2011-06-08 08:32:24 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\screenSHU\libgcc_s_dw2-1.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2015-08-15 07:04:47 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2015-07-23 01:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack) SRV:[b]64bit:[/b] - [2015-06-24 12:37:26 | 001,152,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService) SRV:[b]64bit:[/b] - [2015-06-24 12:37:25 | 023,007,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc) SRV:[b]64bit:[/b] - [2013-05-27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2013-04-30 04:52:38 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2009-12-16 15:44:44 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV - [2016-01-04 17:13:07 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2015-12-14 21:01:12 | 000,836,176 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2015-11-13 20:24:46 | 002,099,720 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service) SRV - [2015-10-28 18:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2015-10-12 09:28:44 | 001,433,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc) SRV - [2015-10-12 09:28:42 | 001,773,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc) SRV - [2015-09-11 16:34:16 | 005,702,416 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer) SRV - [2015-08-07 01:04:38 | 000,410,744 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2015-07-09 12:14:04 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2015-06-24 12:37:26 | 001,868,432 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService) SRV - [2015-04-14 08:36:30 | 001,080,120 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2015-04-14 08:36:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2015-01-20 13:16:28 | 002,485,608 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2014-06-27 20:43:42 | 000,010,240 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Mobilo\Limit na komputer\ChildGuardianService.exe -- (Child Guardian Service) SRV - [2014-04-11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2014-03-20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2013-12-03 07:09:26 | 000,240,720 | ---- | M] () [Auto | Running] -- C:\ProgramData\MobileBrServ\mbbService.exe -- (Huawei E3272) SRV - [2013-10-28 03:02:26 | 000,351,824 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2013-10-26 10:45:14 | 000,651,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe -- (PLAY ONLINE. RunOuc) SRV - [2010-09-17 10:15:56 | 003,727,360 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe -- (FirebirdServerDefaultInstance) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2015-08-11 00:08:34 | 000,213,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:[b]64bit:[/b] - [2015-06-24 12:37:25 | 000,019,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms) DRV:[b]64bit:[/b] - [2015-05-19 04:29:01 | 000,046,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible) DRV:[b]64bit:[/b] - [2015-04-17 15:50:00 | 000,030,352 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dtlitescsibus.sys -- (dtlitescsibus) DRV:[b]64bit:[/b] - [2015-04-14 08:37:56 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl) DRV:[b]64bit:[/b] - [2015-04-14 08:37:42 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2014-12-03 18:41:48 | 000,110,368 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) DRV:[b]64bit:[/b] - [2014-06-19 14:57:08 | 000,288,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\XXLHASP.sys -- (XXLHASP) DRV:[b]64bit:[/b] - [2014-05-30 10:42:22 | 000,331,608 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:[b]64bit:[/b] - [2014-05-30 10:42:20 | 000,303,624 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb) DRV:[b]64bit:[/b] - [2014-05-30 10:42:20 | 000,162,264 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:[b]64bit:[/b] - [2014-05-30 10:42:20 | 000,060,488 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp) DRV:[b]64bit:[/b] - [2014-05-30 10:42:18 | 000,091,784 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:[b]64bit:[/b] - [2014-01-10 11:56:32 | 000,058,048 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:[b]64bit:[/b] - [2013-06-29 10:17:56 | 000,246,272 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm) DRV:[b]64bit:[/b] - [2013-04-30 05:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:[b]64bit:[/b] - [2013-04-30 05:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2013-04-30 03:48:14 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2013-03-04 09:32:48 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV:[b]64bit:[/b] - [2013-03-04 09:32:48 | 000,091,648 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:[b]64bit:[/b] - [2013-03-04 09:32:48 | 000,030,720 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV:[b]64bit:[/b] - [2013-02-12 05:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:[b]64bit:[/b] - [2012-12-22 02:46:11 | 000,014,976 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV:[b]64bit:[/b] - [2012-10-25 02:20:28 | 000,769,168 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2012-05-14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010-11-21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2009-08-13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 21:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2007-11-15 19:33:58 | 000,528,256 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkTMini.sys -- (StkTMini) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2001-05-24 11:42:40 | 000,021,504 | R--- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\Windows\SysWow64\WINSOCK.DLL -- (Winsock) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,start page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.multiplayerpiano.com/ IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {248845BF-3FB1-4C33-A2ED-40FDCFC4CAF3} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKU\.DEFAULT\..\SearchScopes\{248845BF-3FB1-4C33-A2ED-40FDCFC4CAF3}: "URL" = https://www.google.com/search?q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.multiplayerpiano.com/ IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {248845BF-3FB1-4C33-A2ED-40FDCFC4CAF3} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKU\S-1-5-18\..\SearchScopes\{248845BF-3FB1-4C33-A2ED-40FDCFC4CAF3}: "URL" = https://www.google.com/search?q={searchTerms} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-553803878-4093496405-1208779523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com IE - HKU\S-1-5-21-553803878-4093496405-1208779523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com IE - HKU\S-1-5-21-553803878-4093496405-1208779523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://public-box.ru/start IE - HKU\S-1-5-21-553803878-4093496405-1208779523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://public-box.ru/start IE - HKU\S-1-5-21-553803878-4093496405-1208779523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://public-box.ru/start IE - HKU\S-1-5-21-553803878-4093496405-1208779523-1000\..\SearchScopes,DefaultScope = {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} IE - HKU\S-1-5-21-553803878-4093496405-1208779523-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKU\S-1-5-21-553803878-4093496405-1208779523-1000\..\SearchScopes\{4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE}: "URL" = http://terra.im/search?sid=101&q={searchTerms} IE - HKU\S-1-5-21-553803878-4093496405-1208779523-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.4.0: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\w7\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) File not found (No name found) -- C:\PROGRAM FILES (X86)\MEDIAPLAYERV1\MEDIAPLAYERV1ALPHA7460\FF File not found (No name found) -- C:\PROGRAM FILES (X86)\MEDIAVIEWERV1\MEDIAVIEWERV1ALPHA1069\FF [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - plugin: Error reading preferences file CHR - Extension: No name found = C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\ CHR - Extension: No name found = C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ CHR - Extension: No name found = C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\ CHR - Extension: No name found = C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl\1.8.3.1_0\ CHR - Extension: No name found = C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk\4.0.2_0\ CHR - Extension: No name found = C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnbgiinmeeapadlkkeiijikonhkdlkdb\1.0.61_0\ CHR - Extension: No name found = C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\ CHR - Extension: No name found = C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\ CHR - Extension: No name found = C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\ CHR - Extension: No name found = C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_1\ CHR - Extension: No name found = C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ O1 HOSTS File: ([2014-12-25 13:39:41 | 000,000,588 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 onhax.net O1 - Hosts: 127.0.0.1 www.onhax.net O1 - Hosts: 127.0.0.1 forum.onhax.net O1 - Hosts: 127.0.0.1 https://forum.onhax.net O1 - Hosts: 127.0.0.1 labs.onhax.net O1 - Hosts: 127.0.0.1 do2dear.net O1 - Hosts: 127.0.0.1 p30world.com O1 - Hosts: 127.0.0.1 brarstuff.com O1 - Hosts: 127.0.0.1 rsload.net O1 - Hosts: 127.0.0.1 bandicam.com O1 - Hosts: 127.0.0.1 ssl.bandisoft.com O1 - Hosts: 127.0.0.1 idm-crack-patch.blogspot.in O1 - Hosts: 127.0.0.1 parth8641.blogspot.com O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [Eyesity] C:\Users\maciej\AppData\Roaming\Eyesity\Eyesity.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-553803878-4093496405-1208779523-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKU\S-1-5-21-553803878-4093496405-1208779523-1000..\Run: [f.lux] C:\Users\w7\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC) O4 - HKU\S-1-5-21-553803878-4093496405-1208779523-1000..\Run: [IVONA ControlCenter] "C:\Program Files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe" -action=run-silent File not found O4 - HKU\S-1-5-21-553803878-4093496405-1208779523-1000..\Run: [IVONA Reader] "C:\Program Files (x86)\IVONA\IVONA Reader\IVONA Reader.exe" -t -nosplash File not found O4 - HKU\S-1-5-21-553803878-4093496405-1208779523-1000..\Run: [screenSHU] C:\Program Files (x86)\screenSHU\screenSHU.exe () O4 - HKU\S-1-5-21-553803878-4093496405-1208779523-1000..\Run: [SetMyHomePage] C:\Users\w7\AppData\Roaming\SetMyHomePage\setmyhomepage.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-553803878-4093496405-1208779523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-553803878-4093496405-1208779523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-553803878-4093496405-1208779523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9:[b]64bit:[/b] - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E134714-EC6F-44FF-9824-D492804C0122}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E134714-EC6F-44FF-9824-D492804C0122}: NameServer = 86.63.64.48,86.63.64.49 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F0CF690-8832-4D09-94B5-D0E0BF4851C3}: NameServer = 89.108.195.21 89.108.202.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BCD6390-4B1D-4385-AECA-DC3CCD27A4E3}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6E9CD0D-744F-4994-95A1-194CA8CA775C}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F97E7E0F-86C4-4A99-8391-95776610762D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F97E7E0F-86C4-4A99-8391-95776610762D}: NameServer = 86.63.64.49,86.63.64.48 O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-09-19 09:24:56 | 000,000,000 | ---D | M] - E:\AUTO -- [ NTFS ] O32 - AutoRun File - [2007-08-17 11:53:38 | 000,000,040 | R--- | M] () - H:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{4fa1ab2e-63f4-11e3-afb1-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4fa1ab2e-63f4-11e3-afb1-806e6f6e6963}\Shell\AutoRun\command - "" = H:\auto.exe O33 - MountPoints2\{5a713cda-e500-11e4-9a03-00b0c400b47f}\Shell - "" = AutoRun O33 - MountPoints2\{5a713cda-e500-11e4-9a03-00b0c400b47f}\Shell\AutoRun\command - "" = J:\autorun.exe O33 - MountPoints2\{95044deb-8a31-11e5-8019-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{95044deb-8a31-11e5-8019-806e6f6e6963}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{9594796e-7bb3-11e5-8158-10feed0533b4}\Shell - "" = AutoRun O33 - MountPoints2\{9594796e-7bb3-11e5-8158-10feed0533b4}\Shell\AutoRun\command - "" = K:\setup.exe O33 - MountPoints2\{9bac857f-951b-11e5-a712-10feed0533b4}\Shell - "" = AutoRun O33 - MountPoints2\{9bac857f-951b-11e5-a712-10feed0533b4}\Shell\AutoRun\command - "" = I:\setup.exe O33 - MountPoints2\{e5bc429a-8c6a-11e5-b81a-5a2c80139263}\Shell - "" = AutoRun O33 - MountPoints2\{e5bc429a-8c6a-11e5-b81a-5a2c80139263}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\autorun.exe O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2016-01-05 20:39:29 | 000,000,000 | ---D | C] -- C:\Users\w7\Desktop\FRST-OlderVersion [2016-01-05 20:39:28 | 002,370,560 | ---- | C] (Farbar) -- C:\Users\w7\Desktop\FRST64.exe [2016-01-05 20:36:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\w7\Desktop\OTL.exe [2016-01-05 20:06:43 | 000,000,000 | ---D | C] -- C:\FRST [2015-12-29 11:54:52 | 000,000,000 | ---D | C] -- C:\Users\w7\AppData\Local\TeamViewer [2015-12-28 19:07:00 | 000,000,000 | ---D | C] -- C:\Windows\pss [2015-12-28 18:35:23 | 000,000,000 | ---D | C] -- C:\Users\w7\AppData\Local\assembly [2015-12-28 18:35:22 | 000,000,000 | ---D | C] -- C:\Users\w7\AppData\Roaming\OBS [2015-12-28 18:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\OBS [2015-12-28 18:35:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OBS [2015-12-23 23:04:56 | 000,000,000 | ---D | C] -- C:\Users\w7\Desktop\Macros [2015-12-23 16:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2015-12-23 16:49:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2015-09-02 16:47:11 | 005,224,982 | ---- | C] (Bycatch) -- C:\Program Files\Common Files\0e2q5isl.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2016-01-05 20:50:49 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\736F47384C_1002.job [2016-01-05 20:50:44 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\3435377667_1024.job [2016-01-05 20:50:23 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2016-01-05 20:50:21 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\5L0Rqcgw2sWwMdWCE2oap.job [2016-01-05 20:50:21 | 000,000,986 | ---- | M] () -- C:\Windows\tasks\FM1B8LdT4Vf4Q.job [2016-01-05 20:49:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2016-01-05 20:49:50 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2016-01-05 20:39:29 | 002,370,560 | ---- | M] (Farbar) -- C:\Users\w7\Desktop\FRST64.exe [2016-01-05 20:36:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\w7\Desktop\OTL.exe [2016-01-05 20:25:13 | 000,024,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2016-01-05 20:25:13 | 000,024,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2016-01-05 20:13:04 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2016-01-05 20:09:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2016-01-05 19:59:24 | 000,136,408 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2016-01-05 19:45:43 | 398,522,343 | ---- | M] () -- C:\Windows\MEMORY.DMP [2016-01-04 17:13:07 | 000,796,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2016-01-04 17:13:07 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2015-12-23 16:49:42 | 000,002,699 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2015-10-17 12:17:35 | 001,196,845 | ---- | C] () -- C:\Windows\unins000.exe [2015-10-17 11:43:00 | 000,014,138 | ---- | C] () -- C:\Windows\unins000.dat [2015-10-16 13:36:29 | 000,000,090 | ---- | C] () -- C:\Users\w7\AppData\Local\fusioncache.dat [2015-09-02 15:27:35 | 000,000,187 | ---- | C] () -- C:\Users\w7\AppData\Local\Techitrax.exe.config [2015-08-11 00:08:32 | 037,757,584 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll [2015-04-19 13:20:16 | 000,005,872 | ---- | C] () -- C:\Users\w7\AppData\Roaming\FM1B8LdT4Vf4Q [2015-04-19 13:20:16 | 000,005,872 | ---- | C] () -- C:\Users\w7\AppData\Roaming\5L0Rqcgw2sWwMdWCE2oap [2015-04-17 15:46:45 | 000,000,083 | ---- | C] () -- C:\Windows\WWP.INI [2015-01-18 17:26:43 | 006,169,003 | ---- | C] () -- C:\Windows\SysWow64\Command.EXE [2015-01-12 18:37:25 | 000,002,484 | ---- | C] () -- C:\Users\w7\AppData\Local\recently-used.xbel [2014-10-22 16:07:07 | 000,000,475 | ---- | C] () -- C:\Users\w7\test.bat [2014-09-01 17:42:10 | 000,000,297 | ---- | C] () -- C:\Users\w7\Włącz minecraft..bat [2014-06-17 19:29:57 | 004,677,632 | R--- | C] () -- C:\Windows\SysWow64\ri.dll [2014-06-17 19:29:57 | 000,147,456 | R--- | C] () -- C:\Windows\SysWow64\vc4_jpeg.dll [2014-06-17 19:29:57 | 000,090,112 | R--- | C] () -- C:\Windows\SysWow64\sdr.dll [2014-06-17 19:29:57 | 000,040,720 | R--- | C] () -- C:\Windows\SysWow64\oledb32r.dll [2014-06-17 19:29:57 | 000,005,392 | R--- | C] () -- C:\Windows\SysWow64\oledb32x.dll [2014-06-17 19:29:56 | 000,315,904 | R--- | C] () -- C:\Windows\SysWow64\glu.dll [2014-06-17 19:29:56 | 000,230,912 | R--- | C] () -- C:\Windows\SysWow64\Zipit.dll [2014-06-17 19:29:56 | 000,172,032 | R--- | C] () -- C:\Windows\SysWow64\glut32.dll [2014-06-17 19:29:56 | 000,099,840 | R--- | C] ( ) -- C:\Windows\SysWow64\Zipdll.dll [2014-06-17 19:29:56 | 000,098,304 | R--- | C] () -- C:\Windows\SysWow64\VC4_TIFF.dll [2014-06-17 19:29:56 | 000,094,208 | R--- | C] ( ) -- C:\Windows\SysWow64\Unzdll.dll [2014-06-17 19:29:56 | 000,033,280 | R--- | C] () -- C:\Windows\SysWow64\SP32W.DLL [2014-06-17 19:29:56 | 000,008,192 | R--- | C] () -- C:\Windows\SysWow64\bcbmm.dll [2014-06-17 19:29:55 | 000,084,992 | R--- | C] () -- C:\Windows\SysWow64\HASPVB32.DLL [2014-06-17 19:08:47 | 000,628,224 | R--- | C] () -- C:\Windows\SysWow64\boost_wserialization-bcb-mt-1_35.dll [2014-06-17 19:08:47 | 000,620,544 | R--- | C] () -- C:\Windows\SysWow64\stlpmt45.dll [2014-06-17 19:08:47 | 000,618,496 | R--- | C] () -- C:\Windows\SysWow64\stlp45.dll [2014-06-17 19:08:46 | 001,269,248 | R--- | C] () -- C:\Windows\SysWow64\boost_regex-bcb-mt-1_35.dll [2014-06-17 19:08:46 | 001,256,448 | R--- | C] () -- C:\Windows\SysWow64\boost_regex-bcb-1_35.dll [2014-06-17 19:08:46 | 000,896,512 | R--- | C] () -- C:\Windows\SysWow64\boost_program_options-bcb-mt-1_35.dll [2014-06-17 19:08:46 | 000,894,976 | R--- | C] () -- C:\Windows\SysWow64\boost_program_options-bcb-1_35.dll [2014-06-17 19:08:46 | 000,763,904 | R--- | C] () -- C:\Windows\SysWow64\boost_serialization-bcb-mt-1_35.dll [2014-06-17 19:08:46 | 000,761,344 | R--- | C] () -- C:\Windows\SysWow64\boost_serialization-bcb-1_35.dll [2014-06-17 19:08:46 | 000,698,880 | R--- | C] () -- C:\Windows\SysWow64\boost_unit_test_framework-bcb-mt-1_35.dll [2014-06-17 19:08:46 | 000,694,784 | R--- | C] () -- C:\Windows\SysWow64\boost_unit_test_framework-bcb-1_35.dll [2014-06-17 19:08:46 | 000,625,152 | R--- | C] () -- C:\Windows\SysWow64\boost_wserialization-bcb-1_35.dll [2014-06-17 19:08:46 | 000,197,120 | R--- | C] () -- C:\Windows\SysWow64\boost_filesystem-bcb-mt-1_35.dll [2014-06-17 19:08:46 | 000,196,096 | R--- | C] () -- C:\Windows\SysWow64\boost_filesystem-bcb-1_35.dll [2014-06-17 19:08:46 | 000,174,592 | R--- | C] () -- C:\Windows\SysWow64\boost_thread-bcb-mt-1_35.dll [2014-06-17 19:08:46 | 000,099,840 | R--- | C] () -- C:\Windows\SysWow64\boost_signals-bcb-mt-1_35.dll [2014-06-17 19:08:46 | 000,099,840 | R--- | C] () -- C:\Windows\SysWow64\boost_signals-bcb-1_35.dll [2014-06-17 19:08:46 | 000,097,792 | R--- | C] () -- C:\Windows\SysWow64\boost_iostreams-bcb-mt-1_35.dll [2014-06-17 19:08:46 | 000,097,792 | R--- | C] () -- C:\Windows\SysWow64\boost_iostreams-bcb-1_35.dll [2014-06-17 19:08:46 | 000,074,240 | R--- | C] () -- C:\Windows\SysWow64\boost_prg_exec_monitor-bcb-mt-1_35.dll [2014-06-17 19:08:46 | 000,073,728 | R--- | C] () -- C:\Windows\SysWow64\boost_prg_exec_monitor-bcb-1_35.dll [2014-06-17 19:08:46 | 000,068,096 | R--- | C] () -- C:\Windows\SysWow64\boost_date_time-bcb-mt-1_35.dll [2014-06-17 19:08:46 | 000,067,584 | R--- | C] () -- C:\Windows\SysWow64\boost_date_time-bcb-1_35.dll [2014-06-17 19:08:46 | 000,025,088 | R--- | C] () -- C:\Windows\SysWow64\boost_system-bcb-mt-1_35.dll [2014-06-17 19:08:46 | 000,025,088 | R--- | C] () -- C:\Windows\SysWow64\boost_system-bcb-1_35.dll [2014-06-15 14:16:40 | 000,000,037 | ---- | C] () -- C:\Windows\Grappler.ini [2014-04-13 09:25:34 | 000,001,242 | RHS- | C] () -- C:\Users\w7\ntuser.pol [2014-04-10 18:12:24 | 000,000,000 | ---- | C] () -- C:\Windows\Infob.dat [2014-04-10 18:12:24 | 000,000,000 | ---- | C] () -- C:\Windows\Infoa.dat [2014-04-07 14:00:54 | 000,002,277 | ---- | C] () -- C:\Users\w7\AppData\Roaming\ASSDraw3.cfg [2014-02-26 03:04:20 | 001,673,332 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014-02-18 19:42:07 | 000,000,266 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013-12-17 02:49:56 | 000,007,602 | ---- | C] () -- C:\Users\w7\AppData\Local\Resmon.ResmonCfg [color=#E56717]========== ZeroAccess Check ==========[/color] [2014-02-22 12:09:12 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World1\l [2014-02-22 12:07:23 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World1\n [2014-12-16 20:58:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\0\l [2014-12-16 20:58:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\0\n [2014-12-16 20:58:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1\l [2014-12-16 20:58:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1\n [2014-12-16 20:58:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1b\l [2014-12-16 20:58:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1c\l [2014-12-16 20:58:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1d\l [2014-12-16 20:58:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1d\n [2014-12-16 20:58:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1e\l [2014-12-16 20:58:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1e\n [2014-12-16 20:58:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1f\l [2014-12-16 20:58:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1f\n [2014-12-16 20:58:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1g\l [2014-12-16 20:58:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1g\n [2014-12-16 20:58:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1h\l [2014-12-16 20:58:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1h\n [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1i\l [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1i\n [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1j\l [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1j\n [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1k\l [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1k\n [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1l\l [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1l\n [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1m\l [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1m\n [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1n\l [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1n\n [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1o\l [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1o\n [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1p\l [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1p\n [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1q\l [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1q\n [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1r\l [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\1r\n [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\2\l [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\2\n [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\3\l [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\3\n [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\4\l [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\4\n [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\5\l [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\5\n [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\6\l [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\6\n [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\7\l [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\7\n [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\8\l [2014-12-16 20:58:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\8\n [2014-12-16 20:58:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\9\l [2014-12-16 20:58:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\9\n [2014-12-16 20:58:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\a\l [2014-12-16 20:58:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\a\n [2014-12-16 20:58:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\b\l [2014-12-16 20:58:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\b\n [2014-12-16 20:58:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\c\l [2014-12-16 20:58:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\c\n [2014-12-16 20:58:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\d\l [2014-12-16 20:58:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\d\n [2014-12-16 20:58:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\e\l [2014-12-16 20:58:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\e\n [2014-12-16 20:58:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\f\l [2014-12-16 20:58:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\f\n [2014-12-16 20:58:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\g\l [2014-12-16 20:58:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-553803878-4093496405-1208779523-1000\$RDSF579.minecraft\saves\World2\g\n [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2015-07-10 18:51:25 | 014,177,280 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015-07-10 18:34:07 | 012,875,776 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2015-10-29 14:57:01 | 000,000,000 | ---D | M] -- C:\Users\maciej\AppData\Roaming\.minecraft [2015-10-16 20:03:45 | 000,000,000 | ---D | M] -- C:\Users\maciej\AppData\Roaming\.minecraftzyczu [2014-06-29 10:57:56 | 000,000,000 | ---D | M] -- C:\Users\maciej\AppData\Roaming\.technic [2014-04-18 12:29:07 | 000,000,000 | ---D | M] -- C:\Users\maciej\AppData\Roaming\.zyczujdk7 [2015-04-22 17:21:27 | 000,000,000 | ---D | M] -- C:\Users\maciej\AppData\Roaming\DAEMON Tools Lite [2015-04-16 19:17:37 | 000,000,000 | ---D | M] -- C:\Users\maciej\AppData\Roaming\Eyesity [2015-06-27 17:26:12 | 000,000,000 | ---D | M] -- C:\Users\maciej\AppData\Roaming\java [2015-04-22 16:20:58 | 000,000,000 | ---D | M] -- C:\Users\maciej\AppData\Roaming\LolClient [2015-10-21 16:35:21 | 000,000,000 | ---D | M] -- C:\Users\maciej\AppData\Roaming\OpenOffice [2014-08-27 16:23:56 | 000,000,000 | ---D | M] -- C:\Users\maciej\AppData\Roaming\Origin [2014-05-21 20:38:06 | 000,000,000 | ---D | M] -- C:\Users\maciej\AppData\Roaming\Synthesia [2015-07-17 19:31:29 | 000,000,000 | ---D | M] -- C:\Users\maciej\AppData\Roaming\TeamViewer [2014-08-01 15:00:18 | 000,000,000 | ---D | M] -- C:\Users\maciej\AppData\Roaming\TS3Client [2014-05-02 10:37:32 | 000,000,000 | ---D | M] -- C:\Users\maciej\AppData\Roaming\Unity [2015-07-08 21:47:39 | 000,000,000 | ---D | M] -- C:\Users\piorom22\AppData\Roaming\.minecraft [2014-12-23 13:29:33 | 000,000,000 | ---D | M] -- C:\Users\piorom22\AppData\Roaming\.minecraftzyczu [2015-05-07 12:45:28 | 000,000,000 | ---D | M] -- C:\Users\piorom22\AppData\Roaming\.technic [2014-12-25 13:39:10 | 000,000,000 | ---D | M] -- C:\Users\piorom22\AppData\Roaming\BANDISOFT [2015-04-14 11:30:55 | 000,000,000 | ---D | M] -- C:\Users\piorom22\AppData\Roaming\Eyesity [2014-12-02 17:33:27 | 000,000,000 | ---D | M] -- C:\Users\piorom22\AppData\Roaming\Image-Line [2014-06-20 12:09:17 | 000,000,000 | ---D | M] -- C:\Users\piorom22\AppData\Roaming\LolClient [2014-11-26 17:03:53 | 000,000,000 | ---D | M] -- C:\Users\piorom22\AppData\Roaming\OpenOffice [2014-06-01 17:37:55 | 000,000,000 | ---D | M] -- C:\Users\piorom22\AppData\Roaming\Origin [2015-01-06 22:39:07 | 000,000,000 | ---D | M] -- C:\Users\piorom22\AppData\Roaming\TeamViewer [2014-06-15 14:50:08 | 000,000,000 | ---D | M] -- C:\Users\piorom22\AppData\Roaming\Thinstall [2014-11-11 17:39:43 | 000,000,000 | ---D | M] -- C:\Users\piorom22\AppData\Roaming\Unity [2014-06-15 13:12:31 | 000,000,000 | ---D | M] -- C:\Users\piorom22\AppData\Roaming\Windows Live Writer [2015-11-27 04:11:15 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\.minecraft [2014-10-30 17:48:07 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\.minecraftzyczu [2014-02-23 19:24:26 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\.technic [2014-03-08 15:01:51 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\.zyczujdk7 [2016-01-05 20:50:42 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\3435377667_1024 [2016-01-05 20:50:45 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\736F47384C_1002 [2014-05-05 17:23:46 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\Aegisub [2014-04-10 18:27:56 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\avidemux [2014-03-17 21:53:43 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\BANDISOFT [2014-04-10 18:35:30 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\Bigasoft Total Video Converter 4 [2015-10-26 09:04:32 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\DAEMON Tools Lite [2015-04-16 19:08:37 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\Eyesity [2014-05-24 18:00:38 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\FileZilla [2014-05-05 17:18:15 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\fontconfig [2014-04-30 12:43:13 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\Image-Line [2014-04-18 18:44:33 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\IVONA ControlCenter [2014-04-17 10:36:32 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\IVONA Reader [2014-06-28 18:01:40 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\kopiamc [2015-11-13 20:23:36 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\LolClient [2015-07-14 12:26:31 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\MMFApplications [2015-12-29 04:21:40 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\OBS [2015-01-12 17:12:53 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\OpenOffice [2015-09-02 15:22:37 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\Opera Software [2014-02-03 13:01:17 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\Origin [2014-02-17 14:17:57 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\Riot Games [2015-11-27 04:11:34 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\SFBot [2014-10-23 17:19:11 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\Synthesia [2015-10-16 10:46:31 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\SynthMaker [2015-07-05 13:46:08 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\TeamViewer [2014-04-16 18:19:03 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\TechSmith [2015-10-19 20:27:59 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\Thinstall [2015-08-27 18:00:06 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\TS3Client [2014-02-01 19:10:04 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\Unity [2013-12-14 12:58:34 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\Wargaming.net [2015-11-28 10:42:09 | 000,000,000 | ---D | M] -- C:\Users\w7\AppData\Roaming\Waves Audio [color=#E56717]========== Purity Check ==========[/color] < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2016-01-05 21:00:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\w7\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.18015) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 59,66% Memory free 8,00 Gb Paging File | 6,37 Gb Available in Paging File | 79,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 341,70 Gb Total Space | 210,95 Gb Free Space | 61,74% Space Free | Partition Type: NTFS Drive D: | 15,93 Gb Total Space | 15,16 Gb Free Space | 95,18% Space Free | Partition Type: NTFS Drive E: | 19,53 Gb Total Space | 8,64 Gb Free Space | 44,22% Space Free | Partition Type: NTFS Drive F: | 39,06 Gb Total Space | 20,68 Gb Free Space | 52,93% Space Free | Partition Type: NTFS Drive G: | 589,71 Gb Total Space | 294,34 Gb Free Space | 49,91% Space Free | Partition Type: NTFS Drive H: | 280,94 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: W7-KOMPUTER | User Name: w7 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-553803878-4093496405-1208779523-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "G:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "G:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "G:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "G:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "G:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "G:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{064FA2C5-65BC-44AA-81DC-672FC5621DA3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{08F234D5-9E6F-4F3B-8312-EFD275D6E9B8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0FCBCE00-D19B-4800-86B3-135C6859F847}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{1815736C-96E5-4F7B-9CFD-0742EB84A2EC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{1F050B36-1DB0-4884-82F6-DAC1CEDEC9AD}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{1F0E980E-CC6C-483D-BCA9-518FCB3B87AC}" = lport=139 | protocol=6 | dir=in | app=system | "{1F2802E7-7245-488D-8CBA-E690DCC6A996}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{2079D30B-7A49-4630-BC32-4EAAD2A46D8A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{28E48F99-8EB7-41D8-8653-3D3E921E1E4E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{2A01C0C3-88A9-4308-A68A-28167AFA9528}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2DFEED37-3C35-4FE3-AF76-E50124F725BF}" = rport=445 | protocol=6 | dir=out | app=system | "{37208709-776E-4E86-A77D-80FD0A7B0834}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{392A4C35-2A57-4E30-A860-7A036FEA2053}" = lport=2869 | protocol=6 | dir=in | app=system | "{3EF72152-9CDD-443F-B8C1-BB7EF97228C1}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | "{46361826-70B4-44EF-847B-2055BAA79FDB}" = lport=47995 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{471346DD-B075-467C-A762-41128CFE2976}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe | "{4C236EBE-7A2A-4689-A74D-A87D84C3F924}" = lport=138 | protocol=17 | dir=in | app=system | "{5ACD30EE-BDB1-4833-B21D-9479D6763ADB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6121C044-94C7-455D-AC22-10F00AAC86CB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6520C50F-42D5-4227-B63E-6D65601F7A20}" = lport=445 | protocol=6 | dir=in | app=system | "{6F65D8E8-0832-404F-9558-CEE46EAED6A5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7B499C1C-CD46-4276-8CA5-053543C293B5}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | "{7F062AF5-D6C3-467E-8151-444277D1FECC}" = rport=137 | protocol=17 | dir=out | app=system | "{85F085AB-DF31-4E46-82CC-A4F1A51DE16C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B8938C17-1AC4-4766-ADD0-0A45A8D38812}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BC0D4B37-2237-402C-B455-F69CF82A3A79}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BE2BEA5D-F595-4AD2-85D4-3B525A182784}" = rport=10243 | protocol=6 | dir=out | app=system | "{C2BA946F-3881-487F-836D-C767C156058C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C812C8AC-74F4-4537-A144-51E1CE9565E2}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{D069908D-69A7-4BDD-A4B2-97B6C64D7117}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D1868C55-44A7-4BD6-BE8F-41C9D0E47D14}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D5E44D14-4106-49AC-98D7-889C6A669CC0}" = lport=8317 | protocol=6 | dir=in | name=techsmith camtasia studio | "{DE0FC5D2-9110-4CEE-8F65-E5F39B0FE351}" = lport=137 | protocol=17 | dir=in | app=system | "{DE66B814-F505-40D7-9D20-9F4423AE530B}" = rport=139 | protocol=6 | dir=out | app=system | "{E1099F9C-64BA-40C6-9B45-730A46B18928}" = lport=10243 | protocol=6 | dir=in | app=system | "{E803CBB4-2164-44E5-9737-406C615B2065}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe | "{E88E6877-302C-4446-BFED-E35777A9D0CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F393EC34-7AEF-4AB1-886E-2791638FD69A}" = rport=138 | protocol=17 | dir=out | app=system | "{F3E28220-CAED-4885-9BA2-B7566E8540FB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{F4024893-7D16-4A1A-ABF3-A3DC306DA9D7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F9476B67-1800-4EF9-8CB8-3A5E5BBBAF24}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0119C457-8D9B-4568-A642-D1AF79466383}" = protocol=6 | dir=in | app=g:\patryk\steam\steamapps\common\scania truck driving simulator\bin\win_x86\scania_truck_driving_simulator.exe | "{031CBFB3-5950-42E1-835B-43081DC808FD}" = protocol=6 | dir=in | app=g:\patryk\steam\steamapps\common\just cause 2 - multiplayer mod\jcmplauncher.exe | "{03FECC8B-7D0E-4AB2-82DA-640BAC0F27B9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{0ABBAF49-20AD-4AFE-A54D-AF85BE7DB765}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0CECF420-7322-4B17-8ADF-CB1EDBC5E31F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0E53EAF2-34B8-4B35-AFE7-C5D322C1C8FE}" = protocol=17 | dir=in | app=c:\users\piorom22\appdata\local\akamai\netsession_win.exe | "{10715DD0-5918-43FA-A600-36F82002EAB5}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe | "{10D95F16-FBF6-43A8-86D1-A817AB35E38F}" = protocol=6 | dir=in | app=f:\program files\valve\hl.exe | "{1122CA31-8E1E-427B-80A8-435F3132666F}" = protocol=17 | dir=in | app=g:\patryk\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe | "{157377E6-77D9-46C1-BE3A-E62CF0302182}" = dir=in | app=g:\patryk\scania truck driving simulator\bin\win_x86\scania_truck_driving_simulator.exe | "{186FE474-92B9-49FF-9AD4-9BED1F1EAC99}" = protocol=17 | dir=in | app=g:\patryk\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe | "{19CA5773-B3B8-4254-9286-FE2152CF94A7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe | "{1FA81E91-0FB3-4BA4-8959-A10BDFFD9F0A}" = protocol=6 | dir=in | app=g:\patryk\steam\steamapps\common\emily is away\emily is away.exe | "{23CC7D53-D0AD-4E11-B732-04AD711C4AAB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | "{292D8532-86E7-41DE-8A39-DEED3BC734D3}" = dir=in | app=g:\patryk\euro truck simulator\eurotrucks.exe | "{2DF587D0-FD14-46C7-A653-E545008D7D51}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dead space\dead space.exe | "{327E45CE-5D21-4895-BBBB-F26A18229740}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{373ABD18-D1CC-4F48-B2D7-9166A5FFC963}" = protocol=17 | dir=in | app=g:\patryk\nowy folder\combat arms eu\nmservice.exe | "{374CB06F-1B26-40A0-926A-05DBB36030DB}" = protocol=17 | dir=in | app=g:\4death\4death.pl.exe | "{37D2188E-9288-4CC7-B6EA-68A7D38F5C0C}" = protocol=17 | dir=in | app=g:\patryk\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe | "{3C6704DF-54F4-498D-A490-32158A785D76}" = protocol=6 | dir=in | app=g:\patryk\steam\steamapps\common\just cause 2\justcause2.exe | "{41CDC7F5-1C43-4D50-A799-358C8AC06706}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{42AC47DC-7F29-4893-B3C9-D4BFE9BC2893}" = protocol=6 | dir=in | app=g:\4death\4death.pl.exe | "{42FAF6FB-EA3D-4FBC-8625-C42F383C4188}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{446AAB0F-3611-4238-8ED1-7ABDAB3AB58A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{47A0577C-0665-42D4-86B3-BB901278C904}" = protocol=6 | dir=in | app=c:\programdata\jukdesoia\osizavoo.exe | "{480D98A0-BD17-4FB7-B515-B99DD9E970C6}" = protocol=17 | dir=in | app=g:\patryk\steam\steamapps\common\just cause 2\justcause2.exe | "{4ACEAA58-9811-4D2F-89C1-6D8970155379}" = protocol=6 | dir=out | app=system | "{4B4FAF44-400E-44E0-90DA-5D498BFBB3BF}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{4CF330B5-1A20-42E5-BE35-C78A4A346DDF}" = protocol=17 | dir=in | app=g:\patryk\steam\steamapps\common\scania truck driving simulator\bin\win_x86\scania_truck_driving_simulator.exe | "{4F686BCA-7CCC-4ABC-A07F-98534DB8BDA3}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe | "{4F9D8D02-D95E-4D9B-8FA9-F3F2F1E09C1E}" = protocol=17 | dir=in | app=g:\patryk\steam\steam.exe | "{515E12C1-B381-4198-ABED-FF9AA4A40500}" = protocol=17 | dir=in | app=c:\programdata\jukdesoia\osizavoo.exe | "{5190C520-701A-4A2B-BBB5-1F807667BACC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5449DB0C-E00C-4C44-B6E7-36F3DE8CFF2B}" = protocol=17 | dir=in | app=g:\patryk\steam\bin\steamwebhelper.exe | "{54887A9E-C38E-4DF7-80B7-6B2869D17213}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa world\fifaworld.exe | "{577B9534-0579-4F5E-A0FC-54EE38114727}" = protocol=17 | dir=in | app=g:\patryk\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe | "{57BDBEBA-D06C-4141-9E1B-FC4212E00818}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe | "{5C02C14A-710D-4489-824B-DFF07467F006}" = protocol=6 | dir=in | app=f:\team17\worms armageddon\wa.exe | "{5D28F745-C7FA-46EB-A478-1BE6E25D90AD}" = protocol=17 | dir=in | app=g:\patryk\steam\steamapps\common\just cause 2 - multiplayer mod\jcmplauncher.exe | "{5DC5A647-1173-4D28-BD28-4AEB3A7BC37B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dead space\dead space.exe | "{5ED5E9A1-F574-4170-A9AF-7973DEE9294F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{619BA736-DD24-4F4A-8C20-A9F7466EC263}" = protocol=6 | dir=in | app=g:\patryk\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe | "{6665C26A-28ED-40E4-85C2-00A9292BA2C6}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{668062A0-C644-4F40-9F27-5628F20C308C}" = protocol=17 | dir=in | app=f:\team17\worms armageddon\wa.exe | "{67A606D2-D31D-4A92-BE49-12FC88EF1D4B}" = protocol=17 | dir=in | app=c:\programdata\jukdesoia\osizavoo.exe | "{72730372-E37E-48F7-96C1-1BD3DC5FE2C1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7486B26C-5057-421C-9990-0EC0857B6AAB}" = protocol=6 | dir=in | app=g:\patryk\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{7570A5CA-F53F-4DE4-AF0E-0A744A47F5C5}" = protocol=6 | dir=in | app=g:\patryk\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe | "{759B87A1-A76D-4330-8DD8-A23D78E922BC}" = protocol=17 | dir=in | app=g:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe | "{7615E57F-0793-474A-9316-A6D9F0F969A6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{763710FF-CDD5-431C-8D8E-6F85CE04111F}" = protocol=17 | dir=in | app=g:\patryk\steam\steamapps\common\euro truck simulator 2\bin\win_x64\eurotrucks2.exe | "{79E91BA6-BF04-457F-B20F-E660E815F24B}" = protocol=6 | dir=in | app=g:\xenox\xenoxmt2client_11.02.2012r_by_pawemol\xenoxmt2 launcher.exe | "{79EB06C5-F6D5-424F-BC6A-2A30291D5CC8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7A23D161-0E64-4EBB-9412-95F754BC8522}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa world\fifaworld.exe | "{7A2A6624-F658-4E69-8C01-41D6D645919F}" = protocol=6 | dir=in | app=g:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe | "{7B11B2F3-6DB2-47D9-9A51-A64B63AF567C}" = protocol=6 | dir=in | app=g:\patryk\nowy folder\combat arms eu\nmservice.exe | "{7D804243-89E3-4F75-BF19-2EF153E8F045}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\peggle deluxe\peggle.exe | "{81C2DEB5-438E-4AB9-B30F-1D2D0885DFEB}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa world\fifaworld.exe | "{83F1B7F6-A0BC-4A12-B651-C50DB3F80B14}" = protocol=17 | dir=in | app=g:\program files (x86)\winamp\winamp.exe | "{84D1FD41-151A-4AA9-A72A-F9A54198EA4D}" = protocol=6 | dir=in | app=g:\gmmt2\gmmt2\gmmt2.bin | "{8CFE937B-1A1B-47E0-B45E-B5E3E28E35B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8E088D5B-CD56-4C50-94E0-BFBF1CEC261B}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe | "{8FD8FAE0-AD86-4753-8676-A0FDCD9A7997}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{9031498D-C073-4025-B343-1ACD01048BD9}" = protocol=6 | dir=in | app=g:\gry z origina\plants vs. zombies\plantsvszombies.exe | "{91A2A745-8CD1-4DC3-AE04-7148E6D356DF}" = protocol=6 | dir=in | app=g:\ravia.eu\game | "{96F43913-82E3-4380-B0F4-E5BE774701EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9704B8A5-52EC-406D-8DBF-8CF831FA1AAA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{99766139-5340-4BFC-A4E9-9E8510C99AA6}" = protocol=6 | dir=in | app=g:\gry z origina\battlefield 3\bf3.exe | "{9A641876-DF2F-492A-92E3-7A92D743EB34}" = protocol=17 | dir=in | app=g:\ravia.eu\game | "{9ABFAE01-EB98-4C0D-8ACF-500B487DFFA9}" = protocol=17 | dir=in | app=f:\program files\valve\hl.exe | "{A189A2B0-69F5-47CB-BB58-EDEBCA543746}" = protocol=17 | dir=in | app=g:\patryk\steam\steamapps\common\unturned\unturned.exe | "{A4B0BFB6-894B-4AA8-A3AC-AF818FDB4EEF}" = protocol=6 | dir=in | app=g:\patryk\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe | "{A6A2B629-D095-49D2-BA46-E6CFF27A6F80}" = protocol=6 | dir=in | app=g:\program files (x86)\winamp\winamp.exe | "{A6B2F692-877A-4C65-AFD3-565E53BA4A99}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{A8B2B2A3-EC64-4602-8798-3998BF93056A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | "{B0E65ACF-636E-410D-996D-19E34CBE1227}" = protocol=17 | dir=in | app=g:\patryk\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe | "{B497D413-B8E1-4707-A29B-67A1D4AA794D}" = protocol=6 | dir=in | app=g:\patryk\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe | "{B5A8C503-7134-41C0-B97C-AD8E8F1035FB}" = protocol=17 | dir=in | app=g:\patryk\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{BE97BA32-7CB9-4BED-9BB6-21D269AAE394}" = protocol=6 | dir=in | app=g:\patryk\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe | "{C261B644-C735-4CA9-84ED-F65F8B024228}" = protocol=17 | dir=in | app=g:\gry z origina\battlefield 3\bf3.exe | "{C2FAA2CC-395E-441B-9606-79BE1C749880}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | "{C6D875A1-1E72-4046-84A9-77DAC458D06C}" = protocol=17 | dir=in | app=g:\xenox\xenoxmt2client_11.02.2012r_by_pawemol\xenoxmt2 launcher.exe | "{C78C7961-C025-4A50-8744-4B32E9EB230C}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa world\fifaworld.exe | "{C9267C15-3C6B-4D81-8255-B4BA08B2F1A8}" = protocol=17 | dir=in | app=g:\patryk\steam\steamapps\common\scania truck driving simulator\bin\win_x86\scania_truck_driving_simulator.exe | "{CC4FAB65-A4BF-4161-B4B8-D8354856332C}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "{CF833A90-6CB4-4AE1-9D1A-A0E3299C3C87}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | "{D0C445F1-E583-4B7B-8091-A5BA6576F4B4}" = protocol=6 | dir=in | app=g:\patryk\steam\steamapps\common\euro truck simulator 2\bin\win_x64\eurotrucks2.exe | "{D2847B1F-989D-44E8-A25F-AFDEA35BB744}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D38E08EC-7AEF-4E60-8B86-D6C292A0C705}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "{D61C740B-6384-44EC-B7A2-3BFB37156751}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe | "{DC133FA8-EA56-4FA8-88A8-1D5FD7280184}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{DCECB30A-25D2-4F3A-A527-19410F57E8D6}" = protocol=6 | dir=in | app=c:\programdata\jukdesoia\osizavoo.exe | "{E201AE27-A517-4803-B719-2FEC43AAD87A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E2633497-A3E4-4217-B9B9-84D17D7755AF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{E29013DB-1A47-4733-8C77-A62C5E2B43BA}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\peggle deluxe\peggle.exe | "{E67A00C4-FE3C-4218-AC12-0C5B60E98E7C}" = protocol=17 | dir=in | app=g:\gmmt2\gmmt2\gmmt2.bin | "{E9DD641B-1CC4-4EB1-A9F0-24935B3A2B76}" = protocol=17 | dir=in | app=g:\patryk\steam\steamapps\common\emily is away\emily is away.exe | "{EB275636-2EDF-433F-B933-F427DFDE847D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EC79E015-00B4-4A99-BE3B-9C20931C065D}" = protocol=6 | dir=in | app=c:\users\piorom22\appdata\local\akamai\netsession_win.exe | "{ED082787-C2C7-44BA-BCBA-A03BBADB4217}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F136B38C-6C39-4AE5-9FDC-96AA8FDA4E09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F597F880-8409-403B-9228-37FE2F06CA46}" = protocol=6 | dir=in | app=g:\patryk\steam\steamapps\common\scania truck driving simulator\bin\win_x86\scania_truck_driving_simulator.exe | "{F8DBB85B-4C79-4BFA-9D88-BD88B34EA828}" = protocol=6 | dir=in | app=g:\patryk\steam\steam.exe | "{F9879716-F831-4FB7-9FE7-A21425C6F275}" = protocol=6 | dir=in | app=g:\patryk\steam\steamapps\common\unturned\unturned.exe | "{FBC34FE4-14D4-41F8-96DD-5C3D9C23A1EE}" = protocol=6 | dir=in | app=g:\patryk\steam\bin\steamwebhelper.exe | "{FC853DA9-1D6A-4DA1-A42B-0FED13336EAF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FF9A4841-AE99-472B-B748-7B8B4FDDA481}" = protocol=17 | dir=in | app=g:\gry z origina\plants vs. zombies\plantsvszombies.exe | "TCP Query User{02D78176-0512-4EE5-B990-D3ED3294194C}G:\patryk\world_of_tanks_ct\worldoftanks.exe" = protocol=6 | dir=in | app=g:\patryk\world_of_tanks_ct\worldoftanks.exe | "TCP Query User{089906DC-ADBA-44A7-B3D5-F061FC00A894}C:\users\piorom22\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\piorom22\appdata\local\akamai\netsession_win.exe | "TCP Query User{0CB76F9C-4FEC-4E35-899C-943307E692A8}G:\pompamt2\pompamt2.exe" = protocol=6 | dir=in | app=g:\pompamt2\pompamt2.exe | "TCP Query User{0D7B0162-6154-4F79-8318-9274A7D82C2A}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{1E29CCF1-20E4-4B5E-9081-B55F45B526D8}G:\pompamt2\pompamt2\pompamt2.exe" = protocol=6 | dir=in | app=g:\pompamt2\pompamt2\pompamt2.exe | "TCP Query User{1FFD034F-C490-4F8E-8F2E-AF7C74E2EE0C}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{26B3A891-9FF2-4C6E-B537-0A6A19B1D719}G:\ravia.eu\game" = protocol=6 | dir=in | app=g:\ravia.eu\game | "TCP Query User{28ED7B1A-EC2F-4E92-9100-F67A01587ED5}G:\gmmt2\gmmt2\gmmt2.bin" = protocol=6 | dir=in | app=g:\gmmt2\gmmt2\gmmt2.bin | "TCP Query User{29E3FAAC-A9C3-4E80-B530-B10726BFB2FE}C:\users\maciej\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\maciej\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe | "TCP Query User{31ABFA68-FBB7-41CA-BA14-14897CE85286}C:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks_ct\wotlauncher.exe | "TCP Query User{34A9D1B9-74ED-4D22-B731-2B09F1F91BDB}C:\users\maciej\appdata\roaming\.zyczujdk7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\maciej\appdata\roaming\.zyczujdk7\bin\javaw.exe | "TCP Query User{379F392F-BB40-40C8-AC5F-77084CCEB33C}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "TCP Query User{39FCE307-ECAC-4064-B821-FDBECE1B9BC2}G:\pompa2\pompamt2\pompamt2.exe" = protocol=6 | dir=in | app=g:\pompa2\pompamt2\pompamt2.exe | "TCP Query User{44EFFDB6-2426-45EE-81BD-85D26149C0A6}G:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe" = protocol=6 | dir=in | app=g:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe | "TCP Query User{7C4BB16F-9CD8-4F21-8477-B17A6D16696C}G:\4death\4death.pl.exe" = protocol=6 | dir=in | app=g:\4death\4death.pl.exe | "TCP Query User{7CCA65AD-1FED-4C8D-A674-5C9D1FC5BC1C}G:\cadprojekt\cad decor paradyż v. 2.0.0\renderpro\x64\radiosityprocess.exe" = protocol=6 | dir=in | app=g:\cadprojekt\cad decor paradyż v. 2.0.0\renderpro\x64\radiosityprocess.exe | "TCP Query User{8055BE26-D777-495C-BE67-BA23FBFA65C0}F:\program files\diamondmt2\patcher\metin2.bin" = protocol=6 | dir=in | app=f:\program files\diamondmt2\patcher\metin2.bin | "TCP Query User{823B4C32-5FC8-463F-8297-D63F9501CEFB}F:\program files\diamondmt2\patcher\diamondmt3.exe" = protocol=6 | dir=in | app=f:\program files\diamondmt2\patcher\diamondmt3.exe | "TCP Query User{825B3EE6-F9CE-4CB9-9338-208A677D903E}F:\program files\valve\hl.exe" = protocol=6 | dir=in | app=f:\program files\valve\hl.exe | "TCP Query User{85164CA6-B321-4D56-AE9A-4CA9EE75F6BF}F:\program files\valve\hlds.exe" = protocol=6 | dir=in | app=f:\program files\valve\hlds.exe | "TCP Query User{87CBB973-C306-4592-A0EB-CA7E816CC6F7}F:\team17\worms armageddon\wa.exe" = protocol=6 | dir=in | app=f:\team17\worms armageddon\wa.exe | "TCP Query User{8B0DE923-3174-4CF8-9C34-6365ABA300D7}C:\users\w7\appdata\roaming\.zyczujdk7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\w7\appdata\roaming\.zyczujdk7\bin\javaw.exe | "TCP Query User{8D3AE41D-3545-4D99-86E5-94AD24E33250}G:\program files (x86)\overspeed\lasr.exe" = protocol=6 | dir=in | app=g:\program files (x86)\overspeed\lasr.exe | "TCP Query User{97C8BFC9-71D8-490B-B21B-238B1BBD0A3B}G:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe" = protocol=6 | dir=in | app=g:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe | "TCP Query User{C1577D7B-8930-4E01-BE10-9D422E15A105}G:\cadprojekt\cad decor paradyż v. 2.0.0\renderpro\radiosityprocess.exe" = protocol=6 | dir=in | app=g:\cadprojekt\cad decor paradyż v. 2.0.0\renderpro\radiosityprocess.exe | "TCP Query User{CD05469F-169F-4158-934B-2E22F7170C1C}C:\program files\java\jre7\launch4j-tmp\minecraftzyczu.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\launch4j-tmp\minecraftzyczu.exe | "TCP Query User{CDFE8E99-DBAC-4E43-A34E-06243985035C}G:\xenox\xenoxmt2client_11.02.2012r_by_pawemol\xenoxmt2 launcher.exe" = protocol=6 | dir=in | app=g:\xenox\xenoxmt2client_11.02.2012r_by_pawemol\xenoxmt2 launcher.exe | "TCP Query User{DF4A6B8E-F72F-4EEB-BCB2-A329DB72AFAC}C:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks_ct\wotlauncher.exe | "TCP Query User{E812708F-D7AE-46A1-BAF4-4E002AEDB90C}G:\program files (x86)\valve\hl.exe" = protocol=6 | dir=in | app=g:\program files (x86)\valve\hl.exe | "TCP Query User{F6085B59-3F99-4E54-B9E6-E392F9CCFAEA}C:\games\world_of_tanks_ct\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks_ct\worldoftanks.exe | "UDP Query User{00DA26A3-3430-40D5-ACCA-43371AA92CE6}C:\users\w7\appdata\roaming\.zyczujdk7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\w7\appdata\roaming\.zyczujdk7\bin\javaw.exe | "UDP Query User{06E9D3E1-E084-4B9F-9B36-064A264256B2}G:\4death\4death.pl.exe" = protocol=17 | dir=in | app=g:\4death\4death.pl.exe | "UDP Query User{0A35DF4C-5DD3-4039-9BA5-DD8402465023}G:\pompa2\pompamt2\pompamt2.exe" = protocol=17 | dir=in | app=g:\pompa2\pompamt2\pompamt2.exe | "UDP Query User{0CB78E6C-5A98-4757-9EBF-127E34D2C156}C:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks_ct\wotlauncher.exe | "UDP Query User{16A6D790-2197-4BBC-997B-1AD0AC32C4F3}C:\users\maciej\appdata\roaming\.zyczujdk7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\maciej\appdata\roaming\.zyczujdk7\bin\javaw.exe | "UDP Query User{1E8FF4D6-8BA9-468D-B0D9-78DD157659D4}G:\xenox\xenoxmt2client_11.02.2012r_by_pawemol\xenoxmt2 launcher.exe" = protocol=17 | dir=in | app=g:\xenox\xenoxmt2client_11.02.2012r_by_pawemol\xenoxmt2 launcher.exe | "UDP Query User{1ED3FA3C-D06B-4A7F-9360-9C98B725CCE0}C:\games\world_of_tanks_ct\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks_ct\worldoftanks.exe | "UDP Query User{20256255-D3D4-4275-8859-56E50EC79D1A}F:\program files\valve\hlds.exe" = protocol=17 | dir=in | app=f:\program files\valve\hlds.exe | "UDP Query User{22F896BC-3D25-494B-93F5-AC73E30B916C}G:\program files (x86)\overspeed\lasr.exe" = protocol=17 | dir=in | app=g:\program files (x86)\overspeed\lasr.exe | "UDP Query User{233E6929-61C0-404C-9296-802F6E5E6645}G:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe" = protocol=17 | dir=in | app=g:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe | "UDP Query User{238C28A1-9CB9-47F3-9708-A3615CA87CFC}G:\gmmt2\gmmt2\gmmt2.bin" = protocol=17 | dir=in | app=g:\gmmt2\gmmt2\gmmt2.bin | "UDP Query User{23D16D1C-66BC-48AB-8E35-3043EAE11664}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{2D983385-1277-40CC-84B3-3CDE05AE7D81}G:\patryk\world_of_tanks_ct\worldoftanks.exe" = protocol=17 | dir=in | app=g:\patryk\world_of_tanks_ct\worldoftanks.exe | "UDP Query User{342CCBA5-CA64-461B-8308-DD48B57F84E6}F:\team17\worms armageddon\wa.exe" = protocol=17 | dir=in | app=f:\team17\worms armageddon\wa.exe | "UDP Query User{366E7AC7-BDED-41DB-9457-5844F64813FF}G:\ravia.eu\game" = protocol=17 | dir=in | app=g:\ravia.eu\game | "UDP Query User{458FAB78-C503-4526-A5EE-1892CE443AA1}C:\users\maciej\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\maciej\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe | "UDP Query User{473528D8-5B96-4397-9335-D279BBE9B211}G:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe" = protocol=17 | dir=in | app=g:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe | "UDP Query User{653D31F7-4AA4-4E38-AB4F-6520D2211FE7}G:\pompamt2\pompamt2\pompamt2.exe" = protocol=17 | dir=in | app=g:\pompamt2\pompamt2\pompamt2.exe | "UDP Query User{656E5F85-3776-42D3-A610-F2F696F81F8A}C:\program files\java\jre7\launch4j-tmp\minecraftzyczu.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\launch4j-tmp\minecraftzyczu.exe | "UDP Query User{6B25D411-332E-4A96-8A22-8FA9637C420E}G:\cadprojekt\cad decor paradyż v. 2.0.0\renderpro\x64\radiosityprocess.exe" = protocol=17 | dir=in | app=g:\cadprojekt\cad decor paradyż v. 2.0.0\renderpro\x64\radiosityprocess.exe | "UDP Query User{892A1310-1DEB-4DBB-9086-39B047DE2FC8}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "UDP Query User{9013E0D9-0B1D-4C2D-80DF-0B891573533E}C:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks_ct\wotlauncher.exe | "UDP Query User{A1280802-F773-4349-BCBC-5A2B8C785719}F:\program files\valve\hl.exe" = protocol=17 | dir=in | app=f:\program files\valve\hl.exe | "UDP Query User{A8E6A397-01DE-4537-AF47-DDFA1D5074C6}G:\program files (x86)\valve\hl.exe" = protocol=17 | dir=in | app=g:\program files (x86)\valve\hl.exe | "UDP Query User{AA2F7C98-880C-4463-BBAC-0DED778B8D82}C:\users\piorom22\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\piorom22\appdata\local\akamai\netsession_win.exe | "UDP Query User{AE320BBC-9133-4ED6-904F-E4E1DCAE84DF}G:\cadprojekt\cad decor paradyż v. 2.0.0\renderpro\radiosityprocess.exe" = protocol=17 | dir=in | app=g:\cadprojekt\cad decor paradyż v. 2.0.0\renderpro\radiosityprocess.exe | "UDP Query User{DB133994-807F-42D2-B5E4-03E7F0722532}F:\program files\diamondmt2\patcher\metin2.bin" = protocol=17 | dir=in | app=f:\program files\diamondmt2\patcher\metin2.bin | "UDP Query User{E93AA3DA-E61D-457F-A589-0902C79D6CD2}F:\program files\diamondmt2\patcher\diamondmt3.exe" = protocol=17 | dir=in | app=f:\program files\diamondmt2\patcher\diamondmt3.exe | "UDP Query User{F06CFB41-4C24-4749-BE53-FEC56283E0DD}G:\pompamt2\pompamt2.exe" = protocol=17 | dir=in | app=g:\pompamt2\pompamt2.exe | "UDP Query User{F1F0469F-5A38-4DA3-8A82-5D24CB8CAE7D}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{25058321-C33E-496B-8915-6FD64D362CAF}" = Windows Live MIME IFilter "{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2 "{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit) "{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 "{37FCE154-7F59-74F0-3A35-BF503CEB230B}" = AMD Catalyst Install Manager "{54F2237F-018C-483B-8884-9FC0D88840C3}" = VC_CRT_x64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6B657BB5-92F6-345F-927C-514935C638B8}" = Microsoft .NET Framework 4.5.2 (PLK) "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045" = Microsoft .NET Framework 4.5.2 (Polski) "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 353.82 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 353.82 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 353.82 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.4.5.57 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 352.65 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.15.0428 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 2.4.5.57 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.3.34.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 2.4.5.57 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.28 "{CB3CA48C-95CB-412B-B7AE-6F2EA8F89907}" = Windows Live Family Safety "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2 "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "GIMP-2_is1" = GIMP 2.8.10 "jdownloader2" = JDownloader 2 "Virtual Audio Cable 4.14" = Virtual Audio Cable 4.14 "WinRAR archiver" = WinRAR 5.01 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform "{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer "{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 "{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery "{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update "{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 "{1CC9F278-D898-43D2-BBED-B3B765045888}" = KogamaLauncher-WWW "{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1" = World of Tanks - Common Test "{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 3.1.2 "{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51 "{28164BD8-81EA-639A-85E9-E659E3EE6DA7}" = Catalyst Control Center InstallProxy "{2DD3C090-2986-4970-B3CB-87BB4C8AC4A5}" = Intel(R) C++ Redistributables on Intel(R) 64 "{2F7AA2BF-7C9F-4E18-A6DD-B07A2520E75B}_is1" = Eyesity 1.0.5 "{317059CB-7642-4F2E-89C0-62E69D4074B7}" = Intel(R) C++ Redistributables on IA-32 "{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 "{3C873221-12B9-475D-8DCB-62D0B2179AF9}" = USB2.0 ATV "{3EEF6B1E-38AA-4F22-BA70-30A73BB06AAE}" = Photo Common "{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime "{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform "{45FF54A4-ECD4-455D-89A2-D209737AD726}" = Poczta usługi Windows Live "{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones "{5303CFB5-D635-44F0-A94B-9611E81F07C4}" = Camtasia Studio 8 "{53873405-1010-423B-9317-0C0F69556E77}_is1" = Euro Truck Simulator "{539FE5CA-177D-46D8-84C0-90078BAF5346}" = Windows Live Writer "{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5 "{5DE67937-45D5-45E4-923C-0B7F7EC929A7}" = League of Legends "{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}" = Plants vs. Zombies™ "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer "{6A26AA62-5A91-493C-AC35-CA7163B2DC6C}" = Windows Live Family Safety "{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon "{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call "{6E6F22D7-8AD6-4A87-9A47-733E6E996F50}" = Dead Space "{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer "{715AD72D-887A-459E-988B-D4F3E87FA24B}" = Peggle "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{77655DF6-A143-4A25-A5F8-127C8CE63EDA}" = Galeria fotografii "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8B4E75B8-6788-481D-B8D5-143EF17DC06A}" = LogMeIn Hamachi "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 "{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}" = EA Sports FIFA World "{8FFD72FC-4FFA-472D-9F76-AEC85F602F9D}" = Podstawowe programy Windows Live "{94000200-C561-4E32-99EB-3C5AD3683A70}" = Waves Central V1.0.2.2 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A227B892-C548-4490-9C5D-DB341F8194A6}_is1" = Euro Truck Simulator 2 Multiplayer 0.1.5 R5 Alpha "{A72CE741-1F32-4D79-BFFB-A714375C678D}_is1" = Bigasoft Total Video Converter 4.2.2.5198 "{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1" = CLEO 4.3 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC57543E-EC54-4AB7-A18C-4B04BB1CF09A}" = Windows Live UX Platform Language Pack "{AC76BA86-0804-1033-1959-001824161310}" = Adobe Refresh Manager "{AC76BA86-7AD7-1045-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC - Polish "{AD309EDF-17A6-4968-9CE9-35887D9E1871}" = Worms World Party "{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 "{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform "{B5373BA3-BAD7-4EAC-A9D2-B66B41B82C57}" = OpenOffice 4.1.1 "{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail "{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 "{C8C20F3C-DFE0-47DA-8541-567857FD72CB}" = Limit na komputer "{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions "{DAE8CC57-EBF5-4D46-8572-9A0C769D6F16}" = Movie Maker "{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker "{E0848A2E-A162-45B2-9F5A-A3921DB444C2}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 "{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 "{FC965A47-4839-40CA-B618-18F486F042C6}" = Skype™ 7.17 "{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 20 ActiveX "ASIO4ALL" = ASIO4ALL "Auto Clicker by Shocker_is1" = Auto Clicker by Shocker "AVS Video Recorder_is1" = AVS Video Recorder 2.6 "Bandicam" = Bandicam "BandiMPEG1" = Bandisoft MPEG-1 Decoder "Battlelog Web Plugins" = Battlelog Web Plugins "Combat Arms EU" = Combat Arms EU "Counter-Strike 1.6 [HD]" = Counter-Strike 1.6 [HD] v48 "dot4CAD 6.6_is1" = dot4CAD 6 "FBDBServer_2_5_is1" = Firebird 2.5.0.26074 (Win32) "FileZilla Client" = FileZilla Client 3.7.3 "FL Studio 10" = FL Studio 10 "Fraps" = Fraps (remove only) "GAMI (Gta-Action Mod-Installer)" = GAMI (Gta-Action Mod-Installer) "GAMI (Gta-Action Mod-Installer) V 1.8.2 English" = GAMI (Gta-Action Mod-Installer) V 1.8.2 English "Google Chrome" = Google Chrome "Huawei E3272" = Huawei E3272 "IL Download Manager" = IL Download Manager "IL Shared Libraries" = IL Shared Libraries "League of Legends 3.0.1" = League of Legends "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 2.1.6.1022 "Need for Speed Underground 2_is1" = Need for Speed Underground 2 wersja 1.2 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Origin" = Origin "OS_is1" = Overspeed: High Performance Street Racing "PLAY ONLINE" = PLAY ONLINE "Porrasturvat - Stair Dismount" = Porrasturvat - Stair Dismount "Ravia.eu" = Ravia.eu "Real Cars for GTA-SA v1.5.4" = Real Cars for GTA-SA v1.5.4 "reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0 "San Andreas Mod Installer1.0" = San Andreas Mod Installer "San Andreas Mod Installer1.1" = San Andreas Mod Installer "SBM2007_is1" = SBM 1.1.6.20 "screenSHU" = screenSHU - the fastest screen capture ever. "SpeedFan" = SpeedFan (remove only) "Steam App 258760" = Scania Truck Driving Simulator "Steam App 259080" = Just Cause 2: Multiplayer Mod "Steam App 304930" = Unturned "Steam App 417860" = Emily is Away "Steam App 730" = Counter-Strike: Global Offensive "Steam App 8190" = Just Cause 2 "Sylenth1Demo_is1" = Sylenth1 Demo v2.20 "TeamSpeak 3 Client" = TeamSpeak 3 Client "TeamViewer" = TeamViewer 10 "The Elder Scrolls V - Skyrim_is1" = The Elder Scrolls V - Skyrim "Winamp" = Winamp "WinLiveSuite" = Podstawowe programy Windows Live [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-553803878-4093496405-1208779523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BeamNG-Techdemo-0.3" = BeamNG-Techdemo-0.3 (remove only) "Flux" = f.lux "TeamSpeak 3 Client" = TeamSpeak 3 Client "UnityWebPlayer" = Unity Web Player [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2015-04-16 13:57:29 | Computer Name = w7-Komputer | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2015-04-16 13:58:04 | Computer Name = w7-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: wmpnetwk.exe, wersja: 12.0.7601.17514, sygnatura czasowa: 0x4ce7ae7f Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.18409, sygnatura czasowa: 0x5315a05a Kod wyjątku: 0x0000046b Przesunięcie błędu: 0x000000000000940d Identyfikator procesu powodującego błąd: 0xc84 Godzina uruchomienia aplikacji powodującej błąd: 0x01d07854af1aa65c Ścieżka aplikacji powodującej błąd: C:\Program Files\Windows Media Player\wmpnetwk.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\KERNELBASE.dll Identyfikator raportu: 2073a220-e462-11e4-b273-00b0c400b47f Error - 2015-04-16 13:58:17 | Computer Name = w7-Komputer | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2015-04-16 14:01:53 | Computer Name = w7-Komputer | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2015-04-16 14:02:21 | Computer Name = w7-Komputer | Source = MsiInstaller | ID = 11714 Description = Error - 2015-04-16 14:02:42 | Computer Name = w7-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2015-04-16 14:10:44 | Computer Name = w7-Komputer | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2015-04-16 14:11:55 | Computer Name = w7-Komputer | Source = WinMgmt | ID = 10 Description = Error - 2015-04-16 14:15:26 | Computer Name = w7-Komputer | Source = Winlogon | ID = 4103 Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x80070005. Error - 2015-04-16 14:16:23 | Computer Name = w7-Komputer | Source = WinMgmt | ID = 10 Description = [ Media Center Events ] Error - 2014-01-11 16:43:33 | Computer Name = w7-Komputer | Source = MCUpdate | ID = 0 Description = 21:43:29 - Błąd podczas nawiązywania połączenia z Internetem. 21:43:29 - Nie można skontaktować się z serwerem.. Error - 2014-02-03 08:06:01 | Computer Name = w7-Komputer | Source = MCUpdate | ID = 0 Description = 13:06:00 - Błąd podczas nawiązywania połączenia z Internetem. 13:06:00 - Nie można skontaktować się z serwerem.. Error - 2014-02-03 08:06:11 | Computer Name = w7-Komputer | Source = MCUpdate | ID = 0 Description = 13:06:06 - Błąd podczas nawiązywania połączenia z Internetem. 13:06:06 - Nie można skontaktować się z serwerem.. Error - 2014-02-03 09:06:24 | Computer Name = w7-Komputer | Source = MCUpdate | ID = 0 Description = 14:06:24 - Błąd podczas nawiązywania połączenia z Internetem. 14:06:24 - Nie można skontaktować się z serwerem.. Error - 2014-02-03 09:06:33 | Computer Name = w7-Komputer | Source = MCUpdate | ID = 0 Description = 14:06:29 - Błąd podczas nawiązywania połączenia z Internetem. 14:06:29 - Nie można skontaktować się z serwerem.. Error - 2014-02-03 10:06:39 | Computer Name = w7-Komputer | Source = MCUpdate | ID = 0 Description = 15:06:39 - Błąd podczas nawiązywania połączenia z Internetem. 15:06:39 - Nie można skontaktować się z serwerem.. Error - 2014-02-03 10:06:45 | Computer Name = w7-Komputer | Source = MCUpdate | ID = 0 Description = 15:06:44 - Błąd podczas nawiązywania połączenia z Internetem. 15:06:44 - Nie można skontaktować się z serwerem.. Error - 2014-02-03 11:08:01 | Computer Name = w7-Komputer | Source = MCUpdate | ID = 0 Description = 16:08:01 - Błąd podczas nawiązywania połączenia z Internetem. 16:08:01 - Nie można skontaktować się z serwerem.. Error - 2014-02-03 11:08:07 | Computer Name = w7-Komputer | Source = MCUpdate | ID = 0 Description = 16:08:06 - Błąd podczas nawiązywania połączenia z Internetem. 16:08:06 - Nie można skontaktować się z serwerem.. Error - 2014-02-16 11:26:18 | Computer Name = w7-Komputer | Source = MCUpdate | ID = 0 Description = 16:26:12 - Błąd podczas nawiązywania połączenia z Internetem. 16:26:12 - Nie można skontaktować się z serwerem.. [ System Events ] Error - 2016-01-05 15:38:24 | Computer Name = w7-Komputer | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą PLAY ONLINE. OUC. Error - 2016-01-05 15:38:24 | Computer Name = w7-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi PLAY ONLINE. OUC z powodu następującego błędu: %%1053 Error - 2016-01-05 15:38:30 | Computer Name = w7-Komputer | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Child Guardian Service. Error - 2016-01-05 15:38:30 | Computer Name = w7-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Child Guardian Service z powodu następującego błędu: %%1053 Error - 2016-01-05 15:38:43 | Computer Name = w7-Komputer | Source = Microsoft-Windows-GroupPolicy | ID = 1096 Description = Przetwarzanie zasad grupy nie powiodło się. System Windows nie może zastosować opartych na rejestrze ustawień zasad dla obiektu zasad grupy LocalGPO. Ustawienia zasad grupy nie będą rozpoznawane do czasu rozwiązania tego problemu. Wyświetl szczegóły zdarzenia, aby uzyskać więcej informacji o nazwie i ścieżce pliku, który spowodował błąd. Error - 2016-01-05 15:49:56 | Computer Name = w7-Komputer | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 20:47:05 na ?2016-?01-?05 było nieoczekiwane. Error - 2016-01-05 15:50:10 | Computer Name = w7-Komputer | Source = Service Control Manager | ID = 7009 Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą PLAY ONLINE. OUC. Error - 2016-01-05 15:50:10 | Computer Name = w7-Komputer | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi PLAY ONLINE. OUC z powodu następującego błędu: %%1053 Error - 2016-01-05 15:50:19 | Computer Name = w7-Komputer | Source = Service Control Manager | ID = 7034 Description = Usługa Child Guardian Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2016-01-05 15:50:20 | Computer Name = w7-Komputer | Source = Microsoft-Windows-GroupPolicy | ID = 1096 Description = Przetwarzanie zasad grupy nie powiodło się. System Windows nie może zastosować opartych na rejestrze ustawień zasad dla obiektu zasad grupy LocalGPO. Ustawienia zasad grupy nie będą rozpoznawane do czasu rozwiązania tego problemu. Wyświetl szczegóły zdarzenia, aby uzyskać więcej informacji o nazwie i ścieżce pliku, który spowodował błąd. < End of report >

Kod: Zaznacz wszystko: Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:31-12-2015 Uruchomiony przez w7 (administrator) W7-KOMPUTER (05-01-2016 20:51:32) Uruchomiony z C:\Users\w7\Desktop Załadowane profile: w7 (Dostępne profile: w7 & piorom22 & maciej & Administrator) Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: Chrome) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Microsoft Corporation) C:\Windows\System32\sethc.exe () C:\ProgramData\MobileBrServ\mbbService.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe () C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (LogMeIn Inc.) G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn, Inc.) G:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (NVIDIA Corporation) C:\Users\w7\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Flux Software LLC) C:\Users\w7\AppData\Local\FluxSoftware\Flux\flux.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe () C:\Program Files (x86)\screenSHU\screenSHU.exe () C:\Program Files (x86)\Mobilo\Limit na komputer\ChildGuardianServiceInfo.exe (LogMeIn Inc.) G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn, Inc.) G:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [PrnStatusMX] => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.) HKLM-x32\...\Run: [Eyesity] => C:\Users\maciej\AppData\Roaming\Eyesity\Eyesity.exe [812544 2014-09-09] () HKU\S-1-5-21-553803878-4093496405-1208779523-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3638256 2015-11-13] (Electronic Arts) HKU\S-1-5-21-553803878-4093496405-1208779523-1000\...\Run: [IVONA Reader] => "C:\Program Files (x86)\IVONA\IVONA Reader\IVONA Reader.exe" -t -nosplash HKU\S-1-5-21-553803878-4093496405-1208779523-1000\...\Run: [IVONA ControlCenter] => "C:\Program Files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe" -action=run-silent HKU\S-1-5-21-553803878-4093496405-1208779523-1000\...\Run: [f.lux] => C:\Users\w7\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-553803878-4093496405-1208779523-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.) HKU\S-1-5-21-553803878-4093496405-1208779523-1000\...\Run: [screenSHU] => C:\Program Files (x86)\screenSHU\screenSHU.exe [2112000 2013-09-04] () HKU\S-1-5-21-553803878-4093496405-1208779523-1000\...\Run: [SetMyHomePage] => C:\Users\w7\AppData\Roaming\SetMyHomePage\setmyhomepage.exe HKU\S-1-5-21-553803878-4093496405-1208779523-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-553803878-4093496405-1208779523-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-553803878-4093496405-1208779523-1000\...\MountPoints2: I - I:\autorun.exe HKU\S-1-5-21-553803878-4093496405-1208779523-1000\...\MountPoints2: J - J:\autorun.exe HKU\S-1-5-21-553803878-4093496405-1208779523-1000\...\MountPoints2: {4fa1ab2e-63f4-11e3-afb1-806e6f6e6963} - H:\auto.exe HKU\S-1-5-21-553803878-4093496405-1208779523-1000\...\MountPoints2: {5a713cda-e500-11e4-9a03-00b0c400b47f} - J:\autorun.exe HKU\S-1-5-21-553803878-4093496405-1208779523-1000\...\MountPoints2: {95044deb-8a31-11e5-8019-806e6f6e6963} - I:\AutoRun.exe HKU\S-1-5-21-553803878-4093496405-1208779523-1000\...\MountPoints2: {9594796e-7bb3-11e5-8158-10feed0533b4} - K:\setup.exe HKU\S-1-5-21-553803878-4093496405-1208779523-1000\...\MountPoints2: {9bac857f-951b-11e5-a712-10feed0533b4} - I:\setup.exe HKU\S-1-5-21-553803878-4093496405-1208779523-1000\...\MountPoints2: {e5bc429a-8c6a-11e5-b81a-5a2c80139263} - I:\AutoRun.exe HKU\S-1-5-18\...\MountPoints2: I - I:\autorun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Limit na komputer - status.lnk [2015-09-05] ShortcutTarget: Limit na komputer - status.lnk -> C:\Windows\Installer\{C8C20F3C-DFE0-47DA-8541-567857FD72CB}\_64682B475FCD7BA8C61FB7.exe () GroupPolicy: Ograniczenia - Chrome <======= UWAGA GroupPolicyUsers\S-1-5-21-553803878-4093496405-1208779523-1004\User: Ograniczenia <======= UWAGA GroupPolicyUsers\S-1-5-21-553803878-4093496405-1208779523-1000\User: Ograniczenia <======= UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt Tcpip\..\Interfaces\{3E134714-EC6F-44FF-9824-D492804C0122}: [NameServer] 86.63.64.48,86.63.64.49 Tcpip\..\Interfaces\{3E134714-EC6F-44FF-9824-D492804C0122}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3F0CF690-8832-4D09-94B5-D0E0BF4851C3}: [NameServer] 89.108.195.21 89.108.202.21 Tcpip\..\Interfaces\{4BCD6390-4B1D-4385-AECA-DC3CCD27A4E3}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{C6E9CD0D-744F-4994-95A1-194CA8CA775C}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{F97E7E0F-86C4-4A99-8391-95776610762D}: [NameServer] 86.63.64.49,86.63.64.48 Tcpip\..\Interfaces\{F97E7E0F-86C4-4A99-8391-95776610762D}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.multiplayerpiano.com/ HKU\S-1-5-21-553803878-4093496405-1208779523-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://public-box.ru/start HKU\S-1-5-21-553803878-4093496405-1208779523-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://public-box.ru/start HKU\S-1-5-21-553803878-4093496405-1208779523-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://public-box.ru/start SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {248845BF-3FB1-4C33-A2ED-40FDCFC4CAF3} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\.DEFAULT -> {248845BF-3FB1-4C33-A2ED-40FDCFC4CAF3} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-553803878-4093496405-1208779523-1000 -> DefaultScope {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = hxxp://terra.im/search?sid=101&q={searchTerms} SearchScopes: HKU\S-1-5-21-553803878-4093496405-1208779523-1000 -> {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = hxxp://terra.im/search?sid=101&q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-13] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-13] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-01-22] (Oracle Corporation) BHO-x32: Pomocnik logowania za pomocą konta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-22] (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-13] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-13] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-01-22] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2014-11-28] (Nexon) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-07] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-07] (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Brak pliku] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-553803878-4093496405-1208779523-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\w7\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-16] (Unity Technologies ApS) FF Extension: Brak nazwy - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha7460\ff [nie znaleziono] Chrome: ======= CHR dev: Chrome dev build wykryto! <======= UWAGA CHR HomePage: Default -> hxxp://public-box.ru/start CHR StartupUrls: Default -> "hxxp://public-box.ru/start" CHR Profile: C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-02] CHR Extension: (Dokumenty Google) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-02] CHR Extension: (Dysk Google) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-13] CHR Extension: (YouTube) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-13] CHR Extension: (Steam inventory helper) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-01-04] CHR Extension: (Adblock dla serwisu Youtube™) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-12-27] CHR Extension: (MuzicInfo) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnbgiinmeeapadlkkeiijikonhkdlkdb [2015-12-22] CHR Extension: (Google Search) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-13] CHR Extension: (Arkusze Google) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-02] CHR Extension: (Dokumenty Google offline) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-02] CHR Extension: (Gmail) - C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-02] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation) S2 Child Guardian Service; C:\Program Files (x86)\Mobilo\Limit na komputer\ChildGuardianService.exe [10240 2014-06-27] () [Brak podpisu cyfrowego] R2 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe [3727360 2010-09-17] (Firebird Project) [Brak podpisu cyfrowego] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation) R2 Hamachi2Svc; G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2485608 2015-01-20] (LogMeIn Inc.) R2 hasplms; C:\Windows\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.) R2 Huawei E3272; C:\ProgramData\MobileBrServ\mbbservice.exe [240720 2013-12-03] () R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099720 2015-11-13] (Electronic Arts) S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [651856 2013-10-26] () R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2014-05-30] (SafeNet Inc.) S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2014-05-30] (SafeNet Inc.) S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-04-17] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [109568 2013-01-25] (Huawei Technologies Co., Ltd.) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-05-30] (SafeNet Inc.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [246272 2013-06-29] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation) S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation ) S3 StkTMini; C:\Windows\System32\Drivers\StkTMini.sys [528256 2007-11-15] (Syntek) S3 XXLHASP; c:\windows\system32\drivers\XXLHASP.sys [288768 2014-06-19] () [Brak podpisu cyfrowego] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-01-05 20:51 - 2016-01-05 20:51 - 00021964 _____ C:\Users\w7\Desktop\FRST.txt 2016-01-05 20:39 - 2016-01-05 20:39 - 02370560 _____ (Farbar) C:\Users\w7\Desktop\FRST64.exe 2016-01-05 20:39 - 2016-01-05 20:39 - 00000000 ____D C:\Users\w7\Desktop\FRST-OlderVersion 2016-01-05 20:36 - 2016-01-05 20:36 - 00602112 _____ (OldTimer Tools) C:\Users\w7\Downloads\OTL.exe 2016-01-05 20:34 - 2016-01-05 20:34 - 00380416 _____ C:\Users\w7\Downloads\ost1nsiv.exe 2016-01-05 20:12 - 2016-01-05 20:12 - 00619688 _____ (Duplex Secure Ltd) C:\Users\w7\Downloads\SPTDinst-v187-x64.exe 2016-01-05 20:06 - 2016-01-05 20:51 - 00000000 ____D C:\FRST 2016-01-05 20:05 - 2016-01-05 20:05 - 01721856 _____ (Farbar) C:\Users\w7\Downloads\FRST.exe 2016-01-05 19:59 - 2016-01-05 19:59 - 00000000 ____D C:\Users\Administrator.w7-Komputer\AppData\Local\LogMeIn 2016-01-05 19:58 - 2016-01-05 19:58 - 00002261 _____ C:\Users\Administrator.w7-Komputer\Desktop\Google Chrome.lnk 2016-01-05 19:58 - 2016-01-05 19:58 - 00001421 _____ C:\Users\Administrator.w7-Komputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-01-05 19:58 - 2016-01-05 19:58 - 00000000 ____D C:\Users\Administrator.w7-Komputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2016-01-05 19:57 - 2016-01-05 19:57 - 00000266 __RSH C:\Users\Administrator.w7-Komputer\ntuser.pol 2016-01-05 19:50 - 2016-01-05 19:50 - 00361936 _____ C:\Windows\Minidump\010516-279694-01.dmp 2016-01-05 19:25 - 2016-01-05 19:25 - 00377016 _____ C:\Windows\Minidump\010516-279350-01.dmp 2015-12-29 11:54 - 2015-12-29 11:54 - 00000000 ____D C:\Users\w7\AppData\Local\TeamViewer 2015-12-28 19:07 - 2015-12-28 19:07 - 00000000 ____D C:\Windows\pss 2015-12-28 18:44 - 2015-12-28 18:44 - 00689865 _____ C:\Users\w7\Downloads\7592.tmp 2015-12-28 18:35 - 2015-12-29 04:21 - 00000000 ____D C:\Users\w7\AppData\Roaming\OBS 2015-12-28 18:35 - 2015-12-29 04:21 - 00000000 ____D C:\Program Files\OBS 2015-12-28 18:35 - 2015-12-29 04:21 - 00000000 ____D C:\Program Files (x86)\OBS 2015-12-28 18:31 - 2016-01-05 19:59 - 00000000 ____D C:\Users\Administrator.w7-Komputer\AppData\Local\LogMeIn Hamachi 2015-12-28 18:31 - 2015-12-28 18:31 - 00066424 _____ C:\Users\Administrator.w7-Komputer\AppData\Local\GDIPFONTCACHEV1.DAT 2015-12-28 18:30 - 2015-12-28 18:30 - 00000000 ____D C:\Users\Administrator.w7-Komputer\AppData\Roaming\Adobe 2015-12-28 18:30 - 2015-12-28 18:30 - 00000000 ____D C:\Users\Administrator.w7-Komputer\AppData\Local\NVIDIA Corporation 2015-12-28 18:30 - 2015-12-28 18:30 - 00000000 ____D C:\Users\Administrator.w7-Komputer\AppData\Local\NVIDIA 2015-12-28 18:30 - 2015-12-28 18:30 - 00000000 ____D C:\Users\Administrator.w7-Komputer\AppData\Local\Google 2015-12-27 21:31 - 2015-12-27 21:31 - 00182845 _____ C:\Users\w7\Downloads\D419.tmp 2015-12-27 19:22 - 2015-12-27 19:22 - 45414569 _____ C:\Users\w7\Downloads\ChromeStandaloneSetup.rar 2015-12-23 23:04 - 2015-12-24 09:41 - 00000000 ____D C:\Users\w7\Desktop\Macros 2015-12-23 22:32 - 2015-12-23 22:32 - 01806336 _____ (Turnssoft) C:\Users\w7\Downloads\MiniMouseMacro.exe 2015-12-23 16:49 - 2015-12-29 04:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-07 18:42 - 2015-12-07 18:42 - 02586416 _____ C:\Users\w7\Downloads\Pryda snare.rar 2015-12-07 18:31 - 2015-12-07 18:32 - 42103981 _____ C:\Users\w7\Downloads\3817_EDMUltraDrops_Materials.zip ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-01-05 20:51 - 2014-01-02 18:53 - 00000000 ____D C:\Users\w7\AppData\Roaming\Skype 2016-01-05 20:50 - 2015-11-29 12:05 - 00000426 _____ C:\Windows\Tasks\3435377667_1024.job 2016-01-05 20:50 - 2015-11-29 12:05 - 00000000 ____D C:\Users\w7\AppData\Roaming\3435377667_1024 2016-01-05 20:50 - 2015-11-29 12:04 - 00000426 _____ C:\Windows\Tasks\736F47384C_1002.job 2016-01-05 20:50 - 2015-11-29 12:04 - 00000000 ____D C:\Users\w7\AppData\Roaming\736F47384C_1002 2016-01-05 20:50 - 2015-11-16 20:49 - 00000000 ____D C:\Users\w7\AppData\Local\screenSHU 2016-01-05 20:50 - 2015-09-02 15:24 - 00001002 _____ C:\Windows\Tasks\5L0Rqcgw2sWwMdWCE2oap.job 2016-01-05 20:50 - 2015-09-02 15:23 - 00000986 _____ C:\Windows\Tasks\FM1B8LdT4Vf4Q.job 2016-01-05 20:50 - 2014-03-25 20:06 - 00000000 ____D C:\Users\w7\AppData\Local\LogMeIn Hamachi 2016-01-05 20:50 - 2013-12-14 18:03 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-05 20:50 - 2013-12-13 14:00 - 00000000 ____D C:\Users\w7 2016-01-05 20:50 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-01-05 20:49 - 2014-06-12 15:33 - 00000000 ____D C:\ProgramData\NVIDIA 2016-01-05 20:25 - 2009-07-14 05:45 - 00024288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-05 20:25 - 2009-07-14 05:45 - 00024288 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-05 20:21 - 2014-01-22 20:20 - 01108488 _____ C:\Windows\ntbtlog.txt 2016-01-05 20:13 - 2013-12-14 12:14 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-01-05 20:09 - 2013-12-14 18:03 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-05 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2016-01-05 19:59 - 2014-12-16 17:25 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-01-05 19:58 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-01-05 19:57 - 2015-10-17 11:34 - 00000000 ____D C:\Users\Administrator.w7-Komputer 2016-01-05 19:50 - 2014-06-15 14:55 - 00000000 ____D C:\Windows\Minidump 2016-01-05 19:45 - 2015-07-12 11:02 - 398522343 _____ C:\Windows\MEMORY.DMP 2016-01-05 18:21 - 2009-07-14 06:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-01-04 18:31 - 2013-12-14 15:23 - 00000000 ____D C:\Users\w7\Documents\Euro Truck Simulator 2 2016-01-04 17:13 - 2013-12-14 12:14 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-01-04 17:13 - 2013-12-14 12:14 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-01-04 17:13 - 2013-12-14 12:14 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-12-29 04:21 - 2015-11-29 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\www.GameModding.net 2015-12-29 04:21 - 2015-11-28 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sylenth1 Demo 2015-12-29 04:21 - 2015-11-28 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda 2015-12-29 04:21 - 2015-11-28 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LennarDigital 2015-12-29 04:21 - 2015-11-28 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves 2015-12-29 04:21 - 2015-11-16 17:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PLAY ONLINE 2015-12-29 04:21 - 2015-11-13 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Huawei E3272 2015-12-29 04:21 - 2015-10-26 09:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed Underground 2 2015-12-29 04:21 - 2015-10-25 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive 2015-12-29 04:21 - 2015-10-17 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMI (Gta-Action Mod-Installer) V 1.8.2 English 2015-12-29 04:21 - 2015-10-17 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMI 2015-12-29 04:21 - 2015-04-17 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team17 2015-12-29 04:21 - 2015-04-14 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eyesity 2015-12-29 04:21 - 2015-04-13 15:41 - 00000000 ___SD C:\Windows\system32\GWX 2015-12-29 04:21 - 2015-02-01 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX 2015-12-29 04:21 - 2015-01-29 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-12-29 04:21 - 2015-01-25 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Cars for GTA-SA v1.5.4 2015-12-29 04:21 - 2015-01-25 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Mod Installer 2015-12-29 04:21 - 2015-01-23 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer 2015-12-29 04:21 - 2014-12-25 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam 2015-12-29 04:21 - 2014-12-16 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-12-29 04:21 - 2014-12-03 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable 2015-12-29 04:21 - 2014-11-28 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon 2015-12-29 04:21 - 2014-11-26 16:59 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2015-12-29 04:21 - 2014-11-12 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 [HD] 2015-12-29 04:21 - 2014-08-21 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobilo - Limit na komputer 2015-12-29 04:21 - 2014-07-06 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan 2015-12-29 04:21 - 2014-06-29 10:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories 2015-12-29 04:21 - 2014-06-24 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peggle 2015-12-29 04:21 - 2014-06-17 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CadDecor Paradyz v. 1.9.0 2015-12-29 04:21 - 2014-06-17 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird 2.5 (Win32) 2015-12-29 04:21 - 2014-06-17 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dot4CAD 2015-12-29 04:21 - 2014-06-16 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU 2015-12-29 04:21 - 2014-06-12 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-12-29 04:21 - 2014-06-01 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 2015-12-29 04:21 - 2014-06-01 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plants vs. Zombies 2015-12-29 04:21 - 2014-05-05 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 Multiplayer 2015-12-29 04:21 - 2014-04-17 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps 2015-12-29 04:21 - 2014-04-16 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2015-12-29 04:21 - 2014-04-15 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Clicker by Shocker 2015-12-29 04:21 - 2014-04-12 23:03 - 00000000 ____D C:\Users\maciej 2015-12-29 04:21 - 2014-04-12 22:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2015-12-29 04:21 - 2014-04-12 22:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-29 04:21 - 2014-04-12 22:20 - 00000000 ____D C:\Users\piorom22 2015-12-29 04:21 - 2014-04-07 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Space 2015-12-29 04:21 - 2014-04-04 14:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2 Ravia.eu 2015-12-29 04:21 - 2014-03-21 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports FIFA World 2015-12-29 04:21 - 2014-02-22 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp 2015-12-29 04:21 - 2014-02-21 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Porrasturvat - Stair Dismount 2015-12-29 04:21 - 2014-02-17 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2015-12-29 04:21 - 2014-02-16 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cdp.pl 2015-12-29 04:21 - 2014-02-02 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line 2015-12-29 04:21 - 2014-02-02 11:50 - 00000000 ____D C:\ProgramData\Origin 2015-12-29 04:21 - 2014-02-02 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2015-12-29 04:21 - 2014-02-02 11:50 - 00000000 ____D C:\Program Files (x86)\Origin 2015-12-29 04:21 - 2013-12-22 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-12-29 04:21 - 2013-12-14 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2015-12-29 04:21 - 2013-12-14 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-12-29 04:21 - 2013-12-13 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks - Common Test 2015-12-29 04:21 - 2013-12-13 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-12-29 04:21 - 2013-12-13 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sbpro 2015-12-29 04:21 - 2013-12-13 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2015-12-29 04:21 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-12-29 04:21 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicyUsers 2015-12-29 04:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2015-12-29 04:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2015-12-23 20:36 - 2013-12-23 11:40 - 00910336 ___SH C:\Users\w7\Downloads\Thumbs.db 2015-12-23 16:49 - 2014-11-12 15:00 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk 2015-12-23 16:49 - 2014-03-04 13:57 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-12-23 16:49 - 2014-01-02 18:53 - 00000000 ____D C:\ProgramData\Skype 2015-12-07 15:46 - 2015-11-29 15:47 - 00000000 ____D C:\Users\w7\Desktop\Boty do sf ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-09-02 16:47 - 2015-09-02 16:47 - 5224982 _____ (Bycatch) C:\Program Files\Common Files\0e2q5isl.exe 2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Users\w7\AppData\Roaming\5L0Rqcgw2sWwMdWCE2oap 2014-04-07 14:00 - 2014-04-07 14:01 - 0002277 _____ () C:\Users\w7\AppData\Roaming\ASSDraw3.cfg 2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Users\w7\AppData\Roaming\FM1B8LdT4Vf4Q 2015-10-16 13:36 - 2015-10-16 13:36 - 0000090 _____ () C:\Users\w7\AppData\Local\fusioncache.dat 2015-01-12 18:37 - 2015-01-12 18:37 - 0002484 _____ () C:\Users\w7\AppData\Local\recently-used.xbel 2013-12-17 02:49 - 2013-12-17 02:49 - 0007602 _____ () C:\Users\w7\AppData\Local\Resmon.ResmonCfg 2015-09-02 15:27 - 2015-09-02 15:27 - 0000187 _____ () C:\Users\w7\AppData\Local\Techitrax.exe.config Pliki do przeniesienia lub usunięcia: ==================== C:\Users\w7\test.bat C:\Users\w7\Włącz minecraft..bat Niektóre pliki w TEMP: ==================== C:\Users\maciej\AppData\Local\Temp\nvSCPAPI.dll C:\Users\maciej\AppData\Local\Temp\nvSCPAPISvr.exe C:\Users\maciej\AppData\Local\Temp\nvStInst.exe C:\Users\maciej\AppData\Local\Temp\Quarantine.exe C:\Users\maciej\AppData\Local\Temp\sfamcc00001.dll C:\Users\maciej\AppData\Local\Temp\sqlite3.dll C:\Users\maciej\AppData\Local\Temp\Uninstall.exe C:\Users\piorom22\AppData\Local\Temp\NVI2_29.DLL C:\Users\piorom22\AppData\Local\Temp\nvSCPAPI.dll C:\Users\piorom22\AppData\Local\Temp\nvStInst.exe C:\Users\piorom22\AppData\Local\Temp\sfamcc00001.dll C:\Users\piorom22\AppData\Local\Temp\SkypeSetup.exe C:\Users\piorom22\AppData\Local\Temp\skype_amd643448840997676409222.dll C:\Users\piorom22\AppData\Local\Temp\sqlite3.dll C:\Users\w7\AppData\Local\Temp\130931287253395882.exe C:\Users\w7\AppData\Local\Temp\13093128727055082995.exe C:\Users\w7\AppData\Local\Temp\amisetup8505__13312.exe C:\Users\w7\AppData\Local\Temp\amisetup8721__13312.exe C:\Users\w7\AppData\Local\Temp\el_inst.exe C:\Users\w7\AppData\Local\Temp\fsdB2DA.exe C:\Users\w7\AppData\Local\Temp\MD5Hash.dll C:\Users\w7\AppData\Local\Temp\proxy_vole439370314817781473.dll C:\Users\w7\AppData\Local\Temp\proxy_vole5955230027035290090.dll C:\Users\w7\AppData\Local\Temp\proxy_vole8203772017651391669.dll C:\Users\w7\AppData\Local\Temp\sfamcc00001.dll C:\Users\w7\AppData\Local\Temp\sfareca00001.dll C:\Users\w7\AppData\Local\Temp\sfextra.dll C:\Users\w7\AppData\Local\Temp\SkypeSetup.exe C:\Users\w7\AppData\Local\Temp\sqlite3.dll C:\Users\w7\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2015-12-26 16:28 ==================== Koniec FRST.txt ============================

Kod: Zaznacz wszystko: Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja:31-12-2015 Uruchomiony przez w7 (2016-01-05 20:52:33) Uruchomiony z C:\Users\w7\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2013-12-13 13:00:26) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-553803878-4093496405-1208779523-500 - Administrator - Enabled) => C:\Users\Administrator.w7-Komputer ASPNET (S-1-5-21-553803878-4093496405-1208779523-1006 - Limited - Enabled) Gość (S-1-5-21-553803878-4093496405-1208779523-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-553803878-4093496405-1208779523-1002 - Limited - Enabled) maciej (S-1-5-21-553803878-4093496405-1208779523-1004 - Limited - Enabled) => C:\Users\maciej piorom22 (S-1-5-21-553803878-4093496405-1208779523-1003 - Administrator - Enabled) => C:\Users\piorom22 w7 (S-1-5-21-553803878-4093496405-1208779523-1000 - Administrator - Enabled) => C:\Users\w7 ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) 7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version: - ) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated) Aegisub 3.1.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.1.2 - Aegisub Team) Aktualizacje NVIDIA 2.4.5.57 (Version: 2.4.5.57 - NVIDIA Corporation) Hidden AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach) Auto Clicker by Shocker (HKLM-x32\...\Auto Clicker by Shocker_is1) (Version: V3.0 - shockingsoft.com) AVS Video Recorder 2.6 (HKLM-x32\...\AVS Video Recorder_is1) (Version: 2.6.1.94 - Online Media Technologies Ltd.) Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.739 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB) BeamNG-Techdemo-0.3 (remove only) (HKU\S-1-5-21-553803878-4093496405-1208779523-1000\...\BeamNG-Techdemo-0.3) (Version: - ) Bigasoft Total Video Converter 4.2.2.5198 (HKLM-x32\...\{A72CE741-1F32-4D79-BFFB-A714375C678D}_is1) (Version: - Bigasoft Corporation) Camtasia Studio 8 (HKLM-x32\...\{5303CFB5-D635-44F0-A94B-9611E81F07C4}) (Version: 8.3.0.1471 - TechSmith Corporation) CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien) Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version: - ) Counter-Strike 1.6 [HD] v48 (HKLM-x32\...\Counter-Strike 1.6 [HD]) (Version: v48 - Skilluj.com) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dead Space (HKLM-x32\...\{6E6F22D7-8AD6-4A87-9A47-733E6E996F50}) (Version: 1.0.0.222 - Electronic Arts) dot4CAD 6 (HKLM-x32\...\dot4CAD 6.6_is1) (Version: - CAD Projekt K&A s.c.) EA Sports FIFA World (HKLM-x32\...\{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}) (Version: 6.2.0.43717 - Electronic Arts, Inc.) Emily is Away (HKLM-x32\...\Steam App 417860) (Version: - Kyle Seeley) Euro Truck Simulator (HKLM-x32\...\{53873405-1010-423B-9317-0C0F69556E77}_is1) (Version: 1.3 - SCS Software) Euro Truck Simulator 2 Multiplayer 0.1.5 R5 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.1.5 R5 Alpha - ETS2MP Team) Eyesity 1.0.5 (HKLM-x32\...\{2F7AA2BF-7C9F-4E18-A6DD-B07A2520E75B}_is1) (Version: - Lensystem Sp. z o.o.) f.lux (HKU\S-1-5-21-553803878-4093496405-1208779523-1000\...\Flux) (Version: - ) FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse) Firebird 2.5.0.26074 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version: 2.5.0.26074 - Firebird Project) FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version: - Image-Line) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Galeria fotografii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden GAMI (Gta-Action Mod-Installer) (HKLM-x32\...\GAMI (Gta-Action Mod-Installer)) (Version: - ) GAMI (Gta-Action Mod-Installer) V 1.8.2 English (HKLM-x32\...\GAMI (Gta-Action Mod-Installer) V 1.8.2 English) (Version: - ) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden Huawei E3272 (HKLM-x32\...\Huawei E3272) (Version: 22.001.22.00.1202 - Huawei Technologies Co.,Ltd) IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line) IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line) Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{317059CB-7642-4F2E-89C0-62E69D4074B7}) (Version: 15.0.148 - Intel Corporation) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{2DD3C090-2986-4970-B3CB-87BB4C8AC4A5}) (Version: 15.0.148 - Intel Corporation) Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche) Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - JC2-MP Team) KogamaLauncher-WWW (HKLM-x32\...\{1CC9F278-D898-43D2-BBED-B3B765045888}) (Version: 1.0.3.0 - Multiverse ApS) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Limit na komputer (HKLM-x32\...\{C8C20F3C-DFE0-47DA-8541-567857FD72CB}) (Version: 2.5.0 - Mobilo) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden Malwarebytes Anti-Malware wersja 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.51209 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Need for Speed Underground 2 wersja 1.2 (HKLM-x32\...\Need for Speed Underground 2_is1) (Version: 1.2 - EA Games) NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) NVIDIA Sterownik 3D Vision 353.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.82 - NVIDIA Corporation) NVIDIA Sterownik dźwięku HD 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation) NVIDIA Sterownik graficzny 353.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.82 - NVIDIA Corporation) NVIDIA Sterownik kontrolera 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation) OpenOffice 4.1.1 (HKLM-x32\...\{B5373BA3-BAD7-4EAC-A9D2-B66B41B82C57}) (Version: 4.11.9775 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.) Overspeed: High Performance Street Racing (HKLM-x32\...\OS_is1) (Version: - City Interactive) Panel sterowania NVIDIA 353.82 (Version: 353.82 - NVIDIA Corporation) Hidden Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games) Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.) PLAY ONLINE (HKLM-x32\...\PLAY ONLINE) (Version: 23.015.02.00.264 - Huawei Technologies Co.,Ltd) Poczta usługi Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Porrasturvat - Stair Dismount (HKLM-x32\...\Porrasturvat - Stair Dismount) (Version: - ) Ravia.eu (HKLM-x32\...\Ravia.eu) (Version: - ) Real Cars for GTA-SA v1.5.4 (HKLM-x32\...\Real Cars for GTA-SA v1.5.4) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek) reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - ) San Andreas Mod Installer (HKLM-x32\...\San Andreas Mod Installer1.0) (Version: - ) San Andreas Mod Installer (HKLM-x32\...\San Andreas Mod Installer1.1) (Version: 1.1 - cpmusick) SBM 1.1.6.20 (HKLM-x32\...\SBM2007_is1) (Version: - SBPro) Scania Truck Driving Simulator (HKLM-x32\...\Steam App 258760) (Version: - SCS Software) screenSHU - the fastest screen capture ever. (HKLM-x32\...\screenSHU) (Version: - ) SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation) Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.) Sp5 (x32 Version: 5.1.4324.0 - Microsoft) Hidden Sp5Intl (x32 Version: 5.1.4324.0 - Microsoft) Hidden Sp5TTInt (x32 Version: 5.1.4324.0 - Microsoft) Hidden SpCommon (x32 Version: 5.1.4324.0 - Microsoft) Hidden SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) SpPhones (x32 Version: 6.0.3122.0 - Microsoft) Hidden Sylenth1 Demo v2.20 (HKLM-x32\...\Sylenth1Demo_is1) (Version: - ) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH) TeamSpeak 3 Client (HKU\S-1-5-21-553803878-4093496405-1208779523-1000\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) The Elder Scrolls V - Skyrim (HKLM-x32\...\The Elder Scrolls V - Skyrim_is1) (Version: - ) Unity Web Player (HKU\S-1-5-21-553803878-4093496405-1208779523-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson cenzura-spam) USB2.0 ATV (HKLM-x32\...\{3C873221-12B9-475D-8DCB-62D0B2179AF9}) (Version: 6.10.000.001 - Regulus) VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden Virtual Audio Cable 4.14 (HKLM\...\Virtual Audio Cable 4.14) (Version: - ) Waves Central V1.0.2.2 (HKLM-x32\...\{94000200-C561-4E32-99EB-3C5AD3683A70}) (Version: 1.0.3 - Waves) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) World of Tanks - Common Test (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1) (Version: - Wargaming.net) Worms World Party (HKLM-x32\...\{AD309EDF-17A6-4968-9CE9-35887D9E1871}) (Version: 1.00.000 - ) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {11DDDF0E-F25F-4DF3-A854-71B33B41D351} - System32\Tasks\XboxStatTask => C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [2009-09-30] (Microsoft Corporation) Task: {193E5FCB-867E-495B-9447-507964CC37B4} - System32\Tasks\{CF246BF9-0919-4CA8-87FC-C0C7C89AFFD9} => pcalua.exe -a "G:\CadProjekt\CadDecorParadyz v. 2.0.0\uninstall.exe" Task: {194482CC-5EA3-42D4-AA38-DAABDC567A89} - System32\Tasks\{24888258-C571-4381-B569-215B012283CF} => pcalua.exe -a C:\Users\w7\Desktop\MinecraftZyczu.exe -d C:\Users\w7\Desktop Task: {219FC586-F31C-4CBA-8292-F65A9D26EC10} - System32\Tasks\{A07B1B5F-007A-46CB-A21F-083249610756} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-12-17] (Skype Technologies S.A.) Task: {23388C68-337B-40EB-9582-AECC7FB68E1B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {2E9280A1-E1B0-4AEB-827D-854A7B371FDB} - System32\Tasks\FM1B8LdT4Vf4Q => C:\Users\w7\AppData\Roaming\FM1B8LdT4Vf4Q.exe <==== UWAGA Task: {38D68298-9E3E-45A3-82F6-06611486EB46} - System32\Tasks\{03CC764B-CC84-484D-A10D-E888ABC3A8C2} => pcalua.exe -a "C:\Program Files (x86)\YouTube Accelerator\YTAUninstall.exe" Task: {42273AE1-04E9-41BE-B729-B57E8CA9011E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-04] (Adobe Systems Incorporated) Task: {4C1B7809-5530-4A9B-A3A9-F2DDB2A43912} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {5A19A759-0A56-45AE-A490-029C0AAE35CD} - System32\Tasks\{1FE01A0B-A365-461A-9921-B63CA33F5B9D} => pcalua.exe -a C:\Users\w7\Downloads\Minecraft-Setup.exe -d C:\Users\w7\Downloads Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {868E94E2-F495-4858-96AF-6EF967A6596C} - \snp -> Brak pliku <==== UWAGA Task: {8C67E04F-5674-4AC3-8404-E679BC546BA0} - System32\Tasks\{082D8846-EE5D-4B4B-94BC-3890A302D60C} => pcalua.exe -a G:\Skyrim\VCRedist\vcredist_x86.exe -d G:\Skyrim\VCRedist Task: {963DA462-6F65-47BB-8D1C-6E088E147DE1} - System32\Tasks\736F47384C_1002 => C:\Users\w7\AppData\Roaming\736F47384C_1002\2DMniWU65L.exe [2015-11-29] () Task: {D6204B61-F63C-439F-9F2C-11143F59A034} - \snf -> Brak pliku <==== UWAGA Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc Task: {EC91CA5C-CDB5-4062-8B29-1F81FE8212FE} - System32\Tasks\3435377667_1024 => C:\Users\w7\AppData\Roaming\3435377667_1024\tn8LCMpwSg.exe [2015-11-29] () Task: {F6A52B4E-C263-4D9A-B72D-8952FA2E6FA7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {FF92BD66-6FB0-4388-B48A-88BC317E1D42} - System32\Tasks\5L0Rqcgw2sWwMdWCE2oap => C:\Users\w7\AppData\Roaming\5L0Rqcgw2sWwMdWCE2oap.exe <==== UWAGA (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\Windows\Tasks\3435377667_1024.job => C:\Users\w7\AppData\Roaming\3435377667_1024\tn8LCMpwSg.exe Task: C:\Windows\Tasks\5L0Rqcgw2sWwMdWCE2oap.job => C:\Users\w7\AppData\Roaming\5L0Rqcgw2sWwMdWCE2oap.exe <==== UWAGA Task: C:\Windows\Tasks\736F47384C_1002.job => C:\Users\w7\AppData\Roaming\736F47384C_1002\2DMniWU65L.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FM1B8LdT4Vf4Q.job => C:\Users\w7\AppData\Roaming\FM1B8LdT4Vf4Q.exe <==== UWAGA Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ==================== Załadowane moduły (filtrowane) ============== 2014-06-12 15:32 - 2015-08-07 01:44 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-11-13 19:37 - 2013-12-03 07:09 - 00240720 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe 2013-10-28 03:02 - 2013-10-28 03:02 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2015-11-16 17:31 - 2013-10-26 10:45 - 00651856 _____ () C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe 2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () G:\FileZilla FTP Client\fzshellext_64.dll 2013-09-04 18:21 - 2013-09-04 18:21 - 02112000 _____ () C:\Program Files (x86)\screenSHU\screenSHU.exe 2014-06-27 20:43 - 2014-06-27 20:43 - 00108032 _____ () C:\Program Files (x86)\Mobilo\Limit na komputer\ChildGuardianServiceInfo.exe 2014-06-27 20:43 - 2014-06-27 20:43 - 00076288 _____ () C:\Program Files (x86)\Mobilo\Limit na komputer\CGSBI.dll 2015-11-16 17:31 - 2013-08-31 06:44 - 02417152 _____ () C:\ProgramData\PLAY ONLINE\OnlineUpdate\QtCore4.dll 2015-11-16 17:31 - 2009-01-10 19:32 - 00011362 _____ () C:\ProgramData\PLAY ONLINE\OnlineUpdate\mingwm10.dll 2015-11-16 17:31 - 2009-06-23 03:42 - 00043008 _____ () C:\ProgramData\PLAY ONLINE\OnlineUpdate\libgcc_s_dw2-1.dll 2015-11-16 17:31 - 2013-08-31 06:46 - 01148416 _____ () C:\ProgramData\PLAY ONLINE\OnlineUpdate\QtNetwork4.dll 2015-04-16 19:18 - 2015-06-24 12:37 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-12-05 10:21 - 2015-12-05 10:21 - 00933056 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll 2011-06-08 08:32 - 2011-06-08 08:32 - 00011362 _____ () C:\Program Files (x86)\screenSHU\mingwm10.dll 2011-06-08 08:32 - 2011-06-08 08:32 - 00043008 _____ () C:\Program Files (x86)\screenSHU\libgcc_s_dw2-1.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE - Powiązania (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) HKU\S-1-5-21-553803878-4093496405-1208779523-1000\Software\Classes\.exe: => <===== UWAGA ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: ========================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2014-12-25 13:39 - 2014-12-25 13:39 - 00000588 ___RA C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 onhax.net 127.0.0.1 www.onhax.net 127.0.0.1 forum.onhax.net 127.0.0.1 https://forum.onhax.net 127.0.0.1 labs.onhax.net 127.0.0.1 do2dear.net 127.0.0.1 p30world.com 127.0.0.1 brarstuff.com 127.0.0.1 rsload.net 127.0.0.1 bandicam.com 127.0.0.1 ssl.bandisoft.com 127.0.0.1 idm-crack-patch.blogspot.in 127.0.0.1 parth8641.blogspot.com ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-553803878-4093496405-1208779523-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 86.63.64.49 - 86.63.64.48 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Obecnie brak automatycznej naprawy dla tej sekcji.) ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [TCP Query User{DF4A6B8E-F72F-4EEB-BCB2-A329DB72AFAC}C:\games\world_of_tanks_ct\wotlauncher.exe] => (Allow) C:\games\world_of_tanks_ct\wotlauncher.exe FirewallRules: [UDP Query User{0CB78E6C-5A98-4757-9EBF-127E34D2C156}C:\games\world_of_tanks_ct\wotlauncher.exe] => (Allow) C:\games\world_of_tanks_ct\wotlauncher.exe FirewallRules: [TCP Query User{31ABFA68-FBB7-41CA-BA14-14897CE85286}C:\games\world_of_tanks_ct\wotlauncher.exe] => (Allow) C:\games\world_of_tanks_ct\wotlauncher.exe FirewallRules: [UDP Query User{9013E0D9-0B1D-4C2D-80DF-0B891573533E}C:\games\world_of_tanks_ct\wotlauncher.exe] => (Allow) C:\games\world_of_tanks_ct\wotlauncher.exe FirewallRules: [TCP Query User{0D7B0162-6154-4F79-8318-9274A7D82C2A}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{23D16D1C-66BC-48AB-8E35-3043EAE11664}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{F6085B59-3F99-4E54-B9E6-E392F9CCFAEA}C:\games\world_of_tanks_ct\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_ct\worldoftanks.exe FirewallRules: [UDP Query User{1ED3FA3C-D06B-4A7F-9360-9C98B725CCE0}C:\games\world_of_tanks_ct\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_ct\worldoftanks.exe FirewallRules: [{F8DBB85B-4C79-4BFA-9D88-BD88B34EA828}] => (Allow) G:\Patryk\Steam\Steam.exe FirewallRules: [{4F9D8D02-D95E-4D9B-8FA9-F3F2F1E09C1E}] => (Allow) G:\Patryk\Steam\Steam.exe FirewallRules: [{BE97BA32-7CB9-4BED-9BB6-21D269AAE394}] => (Allow) G:\Patryk\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [{B0E65ACF-636E-410D-996D-19E34CBE1227}] => (Allow) G:\Patryk\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [TCP Query User{02D78176-0512-4EE5-B990-D3ED3294194C}G:\patryk\world_of_tanks_ct\worldoftanks.exe] => (Allow) G:\patryk\world_of_tanks_ct\worldoftanks.exe FirewallRules: [UDP Query User{2D983385-1277-40CC-84B3-3CDE05AE7D81}G:\patryk\world_of_tanks_ct\worldoftanks.exe] => (Allow) G:\patryk\world_of_tanks_ct\worldoftanks.exe FirewallRules: [{A8B2B2A3-EC64-4602-8798-3998BF93056A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{23CC7D53-D0AD-4E11-B732-04AD711C4AAB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{CF833A90-6CB4-4AE1-9D1A-A0E3299C3C87}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{C2FAA2CC-395E-441B-9606-79BE1C749880}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [TCP Query User{1FFD034F-C490-4F8E-8F2E-AF7C74E2EE0C}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{F1F0469F-5A38-4DA3-8A82-5D24CB8CAE7D}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [{E201AE27-A517-4803-B719-2FEC43AAD87A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{CD05469F-169F-4158-934B-2E22F7170C1C}C:\program files\java\jre7\launch4j-tmp\minecraftzyczu.exe] => (Block) C:\program files\java\jre7\launch4j-tmp\minecraftzyczu.exe FirewallRules: [UDP Query User{656E5F85-3776-42D3-A610-F2F696F81F8A}C:\program files\java\jre7\launch4j-tmp\minecraftzyczu.exe] => (Block) C:\program files\java\jre7\launch4j-tmp\minecraftzyczu.exe FirewallRules: [{292D8532-86E7-41DE-8A39-DEED3BC734D3}] => (Allow) G:\Patryk\Euro Truck Simulator\eurotrucks.exe FirewallRules: [{157377E6-77D9-46C1-BE3A-E62CF0302182}] => (Allow) G:\Patryk\SCANIA Truck Driving Simulator\bin\win_x86\scania_truck_driving_simulator.exe FirewallRules: [{A6A2B629-D095-49D2-BA46-E6CFF27A6F80}] => (Allow) G:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{83F1B7F6-A0BC-4A12-B651-C50DB3F80B14}] => (Allow) G:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{A4B0BFB6-894B-4AA8-A3AC-AF818FDB4EEF}] => (Allow) G:\Patryk\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [{186FE474-92B9-49FF-9AD4-9BED1F1EAC99}] => (Allow) G:\Patryk\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [{3C6704DF-54F4-498D-A490-32158A785D76}] => (Allow) G:\Patryk\Steam\SteamApps\common\Just Cause 2\JustCause2.exe FirewallRules: [{480D98A0-BD17-4FB7-B515-B99DD9E970C6}] => (Allow) G:\Patryk\Steam\SteamApps\common\Just Cause 2\JustCause2.exe FirewallRules: [{031CBFB3-5950-42E1-835B-43081DC808FD}] => (Allow) G:\Patryk\Steam\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe FirewallRules: [{5D28F745-C7FA-46EB-A478-1BE6E25D90AD}] => (Allow) G:\Patryk\Steam\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe FirewallRules: [{F597F880-8409-403B-9228-37FE2F06CA46}] => (Allow) G:\Patryk\Steam\SteamApps\common\Scania Truck Driving Simulator\bin\win_x86\scania_truck_driving_simulator.exe FirewallRules: [{4CF330B5-1A20-42E5-BE35-C78A4A346DDF}] => (Allow) G:\Patryk\Steam\SteamApps\common\Scania Truck Driving Simulator\bin\win_x86\scania_truck_driving_simulator.exe FirewallRules: [TCP Query User{26B3A891-9FF2-4C6E-B537-0A6A19B1D719}G:\ravia.eu\game] => (Allow) G:\ravia.eu\game FirewallRules: [UDP Query User{366E7AC7-BDED-41DB-9457-5844F64813FF}G:\ravia.eu\game] => (Allow) G:\ravia.eu\game FirewallRules: [{9A641876-DF2F-492A-92E3-7A92D743EB34}] => (Block) G:\ravia.eu\game FirewallRules: [{91A2A745-8CD1-4DC3-AE04-7148E6D356DF}] => (Block) G:\ravia.eu\game FirewallRules: [{619BA736-DD24-4F4A-8C20-A9F7466EC263}] => (Allow) G:\Patryk\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [{577B9534-0579-4F5E-A0FC-54EE38114727}] => (Allow) G:\Patryk\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [{2DF587D0-FD14-46C7-A653-E545008D7D51}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe FirewallRules: [{5DC5A647-1173-4D28-BD28-4AEB3A7BC37B}] => (Allow) C:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe FirewallRules: [{D5E44D14-4106-49AC-98D7-889C6A669CC0}] => (Allow) LPort=8317 FirewallRules: [TCP Query User{34A9D1B9-74ED-4D22-B731-2B09F1F91BDB}C:\users\maciej\appdata\roaming\.zyczujdk7\bin\javaw.exe] => (Block) C:\users\maciej\appdata\roaming\.zyczujdk7\bin\javaw.exe FirewallRules: [UDP Query User{16A6D790-2197-4BBC-997B-1AD0AC32C4F3}C:\users\maciej\appdata\roaming\.zyczujdk7\bin\javaw.exe] => (Block) C:\users\maciej\appdata\roaming\.zyczujdk7\bin\javaw.exe FirewallRules: [{8FD8FAE0-AD86-4753-8676-A0FDCD9A7997}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{F3E28220-CAED-4885-9BA2-B7566E8540FB}] => (Allow) LPort=2869 FirewallRules: [{1F2802E7-7245-488D-8CBA-E690DCC6A996}] => (Allow) LPort=1900 FirewallRules: [{9031498D-C073-4025-B343-1ACD01048BD9}] => (Allow) G:\Gry z Origina\Plants vs. Zombies\PlantsVsZombies.exe FirewallRules: [{FF9A4841-AE99-472B-B748-7B8B4FDDA481}] => (Allow) G:\Gry z Origina\Plants vs. Zombies\PlantsVsZombies.exe FirewallRules: [{A6B2F692-877A-4C65-AFD3-565E53BA4A99}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{E2633497-A3E4-4217-B9B9-84D17D7755AF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{03FECC8B-7D0E-4AB2-82DA-640BAC0F27B9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{5ED5E9A1-F574-4170-A9AF-7973DEE9294F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{99766139-5340-4BFC-A4E9-9E8510C99AA6}] => (Allow) G:\Gry z Origina\Battlefield 3\bf3.exe FirewallRules: [{C261B644-C735-4CA9-84ED-F65F8B024228}] => (Allow) G:\Gry z Origina\Battlefield 3\bf3.exe FirewallRules: [{7B499C1C-CD46-4276-8CA5-053543C293B5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{3EF72152-9CDD-443F-B8C1-BB7EF97228C1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{471346DD-B075-467C-A762-41128CFE2976}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{E803CBB4-2164-44E5-9737-406C615B2065}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{46361826-70B4-44EF-847B-2055BAA79FDB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{1F050B36-1DB0-4884-82F6-DAC1CEDEC9AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{54887A9E-C38E-4DF7-80B7-6B2869D17213}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA World\fifaworld.exe FirewallRules: [{81C2DEB5-438E-4AB9-B30F-1D2D0885DFEB}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA World\fifaworld.exe FirewallRules: [{10715DD0-5918-43FA-A600-36F82002EAB5}] => (Allow) C:\Windows\System32\hasplms.exe FirewallRules: [{8E088D5B-CD56-4C50-94E0-BFBF1CEC261B}] => (Allow) C:\Windows\System32\hasplms.exe FirewallRules: [TCP Query User{C1577D7B-8930-4E01-BE10-9D422E15A105}G:\cadprojekt\cad decor paradyż v. 2.0.0\renderpro\radiosityprocess.exe] => (Allow) G:\cadprojekt\cad decor paradyż v. 2.0.0\renderpro\radiosityprocess.exe FirewallRules: [UDP Query User{AE320BBC-9133-4ED6-904F-E4E1DCAE84DF}G:\cadprojekt\cad decor paradyż v. 2.0.0\renderpro\radiosityprocess.exe] => (Allow) G:\cadprojekt\cad decor paradyż v. 2.0.0\renderpro\radiosityprocess.exe FirewallRules: [TCP Query User{7CCA65AD-1FED-4C8D-A674-5C9D1FC5BC1C}G:\cadprojekt\cad decor paradyż v. 2.0.0\renderpro\x64\radiosityprocess.exe] => (Allow) G:\cadprojekt\cad decor paradyż v. 2.0.0\renderpro\x64\radiosityprocess.exe FirewallRules: [UDP Query User{6B25D411-332E-4A96-8A22-8FA9637C420E}G:\cadprojekt\cad decor paradyż v. 2.0.0\renderpro\x64\radiosityprocess.exe] => (Allow) G:\cadprojekt\cad decor paradyż v. 2.0.0\renderpro\x64\radiosityprocess.exe FirewallRules: [{7D804243-89E3-4F75-BF19-2EF153E8F045}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe FirewallRules: [{E29013DB-1A47-4733-8C77-A62C5E2B43BA}] => (Allow) C:\Program Files (x86)\Origin Games\Peggle Deluxe\Peggle.exe FirewallRules: [{C78C7961-C025-4A50-8744-4B32E9EB230C}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA World\fifaworld.exe FirewallRules: [{7A23D161-0E64-4EBB-9412-95F754BC8522}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA World\fifaworld.exe FirewallRules: [TCP Query User{379F392F-BB40-40C8-AC5F-77084CCEB33C}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe FirewallRules: [UDP Query User{892A1310-1DEB-4DBB-9086-39B047DE2FC8}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe FirewallRules: [{CC4FAB65-A4BF-4161-B4B8-D8354856332C}] => (Block) C:\program files (x86)\java\jre7\bin\java.exe FirewallRules: [{D38E08EC-7AEF-4E60-8B86-D6C292A0C705}] => (Block) C:\program files (x86)\java\jre7\bin\java.exe FirewallRules: [TCP Query User{8B0DE923-3174-4CF8-9C34-6365ABA300D7}C:\users\w7\appdata\roaming\.zyczujdk7\bin\javaw.exe] => (Block) C:\users\w7\appdata\roaming\.zyczujdk7\bin\javaw.exe FirewallRules: [UDP Query User{00DA26A3-3430-40D5-ACCA-43371AA92CE6}C:\users\w7\appdata\roaming\.zyczujdk7\bin\javaw.exe] => (Block) C:\users\w7\appdata\roaming\.zyczujdk7\bin\javaw.exe FirewallRules: [{FBC34FE4-14D4-41F8-96DD-5C3D9C23A1EE}] => (Allow) G:\Patryk\Steam\bin\steamwebhelper.exe FirewallRules: [{5449DB0C-E00C-4C44-B6E7-36F3DE8CFF2B}] => (Allow) G:\Patryk\Steam\bin\steamwebhelper.exe FirewallRules: [{B497D413-B8E1-4707-A29B-67A1D4AA794D}] => (Allow) G:\Patryk\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [{37D2188E-9288-4CC7-B6EA-68A7D38F5C0C}] => (Allow) G:\Patryk\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [TCP Query User{85164CA6-B321-4D56-AE9A-4CA9EE75F6BF}F:\program files\valve\hlds.exe] => (Block) F:\program files\valve\hlds.exe FirewallRules: [UDP Query User{20256255-D3D4-4275-8859-56E50EC79D1A}F:\program files\valve\hlds.exe] => (Block) F:\program files\valve\hlds.exe FirewallRules: [TCP Query User{825B3EE6-F9CE-4CB9-9338-208A677D903E}F:\program files\valve\hl.exe] => (Allow) F:\program files\valve\hl.exe FirewallRules: [UDP Query User{A1280802-F773-4349-BCBC-5A2B8C785719}F:\program files\valve\hl.exe] => (Allow) F:\program files\valve\hl.exe FirewallRules: [{9ABFAE01-EB98-4C0D-8ACF-500B487DFFA9}] => (Block) F:\program files\valve\hl.exe FirewallRules: [{10D95F16-FBF6-43A8-86D1-A817AB35E38F}] => (Block) F:\program files\valve\hl.exe FirewallRules: [TCP Query User{E812708F-D7AE-46A1-BAF4-4E002AEDB90C}G:\program files (x86)\valve\hl.exe] => (Block) G:\program files (x86)\valve\hl.exe FirewallRules: [UDP Query User{A8E6A397-01DE-4537-AF47-DDFA1D5074C6}G:\program files (x86)\valve\hl.exe] => (Block) G:\program files (x86)\valve\hl.exe FirewallRules: [TCP Query User{8055BE26-D777-495C-BE67-BA23FBFA65C0}F:\program files\diamondmt2\patcher\metin2.bin] => (Block) F:\program files\diamondmt2\patcher\metin2.bin FirewallRules: [UDP Query User{DB133994-807F-42D2-B5E4-03E7F0722532}F:\program files\diamondmt2\patcher\metin2.bin] => (Block) F:\program files\diamondmt2\patcher\metin2.bin FirewallRules: [{F9879716-F831-4FB7-9FE7-A21425C6F275}] => (Allow) G:\Patryk\Steam\SteamApps\common\Unturned\Unturned.exe FirewallRules: [{A189A2B0-69F5-47CB-BB58-EDEBCA543746}] => (Allow) G:\Patryk\Steam\SteamApps\common\Unturned\Unturned.exe FirewallRules: [TCP Query User{089906DC-ADBA-44A7-B3D5-F061FC00A894}C:\users\piorom22\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\piorom22\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{AA2F7C98-880C-4463-BBAC-0DED778B8D82}C:\users\piorom22\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\piorom22\appdata\local\akamai\netsession_win.exe FirewallRules: [{0E53EAF2-34B8-4B35-AFE7-C5D322C1C8FE}] => (Block) C:\users\piorom22\appdata\local\akamai\netsession_win.exe FirewallRules: [{EC79E015-00B4-4A99-BE3B-9C20931C065D}] => (Block) C:\users\piorom22\appdata\local\akamai\netsession_win.exe FirewallRules: [{6665C26A-28ED-40E4-85C2-00A9292BA2C6}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe FirewallRules: [{4B4FAF44-400E-44E0-90DA-5D498BFBB3BF}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe FirewallRules: [{7B11B2F3-6DB2-47D9-9A51-A64B63AF567C}] => (Allow) G:\Patryk\Nowy folder\Combat Arms EU\NMService.exe FirewallRules: [{373ABD18-D1CC-4F48-B2D7-9166A5FFC963}] => (Allow) G:\Patryk\Nowy folder\Combat Arms EU\NMService.exe FirewallRules: [TCP Query User{97C8BFC9-71D8-490B-B21B-238B1BBD0A3B}G:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Block) G:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe FirewallRules: [UDP Query User{473528D8-5B96-4397-9335-D279BBE9B211}G:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Block) G:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe FirewallRules: [TCP Query User{44EFFDB6-2426-45EE-81BD-85D26149C0A6}G:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) G:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe FirewallRules: [UDP Query User{233E6929-61C0-404C-9296-802F6E5E6645}G:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) G:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe FirewallRules: [{759B87A1-A76D-4330-8DD8-A23D78E922BC}] => (Block) G:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe FirewallRules: [{7A2A6624-F658-4E69-8C01-41D6D645919F}] => (Block) G:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe FirewallRules: [TCP Query User{0CB76F9C-4FEC-4E35-899C-943307E692A8}G:\pompamt2\pompamt2.exe] => (Block) G:\pompamt2\pompamt2.exe FirewallRules: [UDP Query User{F06CFB41-4C24-4749-BE53-FEC56283E0DD}G:\pompamt2\pompamt2.exe] => (Block) G:\pompamt2\pompamt2.exe FirewallRules: [TCP Query User{39FCE307-ECAC-4064-B821-FDBECE1B9BC2}G:\pompa2\pompamt2\pompamt2.exe] => (Block) G:\pompa2\pompamt2\pompamt2.exe FirewallRules: [UDP Query User{0A35DF4C-5DD3-4039-9BA5-DD8402465023}G:\pompa2\pompamt2\pompamt2.exe] => (Block) G:\pompa2\pompamt2\pompamt2.exe FirewallRules: [TCP Query User{823B4C32-5FC8-463F-8297-D63F9501CEFB}F:\program files\diamondmt2\patcher\diamondmt3.exe] => (Block) F:\program files\diamondmt2\patcher\diamondmt3.exe FirewallRules: [UDP Query User{E93AA3DA-E61D-457F-A589-0902C79D6CD2}F:\program files\diamondmt2\patcher\diamondmt3.exe] => (Block) F:\program files\diamondmt2\patcher\diamondmt3.exe FirewallRules: [TCP Query User{1E29CCF1-20E4-4B5E-9081-B55F45B526D8}G:\pompamt2\pompamt2\pompamt2.exe] => (Block) G:\pompamt2\pompamt2\pompamt2.exe FirewallRules: [UDP Query User{653D31F7-4AA4-4E38-AB4F-6520D2211FE7}G:\pompamt2\pompamt2\pompamt2.exe] => (Block) G:\pompamt2\pompamt2\pompamt2.exe FirewallRules: [TCP Query User{CDFE8E99-DBAC-4E43-A34E-06243985035C}G:\xenox\xenoxmt2client_11.02.2012r_by_pawemol\xenoxmt2 launcher.exe] => (Allow) G:\xenox\xenoxmt2client_11.02.2012r_by_pawemol\xenoxmt2 launcher.exe FirewallRules: [UDP Query User{1E8FF4D6-8BA9-468D-B0D9-78DD157659D4}G:\xenox\xenoxmt2client_11.02.2012r_by_pawemol\xenoxmt2 launcher.exe] => (Allow) G:\xenox\xenoxmt2client_11.02.2012r_by_pawemol\xenoxmt2 launcher.exe FirewallRules: [{C6D875A1-1E72-4046-84A9-77DAC458D06C}] => (Block) G:\xenox\xenoxmt2client_11.02.2012r_by_pawemol\xenoxmt2 launcher.exe FirewallRules: [{79E91BA6-BF04-457F-B20F-E660E815F24B}] => (Block) G:\xenox\xenoxmt2client_11.02.2012r_by_pawemol\xenoxmt2 launcher.exe FirewallRules: [TCP Query User{87CBB973-C306-4592-A0EB-CA7E816CC6F7}F:\team17\worms armageddon\wa.exe] => (Allow) F:\team17\worms armageddon\wa.exe FirewallRules: [UDP Query User{342CCBA5-CA64-461B-8308-DD48B57F84E6}F:\team17\worms armageddon\wa.exe] => (Allow) F:\team17\worms armageddon\wa.exe FirewallRules: [{668062A0-C644-4F40-9F27-5628F20C308C}] => (Block) F:\team17\worms armageddon\wa.exe FirewallRules: [{5C02C14A-710D-4489-824B-DFF07467F006}] => (Block) F:\team17\worms armageddon\wa.exe FirewallRules: [{7486B26C-5057-421C-9990-0EC0857B6AAB}] => (Allow) G:\Patryk\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{B5A8C503-7134-41C0-B97C-AD8E8F1035FB}] => (Allow) G:\Patryk\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [TCP Query User{29E3FAAC-A9C3-4E80-B530-B10726BFB2FE}C:\users\maciej\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\maciej\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{458FAB78-C503-4526-A5EE-1892CE443AA1}C:\users\maciej\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\maciej\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{DCECB30A-25D2-4F3A-A527-19410F57E8D6}] => (Allow) C:\ProgramData\JukdEsoia\osizavoo.exe FirewallRules: [{67A606D2-D31D-4A92-BE49-12FC88EF1D4B}] => (Allow) C:\ProgramData\JukdEsoia\osizavoo.exe FirewallRules: [{47A0577C-0665-42D4-86B3-BB901278C904}] => (Allow) C:\ProgramData\JukdEsoia\osizavoo.exe FirewallRules: [{515E12C1-B381-4198-ABED-FF9AA4A40500}] => (Allow) C:\ProgramData\JukdEsoia\osizavoo.exe FirewallRules: [TCP Query User{8D3AE41D-3545-4D99-86E5-94AD24E33250}G:\program files (x86)\overspeed\lasr.exe] => (Block) G:\program files (x86)\overspeed\lasr.exe FirewallRules: [UDP Query User{22F896BC-3D25-494B-93F5-AC73E30B916C}G:\program files (x86)\overspeed\lasr.exe] => (Block) G:\program files (x86)\overspeed\lasr.exe FirewallRules: [{1FA81E91-0FB3-4BA4-8959-A10BDFFD9F0A}] => (Allow) G:\Patryk\Steam\SteamApps\common\Emily is Away\emily is away.exe FirewallRules: [{E9DD641B-1CC4-4EB1-A9F0-24935B3A2B76}] => (Allow) G:\Patryk\Steam\SteamApps\common\Emily is Away\emily is away.exe FirewallRules: [TCP Query User{28ED7B1A-EC2F-4E92-9100-F67A01587ED5}G:\gmmt2\gmmt2\gmmt2.bin] => (Allow) G:\gmmt2\gmmt2\gmmt2.bin FirewallRules: [UDP Query User{238C28A1-9CB9-47F3-9708-A3615CA87CFC}G:\gmmt2\gmmt2\gmmt2.bin] => (Allow) G:\gmmt2\gmmt2\gmmt2.bin FirewallRules: [{E67A00C4-FE3C-4218-AC12-0C5B60E98E7C}] => (Block) G:\gmmt2\gmmt2\gmmt2.bin FirewallRules: [{84D1FD41-151A-4AA9-A72A-F9A54198EA4D}] => (Block) G:\gmmt2\gmmt2\gmmt2.bin FirewallRules: [TCP Query User{7C4BB16F-9CD8-4F21-8477-B17A6D16696C}G:\4death\4death.pl.exe] => (Allow) G:\4death\4death.pl.exe FirewallRules: [UDP Query User{06E9D3E1-E084-4B9F-9B36-064A264256B2}G:\4death\4death.pl.exe] => (Allow) G:\4death\4death.pl.exe FirewallRules: [{374CB06F-1B26-40A0-926A-05DBB36030DB}] => (Block) G:\4death\4death.pl.exe FirewallRules: [{42AC47DC-7F29-4893-B3C9-D4BFE9BC2893}] => (Block) G:\4death\4death.pl.exe FirewallRules: [{57BDBEBA-D06C-4141-9E1B-FC4212E00818}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{19CA5773-B3B8-4254-9286-FE2152CF94A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{D61C740B-6384-44EC-B7A2-3BFB37156751}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{4F686BCA-7CCC-4ABC-A07F-98534DB8BDA3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{C812C8AC-74F4-4537-A144-51E1CE9565E2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{0119C457-8D9B-4568-A642-D1AF79466383}] => (Allow) G:\Patryk\Steam\SteamApps\common\Scania Truck Driving Simulator\bin\win_x86\scania_truck_driving_simulator.exe FirewallRules: [{C9267C15-3C6B-4D81-8255-B4BA08B2F1A8}] => (Allow) G:\Patryk\Steam\SteamApps\common\Scania Truck Driving Simulator\bin\win_x86\scania_truck_driving_simulator.exe FirewallRules: [{7570A5CA-F53F-4DE4-AF0E-0A744A47F5C5}] => (Allow) G:\Patryk\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [{1122CA31-8E1E-427B-80A8-435F3132666F}] => (Allow) G:\Patryk\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [{D0C445F1-E583-4B7B-8091-A5BA6576F4B4}] => (Allow) G:\Patryk\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe FirewallRules: [{763710FF-CDD5-431C-8D8E-6F85CE04111F}] => (Allow) G:\Patryk\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe ==================== Punkty Przywracania systemu ========================= 28-11-2015 10:34:46 Installed Waves Central V1.0.2.2 28-11-2015 10:38:16 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 28-11-2015 10:38:29 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 28-11-2015 12:26:25 Zainstalowany program DirectX 25-12-2015 13:39:33 Zaplanowany punkt kontrolny 05-01-2016 20:12:26 SPTD setup V1.87 ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: Kontroler Ethernet Description: Kontroler Ethernet Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Xbox 360 Description: Xbox 360 Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (01/05/2016 08:51:40 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2016 08:39:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2016 08:30:49 PM) (Source: MsiInstaller) (EventID: 11714) (User: ZARZĄDZANIE NT) Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed. Contact your technical support group. System Error 1612. Error: (01/05/2016 08:30:49 PM) (Source: MsiInstaller) (EventID: 11714) (User: ZARZĄDZANIE NT) Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed. Contact your technical support group. System Error 1612. Error: (01/05/2016 08:30:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2016 08:25:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2016 08:12:26 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas badania interfejsu IVssWriterCallback. hr = 0x80070005, Odmowa dostępu. . To jest często spowodowane przez niepoprawne ustawienia zabezpieczeń w procesie zapisującym lub żądającym. Operacja: Zbieranie danych modułu zapisującego Kontekst: Identyfikator klasy modułu zapisującego: {e8132975-6f93-4464-a53e-1050253ae220} Nazwa modułu zapisującego: System Writer Identyfikator wystąpienia modułu zapisującego: {0b7fccd9-b519-4c8b-a139-2628dd3de1b6} Error: (01/05/2016 08:11:03 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1". Błąd w pliku manifestu lub w pliku zasad "WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" w wierszu WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3. Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego. Odwołanie to WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definicja to WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (01/05/2016 07:59:06 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1". Błąd w pliku manifestu lub w pliku zasad "WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" w wierszu WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3. Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego. Odwołanie to WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definicja to WavesQtLibs_5.1.1_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (01/05/2016 07:58:50 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Dziennik System: ============= Error: (01/05/2016 08:50:20 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: w7-Komputer) Description: Przetwarzanie zasad grupy nie powiodło się. System Windows nie może zastosować opartych na rejestrze ustawień zasad dla obiektu zasad grupy LocalGPO. Ustawienia zasad grupy nie będą rozpoznawane do czasu rozwiązania tego problemu. Wyświetl szczegóły zdarzenia, aby uzyskać więcej informacji o nazwie i ścieżce pliku, który spowodował błąd. Error: (01/05/2016 08:50:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Child Guardian Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (01/05/2016 08:50:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi PLAY ONLINE. OUC z powodu następującego błędu: %%1053 Error: (01/05/2016 08:50:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą PLAY ONLINE. OUC. Error: (01/05/2016 08:49:56 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 20:47:05 na ‎2016-‎01-‎05 było nieoczekiwane. Error: (01/05/2016 08:38:43 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: w7-Komputer) Description: Przetwarzanie zasad grupy nie powiodło się. System Windows nie może zastosować opartych na rejestrze ustawień zasad dla obiektu zasad grupy LocalGPO. Ustawienia zasad grupy nie będą rozpoznawane do czasu rozwiązania tego problemu. Wyświetl szczegóły zdarzenia, aby uzyskać więcej informacji o nazwie i ścieżce pliku, który spowodował błąd. Error: (01/05/2016 08:38:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Child Guardian Service z powodu następującego błędu: %%1053 Error: (01/05/2016 08:38:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Child Guardian Service. Error: (01/05/2016 08:38:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi PLAY ONLINE. OUC z powodu następującego błędu: %%1053 Error: (01/05/2016 08:38:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą PLAY ONLINE. OUC. CodeIntegrity: =================================== Date: 2014-06-19 15:57:34.961 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\XXLHASP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-06-19 15:57:34.921 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\XXLHASP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz Procent pamięci w użyciu: 38% Całkowita pamięć fizyczna: 4094.49 MB Dostępna pamięć fizyczna: 2532.07 MB Całkowita pamięć wirtualna: 8187.19 MB Dostępna pamięć wirtualna: 6568.02 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:341.7 GB) (Free:210.95 GB) NTFS Drive d: () (Fixed) (Total:15.93 GB) (Free:15.16 GB) NTFS Drive e: () (Fixed) (Total:19.53 GB) (Free:8.64 GB) NTFS Drive f: () (Fixed) (Total:39.06 GB) (Free:20.68 GB) NTFS Drive g: () (Fixed) (Total:589.71 GB) (Free:294.34 GB) NTFS Drive h: (Overspeed) (CDROM) (Total:0.27 GB) (Free:0 GB) CDFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A0D3A0D3) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=341.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=589.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 74.5 GB) (Disk ID: 105EEB70) Partition 1: (Active) - (Size=15.9 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=58.6 GB) - (Type=OF Extended) ==================== Koniec Addition.txt ============================

**Posty:** 4765 · przez **ordynat** 05 Sty 2016, 22:44

Otwórz Notatnik i wklej w nim:

C:\Users\w7\test.bat
C:\Users\w7\Włącz minecraft..bat
2015-09-02 16:47 - 2015-09-02 16:47 - 5224982 _____ (Bycatch) C:\Program Files\Common Files\0e2q5isl.exe
2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Users\w7\AppData\Roaming\5L0Rqcgw2sWwMdWCE2oap
2016-01-05 20:50 - 2015-11-29 12:04 - 00000000 ____D C:\Users\w7\AppData\Roaming\736F47384C_1002
2016-01-05 20:50 - 2015-11-29 12:05 - 00000000 ____D C:\Users\w7\AppData\Roaming\3435377667_1024
C:\Windows\Minidump\*.dmp
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
CHR HomePage: Default -> hxxp://public-box.ru/start
CHR StartupUrls: Default -> "hxxp://public-box.ru/start"
FF Extension: Brak nazwy - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha7460\ff [nie znaleziono]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Brak pliku]
HKU\S-1-5-21-553803878-4093496405-1208779523-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://public-box.ru/start
HKU\S-1-5-21-553803878-4093496405-1208779523-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://public-box.ru/start
HKU\S-1-5-21-553803878-4093496405-1208779523-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://public-box.ru/start
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
GroupPolicyUsers\S-1-5-21-553803878-4093496405-1208779523-1004\User: Ograniczenia <======= UWAGA
GroupPolicyUsers\S-1-5-21-553803878-4093496405-1208779523-1000\User: Ograniczenia <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
HKU\S-1-5-21-553803878-4093496405-1208779523-1000\...\Run: [SetMyHomePage] => C:\Users\w7\AppData\Roaming\SetMyHomePage\setmyhomepage.exe
Task: {5A19A759-0A56-45AE-A490-029C0AAE35CD} - System32\Tasks\{1FE01A0B-A365-461A-9921-B63CA33F5B9D} => pcalua.exe -a C:\Users\w7\Downloads\Minecraft-Setup.exe -d C:\Users\w7\Downloads
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall
HKU\S-1-5-21-553803878-4093496405-1208779523-1000\Software\Classes\.exe: => <===== UWAGA
Task: C:\Windows\Tasks\FM1B8LdT4Vf4Q.job => C:\Users\w7\AppData\Roaming\FM1B8LdT4Vf4Q.exe <==== UWAGA
Task: C:\Windows\Tasks\736F47384C_1002.job => C:\Users\w7\AppData\Roaming\736F47384C_1002\2DMniWU65L.exe
Task: C:\Windows\Tasks\5L0Rqcgw2sWwMdWCE2oap.job => C:\Users\w7\AppData\Roaming\5L0Rqcgw2sWwMdWCE2oap.exe <==== UWAGA
Task: C:\Windows\Tasks\3435377667_1024.job => C:\Users\w7\AppData\Roaming\3435377667_1024\tn8LCMpwSg.exe
Task: {FF92BD66-6FB0-4388-B48A-88BC317E1D42} - System32\Tasks\5L0Rqcgw2sWwMdWCE2oap => C:\Users\w7\AppData\Roaming\5L0Rqcgw2sWwMdWCE2oap.exe <==== UWAGA
Task: {EC91CA5C-CDB5-4062-8B29-1F81FE8212FE} - System32\Tasks\3435377667_1024 => C:\Users\w7\AppData\Roaming\3435377667_1024\tn8LCMpwSg.exe [2015-11-29] ()
Task: {868E94E2-F495-4858-96AF-6EF967A6596C} - \snp -> Brak pliku <==== UWAGA
Task: {8C67E04F-5674-4AC3-8404-E679BC546BA0} - System32\Tasks\{082D8846-EE5D-4B4B-94BC-3890A302D60C} => pcalua.exe -a G:\Skyrim\VCRedist\vcredist_x86.exe -d G:\Skyrim\VCRedist
Task: {963DA462-6F65-47BB-8D1C-6E088E147DE1} - System32\Tasks\736F47384C_1002 => C:\Users\w7\AppData\Roaming\736F47384C_1002\2DMniWU65L.exe [2015-11-29] ()
Task: {D6204B61-F63C-439F-9F2C-11143F59A034} - \snf -> Brak pliku <==== UWAGA
Task: {2E9280A1-E1B0-4AEB-827D-854A7B371FDB} - System32\Tasks\FM1B8LdT4Vf4Q => C:\Users\w7\AppData\Roaming\FM1B8LdT4Vf4Q.exe <==== UWAGA
Task: {38D68298-9E3E-45A3-82F6-06611486EB46} - System32\Tasks\{03CC764B-CC84-484D-A10D-E888ABC3A8C2} => pcalua.exe -a "C:\Program Files (x86)\YouTube Accelerator\YTAUninstall.exe"
Task: {193E5FCB-867E-495B-9447-507964CC37B4} - System32\Tasks\{CF246BF9-0919-4CA8-87FC-C0C7C89AFFD9} => pcalua.exe -a "G:\CadProjekt\CadDecorParadyz v. 2.0.0\uninstall.exe"
Task: {194482CC-5EA3-42D4-AA38-DAABDC567A89} - System32\Tasks\{24888258-C571-4381-B569-215B012283CF} => pcalua.exe -a C:\Users\w7\Desktop\MinecraftZyczu.exe -d C:\Users\w7\Desktop
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

Jeśli będzie OK, to będziemy kończyć:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW).
przez SHIFT+DEL usuń pozostały folder C:\FRST.

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

Jeśli natomiast problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie.
.

**Posty:** 5 · przez **ProGamerX333** 06 Sty 2016, 00:01

A więc tak:
- Komp włącza się nieco szybciej, tylko nadal mam zamiast ekranu logowania czarny ekran przez ok. 5 minut, dopiero wtedy można się zalogować.
- Po przeinstalowaniu Chrome nadal przenosi mnie na te rosyjskie go.mail.ru
- explorer.exe już się nie zawiesza przy zapisywaniu

I takie pytanie przy okazji - mam 57 procesów przy samym logowaniu (sprawdziłem przez sethc), z czego 13 to svchost.exe . Nie powinno być tych procesów mniej? Przynajmniej tak mi się wydaje.

**Posty:** 4765 · przez **ordynat** 06 Sty 2016, 01:17

"svchostów" może być jeszcze więcej, to zależy od ilości włączonych usług Systemowych.

Uruchom FRST.
W polu SEARCH (SZUKAJ) wklej:

*go.mail.ru*.*

kliknij na przycisk "Search Files (Szukaj Plików)".
Raport z tego będzie tam, gdzie jest FRST.

Uruchom FRST.
W polu SEARCH (SZUKAJ) wklej:

go.mail.ru

kliknij na przycisk "Search Registry" (Szukaj w Rejestrze).
Raport z tego będzie tam, gdzie jest FRST.
.

**Posty:** 5 · przez **ProGamerX333** 06 Sty 2016, 13:13

W rejestrach pusto, za to w wyszukiwaniu plików znalazł dwie linijki.
Dzisiaj znowu zawiesił się explorer.exe, podczas próby dodawania awatara do profilu.

Kod: Zaznacz wszystko: C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_go.mail.ru_0.localstorage [2016-01-05 22:45][2016-01-05 22:45] 0113664 ____A () 701334C04896782834579C330597F808 [Brak podpisu cyfrowego] C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_go.mail.ru_0.localstorage-journal [2016-01-05 22:45][2016-01-05 22:45] 0000000 ____A () [Brak podpisu cyfrowego]

Próbowałem nagrać rozruch do ntblog.txt, może by to jakoś pomogło, ale za Chiny nie mogę tego znaleźć. (zapisanego pliku)
Póki co wiem tyle, że w awaryjnym czasami zawiesza się na CLASSPNP.SYS.

**Posty:** 4765 · przez **ordynat** 06 Sty 2016, 13:31

Otwórz Notatnik i wklej w nim:

C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_go.mail.ru_0.localstorage
C:\Users\w7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_go.mail.ru_0.localstorage-journal
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).
.

**Posty:** 5 · przez **ProGamerX333** 06 Sty 2016, 14:54

Teraz nie wyświetlają mi się te rosyjskie strony. Problem tkwi teraz tylko w tym, że komputer nadal potrzebuje kilku minut na włączenie. ntbtlog nie wyświetla tragedii. W czym może być wina?

**Posty:** 4765 · przez **ordynat** 06 Sty 2016, 16:15

Problem tkwi teraz tylko w tym, że komputer nadal potrzebuje kilku minut na włączenie. ntbtlog nie wyświetla tragedii. W czym może być wina?

to już pytanie nie do tego działu forum.
.

Kto jest na forum